admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-02 14:12:23 +00:00
parent 4c01b2171a
commit cc89027a8d
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
80 changed files with 5474 additions and 585 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
2022/4xxx/CVE-2022-4963.json
View File

@ -1,17 +1,134 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-4963", "ID": "CVE-2022-4963",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability was found in Folio Spring Module Core up to 1.1.5. It has been rated as critical. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is d374a5f77e6b58e36f0e0e4419be18b95edcd7ff. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257516."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in Folio Spring Module Core bis 1.1.5 ausgemacht. Es geht hierbei um die Funktion dropSchema der Datei tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java der Komponente Schema Name Handler. Mittels Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d374a5f77e6b58e36f0e0e4419be18b95edcd7ff bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Folio",
"product": {
"product_data": [
{
"product_name": "Spring Module Core",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.0"
},
{
"version_affected": "=",
"version_value": "1.1.1"
},
{
"version_affected": "=",
"version_value": "1.1.2"
},
{
"version_affected": "=",
"version_value": "1.1.3"
},
{
"version_affected": "=",
"version_value": "1.1.4"
},
{
"version_affected": "=",
"version_value": "1.1.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257516",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257516"
},
{
"url": "https://vuldb.com/?ctiid.257516",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257516"
},
{
"url": "https://github.com/folio-org/spring-module-core/pull/39",
"refsource": "MISC",
"name": "https://github.com/folio-org/spring-module-core/pull/39"
},
{
"url": "https://github.com/folio-org/spring-module-core/commit/d374a5f77e6b58e36f0e0e4419be18b95edcd7ff",
"refsource": "MISC",
"name": "https://github.com/folio-org/spring-module-core/commit/d374a5f77e6b58e36f0e0e4419be18b95edcd7ff"
},
{
"url": "https://github.com/folio-org/spring-module-core/releases/tag/v2.0.0",
"refsource": "MISC",
"name": "https://github.com/folio-org/spring-module-core/releases/tag/v2.0.0"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P"
} }
] ]
} }

18
2022/4xxx/CVE-2022-4965.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4965",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

83
2023/35xxx/CVE-2023-35888.json
View File

@ -1,17 +1,92 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-35888", "ID": "CVE-2023-35888",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data",
"cweId": "CWE-311"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Governance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7144228",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7144228"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/258375",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/258375"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
} }
] ]
} }

85
2023/41xxx/CVE-2023-41038.json
View File

@ -1,17 +1,94 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-41038", "ID": "CVE-2023-41038",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FirebirdSQL",
"product": {
"product_data": [
{
"product_name": "firebird",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 4.0.0, < 4.0.4.2981"
},
{
"version_affected": "=",
"version_value": ">= 5.0 beta1, < 5.0.0.1176"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692",
"refsource": "MISC",
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
},
{
"url": "https://firebirdsql.org/en/snapshot-builds",
"refsource": "MISC",
"name": "https://firebirdsql.org/en/snapshot-builds"
}
]
},
"source": {
"advisory": "GHSA-6fv8-8rwr-9692",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
} }
] ]
} }

81
2023/41xxx/CVE-2023-41877.json
View File

@ -1,17 +1,90 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-41877", "ID": "CVE-2023-41877",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "geoserver",
"product": {
"product_data": [
{
"product_name": "geoserver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 2.23.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-8g7v-vjrc-x4g5"
},
{
"url": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location",
"refsource": "MISC",
"name": "https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location"
}
]
},
"source": {
"advisory": "GHSA-8g7v-vjrc-x4g5",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

83
2023/45xxx/CVE-2023-45177.json
View File

@ -1,17 +1,92 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-45177", "ID": "CVE-2023-45177",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "MQ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7063661",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7063661"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268066",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268066"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
} }
] ]
} }

81
2023/47xxx/CVE-2023-47691.json
View File

@ -5,90 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-47691", "ID": "CVE-2023-47691",
"ASSIGNER": "audit@patchstack.com", "ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Missing Authorization vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3.\n\n" "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Podlove",
"product": {
"product_data": [
{
"product_name": "Podlove Web Player",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "5.7.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/podlove-web-player/wordpress-podlove-web-player-plugin-5-7-1-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/podlove-web-player/wordpress-podlove-web-player-plugin-5-7-1-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
} }
] ]
} }

61
2023/50xxx/CVE-2023-50967.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-50967",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2023-50967",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/latchset/jose",
"refsource": "MISC",
"name": "https://github.com/latchset/jose"
},
{
"refsource": "MISC",
"name": "https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md",
"url": "https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md"
} }
] ]
} }

109
2023/51xxx/CVE-2023-51444.json
View File

@ -1,17 +1,118 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-51444", "ID": "CVE-2023-51444",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Coverage stores that are configured using relative paths use a GeoServer Resource implementation that has validation to prevent path traversal but coverage stores that are configured using absolute paths use a different Resource implementation that does not prevent path traversal. This vulnerability can lead to executing arbitrary code. An administrator with limited privileges could also potentially exploit this to overwrite GeoServer security files and obtain full administrator privileges. Versions 2.23.4 and 2.24.1 contain a fix for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "geoserver",
"product": {
"product_data": [
{
"product_name": "geoserver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.23.4"
},
{
"version_affected": "=",
"version_value": "= 2.24.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9v5q-2gwq-q9hq"
},
{
"url": "https://github.com/geoserver/geoserver/pull/7222",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/pull/7222"
},
{
"url": "https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/commit/ca683170c669718cb6ad4c79e01b0451065e13b8"
},
{
"url": "https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/commit/fe235b3bb1d7f05751a4a2ef5390c36f5c9e78ae"
},
{
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11176",
"refsource": "MISC",
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11176"
}
]
},
"source": {
"advisory": "GHSA-9v5q-2gwq-q9hq",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

91
2023/51xxx/CVE-2023-51445.json
View File

@ -1,17 +1,100 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-51445", "ID": "CVE-2023-51445",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator's browser when viewed in the REST Resources API. Access to the REST Resources API is limited to full administrators by default and granting non-administrators access to this endpoint should be carefully considered as it may allow access to files containing sensitive information. Versions 2.23.3 and 2.24.0 contain a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "geoserver",
"product": {
"product_data": [
{
"product_name": "geoserver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.23.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fh7p-5f6g-vj2w"
},
{
"url": "https://github.com/geoserver/geoserver/pull/7161",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/pull/7161"
},
{
"url": "https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/commit/7db985738ff2422019ccac974cf547bae5770cad"
},
{
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11148",
"refsource": "MISC",
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11148"
}
]
},
"source": {
"advisory": "GHSA-fh7p-5f6g-vj2w",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
} }
] ]
} }

99
2024/1xxx/CVE-2024-1800.json
View File

@ -1,17 +1,108 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-1800", "ID": "CVE-2024-1800",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@progress.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "\nIn Progress\u00ae Telerik\u00ae Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Progress Software Corporation",
"product": {
"product_data": [
{
"product_name": "Telerik Report Server",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "2024 Q1 (10.0.24.130)",
"status": "affected",
"version": "1.00",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.telerik.com/report-server",
"refsource": "MISC",
"name": "https://www.telerik.com/report-server"
},
{
"url": "https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-1800",
"refsource": "MISC",
"name": "https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-1800"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "HackerOne: 07842c0e165d4d2d8733dd4eab48b3ed0f7afe38 working with Trend Micro Zero Day Initiative"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

99
2024/1xxx/CVE-2024-1801.json
View File

@ -1,17 +1,108 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-1801", "ID": "CVE-2024-1801",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@progress.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "\nIn Progress\u00ae Telerik\u00ae Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Progress Software Corporation",
"product": {
"product_data": [
{
"product_name": "Telerik Reporting",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "2024 Q1 (18.0.24.130)",
"status": "affected",
"version": "Q1 2007",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.telerik.com/products/reporting.aspx",
"refsource": "MISC",
"name": "https://www.telerik.com/products/reporting.aspx"
},
{
"url": "https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856",
"refsource": "MISC",
"name": "https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "HackerOne: 07842c0e165d4d2d8733dd4eab48b3ed0f7afe38 working with Trend Micro Zero Day Initiative"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
} }
] ]
} }

99
2024/1xxx/CVE-2024-1856.json
View File

@ -1,17 +1,108 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-1856", "ID": "CVE-2024-1856",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@progress.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "\nIn Progress\u00ae Telerik\u00ae Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Progress Software Corporation",
"product": {
"product_data": [
{
"product_name": "Telerik Reporting",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "2024 Q1 (18.0.24.130)",
"status": "affected",
"version": "Q1 2007",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.telerik.com/products/reporting.aspx",
"refsource": "MISC",
"name": "https://www.telerik.com/products/reporting.aspx"
},
{
"url": "https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856",
"refsource": "MISC",
"name": "https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "HackerOne: 07842c0e165d4d2d8733dd4eab48b3ed0f7afe38 working with Trend Micro Zero Day Initiative"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

8
2024/1xxx/CVE-2024-1992.json
View File

@ -1,17 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-1992", "ID": "CVE-2024-1992",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@wordfence.com",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** Rejected as duplicate of CVE-2024-2306"
} }
] ]
} }

109
2024/23xxx/CVE-2024-23634.json
View File

@ -1,17 +1,118 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-23634", "ID": "CVE-2024-23634",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn't already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-73: External Control of File Name or Path",
"cweId": "CWE-73"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "geoserver",
"product": {
"product_data": [
{
"product_name": "geoserver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.23.5"
},
{
"version_affected": "=",
"version_value": ">= 2.24.0, < 2.24.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx"
},
{
"url": "https://github.com/geoserver/geoserver/pull/7289",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/pull/7289"
},
{
"url": "https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772"
},
{
"url": "https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a"
},
{
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11213",
"refsource": "MISC",
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11213"
}
]
},
"source": {
"advisory": "GHSA-75m5-hh4r-q9gx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
} }
] ]
} }

96
2024/23xxx/CVE-2024-23640.json
View File

@ -1,17 +1,105 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-23640", "ID": "CVE-2024-23640",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.0 contain a fix for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "geoserver",
"product": {
"product_data": [
{
"product_name": "geoserver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.23.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf"
},
{
"url": "https://github.com/geoserver/geoserver/pull/7162",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/pull/7162"
},
{
"url": "https://github.com/geoserver/geoserver/pull/7181",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/pull/7181"
},
{
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11149",
"refsource": "MISC",
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11149"
},
{
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11155",
"refsource": "MISC",
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11155"
}
]
},
"source": {
"advisory": "GHSA-9rfr-pf2x-g4xf",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
} }
] ]
} }

100
2024/23xxx/CVE-2024-23642.json
View File

@ -1,17 +1,109 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-23642", "ID": "CVE-2024-23642",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "geoserver",
"product": {
"product_data": [
{
"product_name": "geoserver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.23.4"
},
{
"version_affected": "=",
"version_value": "= 2.24.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525"
},
{
"url": "https://github.com/geoserver/geoserver/pull/7173",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/pull/7173"
},
{
"url": "https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00"
},
{
"url": "https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe"
},
{
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11152",
"refsource": "MISC",
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11152"
}
]
},
"source": {
"advisory": "GHSA-fg9v-56hw-g525",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
} }
] ]
} }

95
2024/23xxx/CVE-2024-23643.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-23643", "ID": "CVE-2024-23643",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator\u2019s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended. Versions 2.23.2 and 2.24.1 contain a fix for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "geoserver",
"product": {
"product_data": [
{
"product_name": "geoserver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.23.2"
},
{
"version_affected": "=",
"version_value": "= 2.24.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7"
},
{
"url": "https://github.com/GeoWebCache/geowebcache/issues/1172",
"refsource": "MISC",
"name": "https://github.com/GeoWebCache/geowebcache/issues/1172"
},
{
"url": "https://github.com/GeoWebCache/geowebcache/pull/1174",
"refsource": "MISC",
"name": "https://github.com/GeoWebCache/geowebcache/pull/1174"
},
{
"url": "https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0",
"refsource": "MISC",
"name": "https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0"
}
]
},
"source": {
"advisory": "GHSA-56r3-f536-5gf7",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
} }
] ]
} }

61
2024/23xxx/CVE-2024-23721.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-23721",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-23721",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://draytek.com",
"refsource": "MISC",
"name": "https://draytek.com"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/rrrrrrri/8e9cac08eb4d9c01ab258bd5b0f8f7d8",
"url": "https://gist.github.com/rrrrrrri/8e9cac08eb4d9c01ab258bd5b0f8f7d8"
} }
] ]
} }

100
2024/23xxx/CVE-2024-23818.json
View File

@ -1,17 +1,109 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-23818", "ID": "CVE-2024-23818",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.1 contain a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "geoserver",
"product": {
"product_data": [
{
"product_name": "geoserver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.23.3"
},
{
"version_affected": "=",
"version_value": "= 2.24.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72"
},
{
"url": "https://github.com/geoserver/geoserver/pull/7174",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/pull/7174"
},
{
"url": "https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2"
},
{
"url": "https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f"
},
{
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11153",
"refsource": "MISC",
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11153"
}
]
},
"source": {
"advisory": "GHSA-fcpm-hchj-mh72",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
} }
] ]
} }

100
2024/23xxx/CVE-2024-23819.json
View File

@ -1,17 +1,109 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-23819", "ID": "CVE-2024-23819",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "geoserver",
"product": {
"product_data": [
{
"product_name": "geoserver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.23.4"
},
{
"version_affected": "=",
"version_value": "= 2.24.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5"
},
{
"url": "https://github.com/geoserver/geoserver/pull/7175",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/pull/7175"
},
{
"url": "https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef"
},
{
"url": "https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1"
},
{
"url": "https://osgeo-org.atlassian.net/browse/GEOS-11154",
"refsource": "MISC",
"name": "https://osgeo-org.atlassian.net/browse/GEOS-11154"
}
]
},
"source": {
"advisory": "GHSA-7x76-57fr-m5r5",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
} }
] ]
} }

90
2024/23xxx/CVE-2024-23821.json
View File

@ -1,17 +1,99 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-23821", "ID": "CVE-2024-23821",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "geoserver",
"product": {
"product_data": [
{
"product_name": "geoserver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.23.4"
},
{
"version_affected": "=",
"version_value": "= 2.24.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9"
},
{
"url": "https://github.com/GeoWebCache/geowebcache/issues/1171",
"refsource": "MISC",
"name": "https://github.com/GeoWebCache/geowebcache/issues/1171"
},
{
"url": "https://github.com/GeoWebCache/geowebcache/pull/1173",
"refsource": "MISC",
"name": "https://github.com/GeoWebCache/geowebcache/pull/1173"
}
]
},
"source": {
"advisory": "GHSA-88wc-fcj9-q3r9",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
} }
] ]
} }

76
2024/24xxx/CVE-2024-24813.json
View File

@ -1,17 +1,85 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-24813", "ID": "CVE-2024-24813",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "frappe",
"product": {
"product_data": [
{
"product_name": "frappe",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 14.64.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/frappe/frappe/security/advisories/GHSA-fxfv-7gwx-54jh",
"refsource": "MISC",
"name": "https://github.com/frappe/frappe/security/advisories/GHSA-fxfv-7gwx-54jh"
}
]
},
"source": {
"advisory": "GHSA-fxfv-7gwx-54jh",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
} }
] ]
} }

66
2024/25xxx/CVE-2024-25294.json
View File

@ -1,17 +1,71 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-25294",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-25294",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://rebuild.com",
"refsource": "MISC",
"name": "http://rebuild.com"
},
{
"url": "https://github.com/getrebuild/rebuild/",
"refsource": "MISC",
"name": "https://github.com/getrebuild/rebuild/"
},
{
"refsource": "MISC",
"name": "https://deeply-capri-1c8.notion.site/REBUILD-V3-5-2023-12-11-SSRF-30324be04e00477eae472bf75f4f5e0d",
"url": "https://deeply-capri-1c8.notion.site/REBUILD-V3-5-2023-12-11-SSRF-30324be04e00477eae472bf75f4f5e0d"
} }
] ]
} }

111
2024/26xxx/CVE-2024-26628.json
View File

@ -5,121 +5,14 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-26628", "ID": "CVE-2024-26628",
"ASSIGNER": "cve@kernel.org", "ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix lock dependency warning\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.5.0-kfd-fkuehlin #276 Not tainted\n------------------------------------------------------\nkworker/8:2/2676 is trying to acquire lock:\nffff9435aae95c88 ((work_completion)(&svm_bo->eviction_work)){+.+.}-{0:0}, at: __flush_work+0x52/0x550\n\nbut task is already holding lock:\nffff9435cd8e1720 (&svms->lock){+.+.}-{3:3}, at: svm_range_deferred_list_work+0xe8/0x340 [amdgpu]\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #2 (&svms->lock){+.+.}-{3:3}:\n __mutex_lock+0x97/0xd30\n kfd_ioctl_alloc_memory_of_gpu+0x6d/0x3c0 [amdgpu]\n kfd_ioctl+0x1b2/0x5d0 [amdgpu]\n __x64_sys_ioctl+0x86/0xc0\n do_syscall_64+0x39/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n-> #1 (&mm->mmap_lock){++++}-{3:3}:\n down_read+0x42/0x160\n svm_range_evict_svm_bo_worker+0x8b/0x340 [amdgpu]\n process_one_work+0x27a/0x540\n worker_thread+0x53/0x3e0\n kthread+0xeb/0x120\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x11/0x20\n\n-> #0 ((work_completion)(&svm_bo->eviction_work)){+.+.}-{0:0}:\n __lock_acquire+0x1426/0x2200\n lock_acquire+0xc1/0x2b0\n __flush_work+0x80/0x550\n __cancel_work_timer+0x109/0x190\n svm_range_bo_release+0xdc/0x1c0 [amdgpu]\n svm_range_free+0x175/0x180 [amdgpu]\n svm_range_deferred_list_work+0x15d/0x340 [amdgpu]\n process_one_work+0x27a/0x540\n worker_thread+0x53/0x3e0\n kthread+0xeb/0x120\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x11/0x20\n\nother info that might help us debug this:\n\nChain exists of:\n (work_completion)(&svm_bo->eviction_work) --> &mm->mmap_lock --> &svms->lock\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(&svms->lock);\n lock(&mm->mmap_lock);\n lock(&svms->lock);\n lock((work_completion)(&svm_bo->eviction_work));\n\nI believe this cannot really lead to a deadlock in practice, because\nsvm_range_evict_svm_bo_worker only takes the mmap_read_lock if the BO\nrefcount is non-0. That means it's impossible that svm_range_bo_release\nis running concurrently. However, there is no good way to annotate this.\n\nTo avoid the problem, take a BO reference in\nsvm_range_schedule_evict_svm_bo instead of in the worker. That way it's\nimpossible for a BO to get freed while eviction work is pending and the\ncancel_work_sync call in svm_range_bo_release can be eliminated.\n\nv2: Use svm_bo_ref_unless_zero and explained why that's safe. Also\nremoved redundant checks that are already done in\namdkfd_fence_enable_signaling." "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "7a70663ba02b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.15.149",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.77",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.16",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.4",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/7a70663ba02bd4e19aea8d70c979eb3bd03d839d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7a70663ba02bd4e19aea8d70c979eb3bd03d839d"
},
{
"url": "https://git.kernel.org/stable/c/8b25d397162b0316ceda40afaa63ee0c4a97d28b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8b25d397162b0316ceda40afaa63ee0c4a97d28b"
},
{
"url": "https://git.kernel.org/stable/c/28d2d623d2fbddcca5c24600474e92f16ebb3a05",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/28d2d623d2fbddcca5c24600474e92f16ebb3a05"
},
{
"url": "https://git.kernel.org/stable/c/cb96e492d72d143d57db2d2bc143a1cee8741807",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/cb96e492d72d143d57db2d2bc143a1cee8741807"
},
{
"url": "https://git.kernel.org/stable/c/47bf0f83fc86df1bf42b385a91aadb910137c5c9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/47bf0f83fc86df1bf42b385a91aadb910137c5c9"
}
]
},
"generator": {
"engine": "bippy-8df59b4913de"
} }
} }

80
2024/27xxx/CVE-2024-27105.json
View File

@ -1,17 +1,89 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-27105", "ID": "CVE-2024-27105",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "frappe",
"product": {
"product_data": [
{
"product_name": "frappe",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 14.66.3"
},
{
"version_affected": "=",
"version_value": ">= 15.0.0, < 15.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/frappe/frappe/security/advisories/GHSA-hq5v-q29v-7rcw",
"refsource": "MISC",
"name": "https://github.com/frappe/frappe/security/advisories/GHSA-hq5v-q29v-7rcw"
}
]
},
"source": {
"advisory": "GHSA-hq5v-q29v-7rcw",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
} }
] ]
} }

81
2024/27xxx/CVE-2024-27286.json
View File

@ -1,17 +1,90 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-27286", "ID": "CVE-2024-27286",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Zulip is an open-source team collaboration. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one message, and was moving it from a public stream to a private stream, Zulip would successfully move the message, -- but active users who did not have access to the private stream, but whose client had already received the message, would continue to see the message in the public stream until they reloaded their client. Additionally, Zulip did not remove view permissions on the message from recently-active users, allowing the message to show up in the \"All messages\" view or in search results, but not in \"Inbox\" or \"Recent conversations\" views. While the bug has been present since moving messages between streams was first introduced in version 3.0, this option became much more common starting in Zulip 8.0, when the default option in the picker for moving the very last message in a conversation was changed. This issue is fixed in Zulip Server 8.3. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zulip",
"product": {
"product_data": [
{
"product_name": "zulip",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.0, < 8.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/zulip/zulip/security/advisories/GHSA-478x-rfqr-w4jf",
"refsource": "MISC",
"name": "https://github.com/zulip/zulip/security/advisories/GHSA-478x-rfqr-w4jf"
},
{
"url": "https://github.com/zulip/zulip/commit/3db1733310ddd944c2e690ba673232345c928eec",
"refsource": "MISC",
"name": "https://github.com/zulip/zulip/commit/3db1733310ddd944c2e690ba673232345c928eec"
}
]
},
"source": {
"advisory": "GHSA-478x-rfqr-w4jf",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
} }
] ]
} }

95
2024/28xxx/CVE-2024-28179.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28179", "ID": "CVE-2024-28179",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing unauthenticated access to anyone who had network access to the Jupyter server endpoint. This vulnerability can allow unauthenticated remote access to any websocket endpoint set up to be accessible via Jupyter Server Proxy. In many cases, this leads to remote unauthenticated arbitrary code execution, due to how affected instances use websockets. The websocket endpoints exposed by `jupyter_server` itself is not affected. Projects that do not rely on websockets are also not affected. Versions 3.2.3 and 4.1.1 contain a fix for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jupyterhub",
"product": {
"product_data": [
{
"product_name": "jupyter-server-proxy",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 4.0.0, < 4.1.1"
},
{
"version_affected": "=",
"version_value": "< 3.2.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/jupyterhub/jupyter-server-proxy/security/advisories/GHSA-w3vc-fx9p-wp4v",
"refsource": "MISC",
"name": "https://github.com/jupyterhub/jupyter-server-proxy/security/advisories/GHSA-w3vc-fx9p-wp4v"
},
{
"url": "https://github.com/jupyterhub/jupyter-server-proxy/commit/764e499f61a87641916a7a427d4c4b1ac3f321a9",
"refsource": "MISC",
"name": "https://github.com/jupyterhub/jupyter-server-proxy/commit/764e499f61a87641916a7a427d4c4b1ac3f321a9"
},
{
"url": "https://github.com/jupyterhub/jupyter-server-proxy/commit/bead903b7c0354b6efd8b4cde94b89afab653e03",
"refsource": "MISC",
"name": "https://github.com/jupyterhub/jupyter-server-proxy/commit/bead903b7c0354b6efd8b4cde94b89afab653e03"
},
{
"url": "https://github.com/jupyterhub/jupyter-server-proxy/blob/9b624c4d9507176334b46a85d94a4aa3bcd29bed/jupyter_server_proxy/handlers.py#L433",
"refsource": "MISC",
"name": "https://github.com/jupyterhub/jupyter-server-proxy/blob/9b624c4d9507176334b46a85d94a4aa3bcd29bed/jupyter_server_proxy/handlers.py#L433"
}
]
},
"source": {
"advisory": "GHSA-w3vc-fx9p-wp4v",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

93
2024/28xxx/CVE-2024-28231.json
View File

@ -1,17 +1,102 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28231", "ID": "CVE-2024-28231",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "eProsima",
"product": {
"product_data": [
{
"product_name": "Fast-DDS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.6.8"
},
{
"version_affected": "=",
"version_value": ">= 2.7.0, < 2.10.4"
},
{
"version_affected": "=",
"version_value": ">= 2.11.0, < 2.12.2"
},
{
"version_affected": "=",
"version_value": ">= 2.13.0, < 2.13.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w",
"refsource": "MISC",
"name": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w"
},
{
"url": "https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b",
"refsource": "MISC",
"name": "https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b"
}
]
},
"source": {
"advisory": "GHSA-9m2j-qw67-ph4w",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

56
2024/28xxx/CVE-2024-28286.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28286",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-28286",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mz-automation/libiec61850/issues/496",
"refsource": "MISC",
"name": "https://github.com/mz-automation/libiec61850/issues/496"
} }
] ]
} }

61
2024/28xxx/CVE-2024-28392.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28392",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-28392",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://addons.prestashop.com/en/remarketing-shopping-cart-abandonment/16535-abandoned-cart-reminder-pro.html",
"refsource": "MISC",
"name": "https://addons.prestashop.com/en/remarketing-shopping-cart-abandonment/16535-abandoned-cart-reminder-pro.html"
},
{
"refsource": "MISC",
"name": "https://security.friendsofpresta.org/modules/2024/03/14/pscartabandonmentpro.html",
"url": "https://security.friendsofpresta.org/modules/2024/03/14/pscartabandonmentpro.html"
} }
] ]
} }

61
2024/28xxx/CVE-2024-28395.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28395",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-28395",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://addons.prestashop.com/en/pop-up/20208-pop-up-schedule-popup-splash-window.html",
"refsource": "MISC",
"name": "https://addons.prestashop.com/en/pop-up/20208-pop-up-schedule-popup-splash-window.html"
},
{
"refsource": "MISC",
"name": "https://security.friendsofpresta.org/modules/2024/03/14/bestkit_popup.html",
"url": "https://security.friendsofpresta.org/modules/2024/03/14/bestkit_popup.html"
} }
] ]
} }

61
2024/28xxx/CVE-2024-28396.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28396",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-28396",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://addons.prestashop.com/en/data-import-export/17596-orders-csv-excel-export-pro.html",
"refsource": "MISC",
"name": "https://addons.prestashop.com/en/data-import-export/17596-orders-csv-excel-export-pro.html"
},
{
"refsource": "MISC",
"name": "https://security.friendsofpresta.org/modules/2024/03/14/ordersexport.html",
"url": "https://security.friendsofpresta.org/modules/2024/03/14/ordersexport.html"
} }
] ]
} }

66
2024/28xxx/CVE-2024-28735.json
View File

@ -1,17 +1,71 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28735",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-28735",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 allows a remote attacker to escalate privileges via a crafted script to the change password function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://financials.com",
"refsource": "MISC",
"name": "http://financials.com"
},
{
"url": "http://unit4.com",
"refsource": "MISC",
"name": "http://unit4.com"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-Bypass.html",
"url": "https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-Bypass.html"
} }
] ]
} }

81
2024/28xxx/CVE-2024-28868.json
View File

@ -1,17 +1,90 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28868", "ID": "CVE-2024-28868",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-204: Observable Response Discrepancy",
"cweId": "CWE-204"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "umbraco",
"product": {
"product_data": [
{
"product_name": "Umbraco-CMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 10.0.0, < 10.8.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-552f-97wf-pmpq",
"refsource": "MISC",
"name": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-552f-97wf-pmpq"
},
{
"url": "https://github.com/umbraco/Umbraco-CMS/commit/7e1d1a1968000226cd882fff078b122b8d46c44d",
"refsource": "MISC",
"name": "https://github.com/umbraco/Umbraco-CMS/commit/7e1d1a1968000226cd882fff078b122b8d46c44d"
}
]
},
"source": {
"advisory": "GHSA-552f-97wf-pmpq",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
} }
] ]
} }

89
2024/29xxx/CVE-2024-29018.json
View File

@ -1,17 +1,98 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-29018", "ID": "CVE-2024-29018",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well.\n\nWhen containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs.\n\nContainers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly.\n\nIn addition to configuring the Linux kernel's various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver.\n\nWhen a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container's network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself.\n\nAs a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved.\n\nMany systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host's configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected.\n\nBecause `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers.\n\nDocker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address.\n\nMoby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container's network namespace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-669: Incorrect Resource Transfer Between Spheres",
"cweId": "CWE-669"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "moby",
"product": {
"product_data": [
{
"product_name": "moby",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 26.0.0-rc1, < 26.0.0-rc3"
},
{
"version_affected": "=",
"version_value": ">= 25.0.0, < 25.0.5"
},
{
"version_affected": "=",
"version_value": "< 23.0.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx",
"refsource": "MISC",
"name": "https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx"
},
{
"url": "https://github.com/moby/moby/pull/46609",
"refsource": "MISC",
"name": "https://github.com/moby/moby/pull/46609"
}
]
},
"source": {
"advisory": "GHSA-mq39-4gv4-mvpx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
} }
] ]
} }

86
2024/29xxx/CVE-2024-29032.json
View File

@ -1,17 +1,95 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-29032", "ID": "CVE-2024-29032",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Qiskit",
"product": {
"product_data": [
{
"product_name": "qiskit-ibm-runtime",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.1.0, < 0.21.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-x4x5-jv3x-9c7m",
"refsource": "MISC",
"name": "https://github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-x4x5-jv3x-9c7m"
},
{
"url": "https://github.com/Qiskit/qiskit-ibm-runtime/commit/b78fca114133051805d00043a404b25a33835f4d",
"refsource": "MISC",
"name": "https://github.com/Qiskit/qiskit-ibm-runtime/commit/b78fca114133051805d00043a404b25a33835f4d"
},
{
"url": "https://github.com/Qiskit/qiskit-ibm-runtime/blob/16e90f475e78a9d2ae77daa139ef750cfa84ca82/qiskit_ibm_runtime/utils/json.py#L156-L159",
"refsource": "MISC",
"name": "https://github.com/Qiskit/qiskit-ibm-runtime/blob/16e90f475e78a9d2ae77daa139ef750cfa84ca82/qiskit_ibm_runtime/utils/json.py#L156-L159"
}
]
},
"source": {
"advisory": "GHSA-x4x5-jv3x-9c7m",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
} }
] ]
} }

86
2024/29xxx/CVE-2024-29033.json
View File

@ -1,17 +1,95 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-29033", "ID": "CVE-2024-29033",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. `GoogleOAuthenticator.hosted_domain` is used to restrict what Google accounts can be authorized access to a JupyterHub. The restriction is intented to be to Google accounts part of one or more Google organization verified to control specified domain(s). Prior to version 16.3.0, the actual restriction has been to Google accounts with emails ending with the domain. Such accounts could have been created by anyone which at one time was able to read an email associated with the domain. This was described by Dylan Ayrey (@dxa4481) in this [blog post] from 15th December 2023). OAuthenticator 16.3.0 contains a patch for this issue. As a workaround, restrict who can login another way, such as `allowed_users` or `allowed_google_groups`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jupyterhub",
"product": {
"product_data": [
{
"product_name": "oauthenticator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 16.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/jupyterhub/oauthenticator/security/advisories/GHSA-55m3-44xf-hg4h",
"refsource": "MISC",
"name": "https://github.com/jupyterhub/oauthenticator/security/advisories/GHSA-55m3-44xf-hg4h"
},
{
"url": "https://github.com/jupyterhub/oauthenticator/commit/5246b09675501b09fb6ed64022099b7644812f60",
"refsource": "MISC",
"name": "https://github.com/jupyterhub/oauthenticator/commit/5246b09675501b09fb6ed64022099b7644812f60"
},
{
"url": "https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of",
"refsource": "MISC",
"name": "https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of"
}
]
},
"source": {
"advisory": "GHSA-55m3-44xf-hg4h",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
} }
] ]
} }

91
2024/29xxx/CVE-2024-29036.json
View File

@ -1,17 +1,100 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-29036", "ID": "CVE-2024-29036",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should upgrade to a version that incorporates commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 or later to receive a patch. A possible workaround is to temporarily disable authentication by changing the usage of `createSaleorAuthClient()`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "saleor",
"product": {
"product_data": [
{
"product_name": "storefront",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 579241e75a5eb332ccf26e0bcdd54befa33f4783"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4",
"refsource": "MISC",
"name": "https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4"
},
{
"url": "https://github.com/saleor/saleor-docs/pull/1120",
"refsource": "MISC",
"name": "https://github.com/saleor/saleor-docs/pull/1120"
},
{
"url": "https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da",
"refsource": "MISC",
"name": "https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da"
},
{
"url": "https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783",
"refsource": "MISC",
"name": "https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783"
}
]
},
"source": {
"advisory": "GHSA-52cq-c7x7-cqw4",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
} }
] ]
} }

81
2024/29xxx/CVE-2024-29037.json
View File

@ -1,17 +1,90 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-29037", "ID": "CVE-2024-29037",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful initial deployment during a limited window of time, personal access tokens were possibly created with a default secret key. Since the secret key is a static, publicly available value, someone could inspect the algorithm used to generate personal access tokens and generate their own for an instance. Deploying with Metadata Service Authentication enabled would have been difficult during window of releases. If someone circumvented the helm settings and manually set Metadata Service Authentication to be enabled using environment variables directly, this would skip over the autogeneration logic for the Kubernetes Secrets and DataHub GMS would default to the signing key specified statically in the application.yml. Most deployments probably did not attempt to circumvent the helm settings to enable Metadata Service Authentication during this time, so impact is most likely limited. Any deployments with Metadata Service Authentication enabled should ensure that their secret values are properly randomized. Version 0.2.182 contains a patch for this issue. As a workaround, one may reset the token signing key to be a random value, which will invalidate active personal access tokens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1394: Use of Default Cryptographic Key",
"cweId": "CWE-1394"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "acryldata",
"product": {
"product_data": [
{
"product_name": "datahub-helm",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.1.143, < 0.2.182"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/acryldata/datahub-helm/security/advisories/GHSA-82p6-9h7m-9h8j",
"refsource": "MISC",
"name": "https://github.com/acryldata/datahub-helm/security/advisories/GHSA-82p6-9h7m-9h8j"
},
{
"url": "https://github.com/acryldata/datahub-helm/commit/ea8a17860f053c63387b8309e1f77c0e1462a1b3",
"refsource": "MISC",
"name": "https://github.com/acryldata/datahub-helm/commit/ea8a17860f053c63387b8309e1f77c0e1462a1b3"
}
]
},
"source": {
"advisory": "GHSA-82p6-9h7m-9h8j",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
} }
] ]
} }

61
2024/29xxx/CVE-2024-29419.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-29419",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-29419",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.totolink.net/home/menu/detail/menu_listtpl/products/id/242/ids/33.html",
"refsource": "MISC",
"name": "https://www.totolink.net/home/menu/detail/menu_listtpl/products/id/242/ids/33.html"
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/X2000R/XSS_6_Wireless_settings/XSS.md",
"refsource": "MISC",
"name": "https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/X2000R/XSS_6_Wireless_settings/XSS.md"
} }
] ]
} }

56
2024/29xxx/CVE-2024-29469.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-29469",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-29469",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitee.com/yadong.zhang/DBlog/issues/I98O8V",
"refsource": "MISC",
"name": "https://gitee.com/yadong.zhang/DBlog/issues/I98O8V"
} }
] ]
} }

56
2024/29xxx/CVE-2024-29470.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-29470",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-29470",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitee.com/yadong.zhang/DBlog/issues/I98O8V",
"refsource": "MISC",
"name": "https://gitee.com/yadong.zhang/DBlog/issues/I98O8V"
} }
] ]
} }

56
2024/29xxx/CVE-2024-29471.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-29471",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-29471",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitee.com/yadong.zhang/DBlog/issues/I98O8V",
"refsource": "MISC",
"name": "https://gitee.com/yadong.zhang/DBlog/issues/I98O8V"
} }
] ]
} }

56
2024/29xxx/CVE-2024-29472.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-29472",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-29472",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitee.com/yadong.zhang/DBlog/issues/I98O8V",
"refsource": "MISC",
"name": "https://gitee.com/yadong.zhang/DBlog/issues/I98O8V"
} }
] ]
} }

56
2024/29xxx/CVE-2024-29473.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-29473",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-29473",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitee.com/yadong.zhang/DBlog/issues/I98O8V",
"refsource": "MISC",
"name": "https://gitee.com/yadong.zhang/DBlog/issues/I98O8V"
} }
] ]
} }

56
2024/29xxx/CVE-2024-29474.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-29474",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-29474",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitee.com/yadong.zhang/DBlog/issues/I98O8V",
"refsource": "MISC",
"name": "https://gitee.com/yadong.zhang/DBlog/issues/I98O8V"
} }
] ]
} }

18
2024/29xxx/CVE-2024-29834.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29834",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/29xxx/CVE-2024-29835.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29835",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

117
2024/2xxx/CVE-2024-2291.json
View File

@ -1,17 +1,126 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2291", "ID": "CVE-2024-2291",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@progress.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "\nIn Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.\u00a0 An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-778: Insufficient Logging",
"cweId": "CWE-778"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Progress Software",
"product": {
"product_data": [
{
"product_name": "MOVEit Transfer",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "2022.0.11 (14.0.11)",
"status": "affected",
"version": "2022.0.0 (14.0.0)",
"versionType": "semver"
},
{
"lessThan": "2022.1.12 (14.1.12)",
"status": "affected",
"version": "2022.1.0 (14.1.0)",
"versionType": "semver"
},
{
"lessThan": "2023.0.9 (15.0.9)",
"status": "affected",
"version": "2023.0.0 (15.0.0)",
"versionType": "semver"
},
{
"lessThan": "2023.1.4 (15.1.4)",
"status": "affected",
"version": "2023.1.0 (15.1.0)",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.progress.com/moveit",
"refsource": "MISC",
"name": "https://www.progress.com/moveit"
},
{
"url": "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-March-2024",
"refsource": "MISC",
"name": "https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-March-2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "HackerOne: interl0per"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
} }
] ]
} }

93
2024/2xxx/CVE-2024-2370.json
View File

@ -5,102 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2370", "ID": "CVE-2024-2370",
"ASSIGNER": "cve-coordination@incibe.es", "ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Unrestricted file upload vulnerability in ManageEngine Desktop Central affecting version 9, build 90055. This vulnerability could allow a remote attacker to upload a malicious file to the system without any credentials provided." "value": "** REJECT ** DO NOT USE THIS CVE ID NUMBER. Consult IDs: CVE-2018-5341. Reason: This CVE Record is a duplicate of CVE-2018-5341. Notes: All CVE users should reference CVE-2018-5341 instead of this record."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ManageEngine ",
"product": {
"product_data": [
{
"product_name": "ManageEngine Desktop Central",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "version 9, build 90055"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-file-upload-vulnerability-manageengine-desktop-central",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-file-upload-vulnerability-manageengine-desktop-central"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved in newer versions of the affected product. The affected version of ManageEngine Desktop Central is more than 5 years out of date. It is recommended to upgrade to the latest version of Endopint Central (formerly Desktop Central)."
}
],
"value": "The vulnerability has been resolved in newer versions of the affected product. The affected version of ManageEngine Desktop Central is more than 5 years out of date. It is recommended to upgrade to the latest version of Endopint Central (formerly Desktop Central)."
}
],
"credits": [
{
"lang": "en",
"value": "Rafael Pedrero"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

59
2024/2xxx/CVE-2024-2625.json
View File

@ -1,17 +1,68 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2625", "ID": "CVE-2024-2625",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Object lifecycle issue"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "123.0.6312.58",
"version_value": "123.0.6312.58"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html"
},
{
"url": "https://issues.chromium.org/issues/327740539",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/327740539"
} }
] ]
} }

59
2024/2xxx/CVE-2024-2626.json
View File

@ -1,17 +1,68 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2626", "ID": "CVE-2024-2626",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds read"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "123.0.6312.58",
"version_value": "123.0.6312.58"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html"
},
{
"url": "https://issues.chromium.org/issues/40945098",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/40945098"
} }
] ]
} }

59
2024/2xxx/CVE-2024-2627.json
View File

@ -1,17 +1,68 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2627", "ID": "CVE-2024-2627",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "123.0.6312.58",
"version_value": "123.0.6312.58"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html"
},
{
"url": "https://issues.chromium.org/issues/41493290",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/41493290"
} }
] ]
} }

59
2024/2xxx/CVE-2024-2628.json
View File

@ -1,17 +1,68 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2628", "ID": "CVE-2024-2628",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "123.0.6312.58",
"version_value": "123.0.6312.58"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html"
},
{
"url": "https://issues.chromium.org/issues/41487774",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/41487774"
} }
] ]
} }

59
2024/2xxx/CVE-2024-2629.json
View File

@ -1,17 +1,68 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2629", "ID": "CVE-2024-2629",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "123.0.6312.58",
"version_value": "123.0.6312.58"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html"
},
{
"url": "https://issues.chromium.org/issues/41487721",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/41487721"
} }
] ]
} }

59
2024/2xxx/CVE-2024-2630.json
View File

@ -1,17 +1,68 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2630", "ID": "CVE-2024-2630",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "123.0.6312.58",
"version_value": "123.0.6312.58"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html"
},
{
"url": "https://issues.chromium.org/issues/41481877",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/41481877"
} }
] ]
} }

59
2024/2xxx/CVE-2024-2631.json
View File

@ -1,17 +1,68 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2631", "ID": "CVE-2024-2631",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "123.0.6312.58",
"version_value": "123.0.6312.58"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html"
},
{
"url": "https://issues.chromium.org/issues/41495878",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/41495878"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2703.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2703", "ID": "CVE-2024-2703",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49. Affected is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257454 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in Tenda AC10U 15.03.06.49 entdeckt. Betroffen hiervon ist die Funktion formSetDeviceName der Datei /goform/SetOnlineDevName. Durch Beeinflussen des Arguments mac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC10U",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15.03.06.49"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257454",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257454"
},
{
"url": "https://vuldb.com/?ctiid.257454",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257454"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetDeviceName_mac.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetDeviceName_mac.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "yhryhryhr_mie (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2704.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2704", "ID": "CVE-2024-2704",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49. Affected by this vulnerability is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257455. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In Tenda AC10U 15.03.06.49 wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion formSetFirewallCfg der Datei /goform/SetFirewallCfg. Dank der Manipulation des Arguments firewallEn mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC10U",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15.03.06.49"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257455",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257455"
},
{
"url": "https://vuldb.com/?ctiid.257455",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257455"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetFirewallCfg.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetFirewallCfg.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "yhryhryhr_mie (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
} }
] ]
} }

99
2024/2xxx/CVE-2024-2705.json
View File

@ -1,17 +1,108 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2705", "ID": "CVE-2024-2705",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability, which was classified as critical, has been found in Tenda AC10U 1.0/15.03.06.49. Affected by this issue is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257456. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in Tenda AC10U 1.0/15.03.06.49 entdeckt. Es geht hierbei um die Funktion formSetQosBand der Datei /goform/SetNetControlList. Dank Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC10U",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "15.03.06.49"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257456",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257456"
},
{
"url": "https://vuldb.com/?ctiid.257456",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257456"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetQosBand.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetQosBand.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "yhryhryhr_mie (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2706.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2706", "ID": "CVE-2024-2706",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49. This affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257457 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in Tenda AC10U 15.03.06.49 gefunden. Es geht dabei um die Funktion formWifiWpsStart der Datei /goform/WifiWpsStart. Mit der Manipulation des Arguments index mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC10U",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15.03.06.49"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257457",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257457"
},
{
"url": "https://vuldb.com/?ctiid.257457",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257457"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWifiWpsStart.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWifiWpsStart.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "yhryhryhr_mie (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2707.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2707", "ID": "CVE-2024-2707",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257458 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In Tenda AC10U 15.03.06.49 wurde eine kritische Schwachstelle gefunden. Dabei geht es um die Funktion formWriteFacMac der Datei /goform/WriteFacMac. Durch die Manipulation des Arguments mac mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC10U",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15.03.06.49"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257458",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257458"
},
{
"url": "https://vuldb.com/?ctiid.257458",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257458"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWriteFacMac.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWriteFacMac.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "yhryhryhr_mie (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2708.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2708", "ID": "CVE-2024-2708",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257459. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in Tenda AC10U 15.03.06.49 gefunden. Hierbei geht es um die Funktion formexeCommand der Datei /goform/execCommand. Durch Manipulation des Arguments cmdinput mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC10U",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15.03.06.49"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257459",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257459"
},
{
"url": "https://vuldb.com/?ctiid.257459",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257459"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formexeCommand.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formexeCommand.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "yhryhryhr_mie (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2709.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2709", "ID": "CVE-2024-2709",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability was found in Tenda AC10U 15.03.06.49. It has been classified as critical. Affected is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257460. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in Tenda AC10U 15.03.06.49 ausgemacht. Es betrifft die Funktion fromSetRouteStatic der Datei /goform/SetStaticRouteCfg. Mittels dem Manipulieren des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC10U",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15.03.06.49"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257460",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257460"
},
{
"url": "https://vuldb.com/?ctiid.257460",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257460"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/fromSetRouteStatic.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/fromSetRouteStatic.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "yhryhryhr_mie (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2710.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2710", "ID": "CVE-2024-2710",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability was found in Tenda AC10U 15.03.06.49. It has been declared as critical. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257461 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In Tenda AC10U 15.03.06.49 wurde eine kritische Schwachstelle ausgemacht. Das betrifft die Funktion setSchedWifi der Datei /goform/openSchedWifi. Mittels Manipulieren des Arguments schedStartTime mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC10U",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15.03.06.49"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257461",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257461"
},
{
"url": "https://vuldb.com/?ctiid.257461",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257461"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/setSchedWifi_start.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/setSchedWifi_start.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "yhryhryhr_mie (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2711.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2711", "ID": "CVE-2024-2711",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rated as critical. Affected by this issue is the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceMac leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257462 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in Tenda AC10U 15.03.06.48 ausgemacht. Dies betrifft die Funktion addWifiMacFilter der Datei /goform/addWifiMacFilter. Durch das Manipulieren des Arguments deviceMac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC10U",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15.03.06.48"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257462",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257462"
},
{
"url": "https://vuldb.com/?ctiid.257462",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257462"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/addWifiMacFilter_deviceMac.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/addWifiMacFilter_deviceMac.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "yhryhryhr_mie (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2712.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2712", "ID": "CVE-2024-2712",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0. This issue affects some unknown processing of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257465 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Campcodes Complete Online DJ Booking System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /admin/user-search.php. Durch Beeinflussen des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Campcodes",
"product": {
"product_data": [
{
"product_name": "Complete Online DJ Booking System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257465",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257465"
},
{
"url": "https://vuldb.com/?ctiid.257465",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257465"
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%201.pdf",
"refsource": "MISC",
"name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%201.pdf"
}
]
},
"credits": [
{
"lang": "en",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2713.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2713", "ID": "CVE-2024-2713",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability, which was classified as critical, was found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257466 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Campcodes Complete Online DJ Booking System 1.0 gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin/booking-search.php. Dank der Manipulation des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Campcodes",
"product": {
"product_data": [
{
"product_name": "Complete Online DJ Booking System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257466",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257466"
},
{
"url": "https://vuldb.com/?ctiid.257466",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257466"
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%202.pdf",
"refsource": "MISC",
"name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%202.pdf"
}
]
},
"credits": [
{
"lang": "en",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2714.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2714", "ID": "CVE-2024-2714",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been found in Campcodes Complete Online DJ Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257467."
},
{
"lang": "deu",
"value": "In Campcodes Complete Online DJ Booking System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/booking-bwdates-reports-details.php. Dank Manipulation des Arguments fromdate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Campcodes",
"product": {
"product_data": [
{
"product_name": "Complete Online DJ Booking System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257467",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257467"
},
{
"url": "https://vuldb.com/?ctiid.257467",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257467"
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%203.pdf",
"refsource": "MISC",
"name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%203.pdf"
}
]
},
"credits": [
{
"lang": "en",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2715.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2715", "ID": "CVE-2024-2715",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/user-search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257468."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Campcodes Complete Online DJ Booking System 1.0 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /admin/user-search.php. Mit der Manipulation des Arguments searchdata mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Campcodes",
"product": {
"product_data": [
{
"product_name": "Complete Online DJ Booking System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257468",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257468"
},
{
"url": "https://vuldb.com/?ctiid.257468",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257468"
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%204.pdf",
"refsource": "MISC",
"name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%204.pdf"
}
]
},
"credits": [
{
"lang": "en",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2716.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2716", "ID": "CVE-2024-2716",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/contactus.php. The manipulation of the argument email leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257469 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Campcodes Complete Online DJ Booking System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/contactus.php. Durch die Manipulation des Arguments email mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Campcodes",
"product": {
"product_data": [
{
"product_name": "Complete Online DJ Booking System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257469",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257469"
},
{
"url": "https://vuldb.com/?ctiid.257469",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257469"
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%205.pdf",
"refsource": "MISC",
"name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%205.pdf"
}
]
},
"credits": [
{
"lang": "en",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2717.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2717", "ID": "CVE-2024-2717",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257470 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In Campcodes Complete Online DJ Booking System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /admin/booking-search.php. Durch Manipulation des Arguments searchdata mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Campcodes",
"product": {
"product_data": [
{
"product_name": "Complete Online DJ Booking System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257470",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257470"
},
{
"url": "https://vuldb.com/?ctiid.257470",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257470"
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%206.pdf",
"refsource": "MISC",
"name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%206.pdf"
}
]
},
"credits": [
{
"lang": "en",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2718.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2718", "ID": "CVE-2024-2718",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257471."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Campcodes Complete Online DJ Booking System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /admin/booking-bwdates-reports-details.php. Mittels dem Manipulieren des Arguments fromdate mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Campcodes",
"product": {
"product_data": [
{
"product_name": "Complete Online DJ Booking System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257471",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257471"
},
{
"url": "https://vuldb.com/?ctiid.257471",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257471"
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%207.pdf",
"refsource": "MISC",
"name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%207.pdf"
}
]
},
"credits": [
{
"lang": "en",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
} }
] ]
} }

95
2024/2xxx/CVE-2024-2719.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2719", "ID": "CVE-2024-2719",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability classified as problematic has been found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257472."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in Campcodes Complete Online DJ Booking System 1.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/admin-profile.php. Mittels Manipulieren des Arguments adminname mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Campcodes",
"product": {
"product_data": [
{
"product_name": "Complete Online DJ Booking System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257472",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257472"
},
{
"url": "https://vuldb.com/?ctiid.257472",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257472"
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%208.pdf",
"refsource": "MISC",
"name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%208.pdf"
}
]
},
"credits": [
{
"lang": "en",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
} }
] ]
} }

18
2024/2xxx/CVE-2024-2747.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2747",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/2xxx/CVE-2024-2748.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2748",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/2xxx/CVE-2024-2749.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2749",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/2xxx/CVE-2024-2750.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2750",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/2xxx/CVE-2024-2751.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2751",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}