diff --git a/2023/40xxx/CVE-2023-40547.json b/2023/40xxx/CVE-2023-40547.json
index afe18ab2f9b..5fd762bccdb 100644
--- a/2023/40xxx/CVE-2023-40547.json
+++ b/2023/40xxx/CVE-2023-40547.json
@@ -135,6 +135,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/26/1",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/26/1"
}
]
},
diff --git a/2024/0xxx/CVE-2024-0948.json b/2024/0xxx/CVE-2024-0948.json
index bfc95246c33..83b15e77f24 100644
--- a/2024/0xxx/CVE-2024-0948.json
+++ b/2024/0xxx/CVE-2024-0948.json
@@ -1,17 +1,136 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0948",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <>test
leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "deu",
+ "value": "Eine Schwachstelle wurde in NetBox bis 3.7.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /core/config-revisions der Komponente Home Page Configuration. Mittels dem Manipulieren mit der Eingabe <>test
mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross Site Scripting",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "NetBox",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.0"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "3.1"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "3.2"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "3.3"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "3.4"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "3.5"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "3.6"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "3.7"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.252191",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.252191"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.252191",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.252191"
+ },
+ {
+ "url": "https://drive.google.com/file/d/1tcgyzu9Fh3AMG0INR0EdOR7ZjWmBK0ZR/view?usp=sharing",
+ "refsource": "MISC",
+ "name": "https://drive.google.com/file/d/1tcgyzu9Fh3AMG0INR0EdOR7ZjWmBK0ZR/view?usp=sharing"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Reza Rashidi"
+ },
+ {
+ "lang": "en",
+ "value": "rezaduty (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 2.4,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 2.4,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 3.3,
+ "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}
diff --git a/2024/0xxx/CVE-2024-0975.json b/2024/0xxx/CVE-2024-0975.json
new file mode 100644
index 00000000000..34ddf7681c4
--- /dev/null
+++ b/2024/0xxx/CVE-2024-0975.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-0975",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/0xxx/CVE-2024-0976.json b/2024/0xxx/CVE-2024-0976.json
new file mode 100644
index 00000000000..331ce6fa954
--- /dev/null
+++ b/2024/0xxx/CVE-2024-0976.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-0976",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/0xxx/CVE-2024-0977.json b/2024/0xxx/CVE-2024-0977.json
new file mode 100644
index 00000000000..959d60df68f
--- /dev/null
+++ b/2024/0xxx/CVE-2024-0977.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-0977",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/0xxx/CVE-2024-0978.json b/2024/0xxx/CVE-2024-0978.json
new file mode 100644
index 00000000000..2a874abe795
--- /dev/null
+++ b/2024/0xxx/CVE-2024-0978.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-0978",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/20xxx/CVE-2024-20955.json b/2024/20xxx/CVE-2024-20955.json
index 83ecef0caa8..21e55501c6e 100644
--- a/2024/20xxx/CVE-2024-20955.json
+++ b/2024/20xxx/CVE-2024-20955.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
+ "value": "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
@@ -42,6 +42,14 @@
"version_affected": "=",
"version_value": "Oracle GraalVM for JDK:17.0.9"
},
+ {
+ "version_affected": "=",
+ "version_value": "Oracle GraalVM for JDK:21.0.1"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "Oracle GraalVM Enterprise Edition:20.3.12"
+ },
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:21.3.8"