admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-26 09:00:34 +00:00
parent d018ed1640
commit d643558850
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 488 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2024/31xxx/CVE-2024-31380.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.3."
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9."
}
]
},
@ -42,7 +42,7 @@
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "4.8.3"
"version_value": "4.9"
}
]
}

135
2024/43xxx/CVE-2024-43442.json
View File

@ -1,17 +1,144 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43442",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@otrs.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in\u00a0 OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins.\nThis issue affects:\u00a0\n\n * OTRS from 7.0.X through 7.0.50\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS from 2024.X through 2024.5.X\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-790 Improper Filtering of Special Elements",
"cweId": "CWE-790"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OTRS AG",
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.x",
"version_value": "7.0.50"
},
{
"version_affected": "=",
"version_value": "8.0.x"
},
{
"version_affected": "=",
"version_value": "2023.x"
},
{
"version_affected": "<=",
"version_name": "2024.x",
"version_value": "2024.5.x"
}
]
}
},
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "6.0.x"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-10/",
"refsource": "MISC",
"name": "https://otrs.com/release-notes/otrs-security-advisory-2024-10/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "OSA-2024-10",
"defect": [
"Ticket#2024061942000965",
"Issue#2592"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 2024.6.x or OTRS 7.0.51<br>"
}
],
"value": "Update to OTRS 2024.6.x or OTRS 7.0.51"
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Marek Holka for reporting these vulnerability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

135
2024/43xxx/CVE-2024-43443.json
View File

@ -1,17 +1,144 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43443",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@otrs.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins.\nThis issue affects: \n\n * OTRS from 7.0.X through 7.0.50\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS from 2024.X through 2024.5.X\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-790 Improper Filtering of Special Elements",
"cweId": "CWE-790"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OTRS AG",
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.x",
"version_value": "7.0.50"
},
{
"version_affected": "=",
"version_value": "8.0.x"
},
{
"version_affected": "=",
"version_value": "2023.x"
},
{
"version_affected": "<=",
"version_name": "2024.x",
"version_value": "2024.5.x"
}
]
}
},
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "6.0.x"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-11/",
"refsource": "MISC",
"name": "https://otrs.com/release-notes/otrs-security-advisory-2024-11/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "OSA-2024-11",
"defect": [
"Issue#2592",
"Ticket#2024061942000965"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 2024.6.x or OTRS 7.0.51<br>"
}
],
"value": "Update to OTRS 2024.6.x or OTRS 7.0.51"
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Marek Holka for reporting these vulnerability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

130
2024/43xxx/CVE-2024-43444.json
View File

@ -1,17 +1,139 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43444",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@otrs.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled.\n\nThis issue affects: \n\n * OTRS from 7.0.X through 7.0.50\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS from 2024.X through 2024.5.X\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OTRS AG",
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.x",
"version_value": "7.0.50"
},
{
"version_affected": "=",
"version_value": "8.0.x"
},
{
"version_affected": "=",
"version_value": "2023.x"
},
{
"version_affected": "<=",
"version_name": "2024.x",
"version_value": "2024.5.x"
}
]
}
},
{
"product_name": "((OTRS)) Community Edition",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "6.0.x"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-12/",
"refsource": "MISC",
"name": "https://otrs.com/release-notes/otrs-security-advisory-2024-12/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "OSA-2024-12",
"defect": [
"Issue#2725",
"Ticket#2024072442001041",
"Ticket#2024072442000677"
],
"discovery": "USER"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to OTRS 2024.6.x or OTRS 7.0.51<br>"
}
],
"value": "Update to OTRS 2024.6.x or OTRS 7.0.51"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
]
}

102
2024/8xxx/CVE-2024-8161.json
View File

@ -1,17 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8161",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability in ATISolutions CIGES affecting versions lower than 2.15.5. This vulnerability allows a remote attacker to send a specially crafted SQL query to the /modules/ajaxServiciosCentro.php point in the idCentro parameter and retrieve all the information stored in the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CIGES",
"product": {
"product_data": [
{
"product_name": "CIGESv2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.15.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-cigesv2-system",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-cigesv2-system"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been resolved by the ATISolutions team in version 2.15.5.<br>"
}
],
"value": "The vulnerability has been resolved by the ATISolutions team in version 2.15.5."
}
],
"credits": [
{
"lang": "en",
"value": "\u00c1ngel Heredia"
},
{
"lang": "en",
"value": "Asier Barranco"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}