admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-02-27 17:00:37 +00:00
parent c33fa43c9b
commit d6d5b7f54d
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
24 changed files with 964 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
2023/44xxx/CVE-2023-44211.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31637."
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391."
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Acronis Agent",
"product_name": "Acronis Cyber Protect Cloud Agent",
"version": {
"version_data": [
{
@ -46,6 +46,18 @@
}
]
}
},
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "37391"
}
]
}
}
]
}

16
2023/44xxx/CVE-2023-44213.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 35739."
"value": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391."
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Acronis Agent",
"product_name": "Acronis Cyber Protect Cloud Agent",
"version": {
"version_data": [
{
@ -46,6 +46,18 @@
}
]
}
},
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "37391"
}
]
}
}
]
}

16
2023/45xxx/CVE-2023-45241.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739."
"value": "Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391."
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Acronis Agent",
"product_name": "Acronis Cyber Protect Cloud Agent",
"version": {
"version_data": [
{
@ -46,6 +46,18 @@
}
]
}
},
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "37391"
}
]
}
}
]
}

16
2023/45xxx/CVE-2023-45244.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35895."
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391."
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Acronis Agent",
"product_name": "Acronis Cyber Protect Cloud Agent",
"version": {
"version_data": [
{
@ -46,6 +46,18 @@
}
]
}
},
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "37391"
}
]
}
}
]
}

16
2023/45xxx/CVE-2023-45248.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Agent (Windows) before build 36497."
"value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391."
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Acronis Agent",
"product_name": "Acronis Cyber Protect Cloud Agent",
"version": {
"version_data": [
{
@ -46,6 +46,18 @@
}
]
}
},
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "37391"
}
]
}
}
]
}

65
2023/48xxx/CVE-2023-48678.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-48678",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@acronis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Acronis",
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "37391"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-2319",
"refsource": "MISC",
"name": "https://security-advisory.acronis.com/advisories/SEC-2319"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
]
}

65
2023/48xxx/CVE-2023-48679.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-48679",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@acronis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Acronis",
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "37391"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-3469",
"refsource": "MISC",
"name": "https://security-advisory.acronis.com/advisories/SEC-3469"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
]
}

65
2023/48xxx/CVE-2023-48680.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-48680",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@acronis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Acronis",
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "37391"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5392",
"refsource": "MISC",
"name": "https://security-advisory.acronis.com/advisories/SEC-5392"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}

71
2023/48xxx/CVE-2023-48681.json
View File

@ -1,17 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-48681",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@acronis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Acronis",
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "37391"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5900",
"refsource": "MISC",
"name": "https://security-advisory.acronis.com/advisories/SEC-5900"
}
]
},
"credits": [
{
"lang": "en",
"value": "@und3sc0n0c1d0 (https://hackerone.com/und3sc0n0c1d0)"
}
],
"impact": {
"cvss": [
{
"version": "3.0",
"baseScore": 1.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"
}
]
}

71
2023/48xxx/CVE-2023-48682.json
View File

@ -1,17 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-48682",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@acronis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Acronis",
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "37391"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5901",
"refsource": "MISC",
"name": "https://security-advisory.acronis.com/advisories/SEC-5901"
}
]
},
"credits": [
{
"lang": "en",
"value": "@und3sc0n0c1d0 (https://hackerone.com/und3sc0n0c1d0)"
}
],
"impact": {
"cvss": [
{
"version": "3.0",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N"
}
]
}

61
2023/50xxx/CVE-2023-50380.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-50380",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XML External Entity injection in apache ambari versions <= 2.7.7,\u00a0Users are recommended to upgrade to version 2.7.8, which fixes this issue.\n\nMore Details:\n\nOozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The vulnerability was caused through lack of proper user input validation.\n\nThis vulnerability is known as an XML External Entity (XXE) injection attack. Attackers can exploit XXE vulnerabilities to read arbitrary files on the server, including sensitive system files. In theory, it might be possible to use this to escalate privileges.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Ambari",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.7.0",
"version_value": "2.7.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/qrt7mq7v7zyrh1qsh1gkg1m7clysvy32",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/qrt7mq7v7zyrh1qsh1gkg1m7clysvy32"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
}
}

5
2023/52xxx/CVE-2023-52160.json
View File

@ -66,6 +66,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2024-a95bdde55b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20240227 [SECURITY] [DLA 3743-1] wpa security update",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html"
}
]
}

95
2024/1xxx/CVE-2024-1924.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1924",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /get_membership_amount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254859."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in CodeAstro Membership Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /get_membership_amount.php. Dank der Manipulation des Arguments membershipTypeId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CodeAstro",
"product": {
"product_data": [
{
"product_name": "Membership Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.254859",
"refsource": "MISC",
"name": "https://vuldb.com/?id.254859"
},
{
"url": "https://vuldb.com/?ctiid.254859",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.254859"
},
{
"url": "https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md",
"refsource": "MISC",
"name": "https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "tekun (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

69
2024/21xxx/CVE-2024-21742.json
View File

@ -1,18 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21742",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.\nThis can be exploited by an attacker to add unintended headers to MIME messages.\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache James Mime4J",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "0.8.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Benoit TELLIER"
}
]
}

56
2024/24xxx/CVE-2024-24323.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24323",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-24323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md",
"url": "https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md"
}
]
}

61
2024/25xxx/CVE-2024-25840.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25840",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-25840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the module \"Account Manager | Sales Representative & Dealers | CRM\" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://addons.prestashop.com/en/third-party-data-integrations-crm-erp/90816-account-manager-sales-representative-dealers-crm.html",
"refsource": "MISC",
"name": "https://addons.prestashop.com/en/third-party-data-integrations-crm-erp/90816-account-manager-sales-representative-dealers-crm.html"
},
{
"refsource": "MISC",
"name": "https://security.friendsofpresta.org/modules/2024/02/27/prestasalesmanager.html",
"url": "https://security.friendsofpresta.org/modules/2024/02/27/prestasalesmanager.html"
}
]
}

61
2024/25xxx/CVE-2024-25841.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25841",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-25841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the module \"So Flexibilite\" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://addons.prestashop.com/fr/transporteurs/2704-colissimo-domicile-et-points-de-retrait.html",
"refsource": "MISC",
"name": "https://addons.prestashop.com/fr/transporteurs/2704-colissimo-domicile-et-points-de-retrait.html"
},
{
"refsource": "MISC",
"name": "https://security.friendsofpresta.org/modules/2024/02/27/soflexibilite.html",
"url": "https://security.friendsofpresta.org/modules/2024/02/27/soflexibilite.html"
}
]
}

61
2024/25xxx/CVE-2024-25843.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25843",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-25843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the module \"Import/Update Bulk Product from any Csv/Excel File Pro\" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://addons.prestashop.com/en/data-import-export/20579-import-update-bulk-product-from-any-csv-excel-file-pro.html",
"refsource": "MISC",
"name": "https://addons.prestashop.com/en/data-import-export/20579-import-update-bulk-product-from-any-csv-excel-file-pro.html"
},
{
"refsource": "MISC",
"name": "https://security.friendsofpresta.org/modules/2024/02/27/ba_importer.html",
"url": "https://security.friendsofpresta.org/modules/2024/02/27/ba_importer.html"
}
]
}

61
2024/25xxx/CVE-2024-25846.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25846",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-25846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the module \"Product Catalog (CSV, Excel) Import\" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://addons.prestashop.com/fr/import-export-de-donnees/19091-catalogue-de-produits-csv-excel-dimportation.html",
"refsource": "MISC",
"name": "https://addons.prestashop.com/fr/import-export-de-donnees/19091-catalogue-de-produits-csv-excel-dimportation.html"
},
{
"refsource": "MISC",
"name": "https://security.friendsofpresta.org/modules/2024/02/27/simpleimportproduct.html",
"url": "https://security.friendsofpresta.org/modules/2024/02/27/simpleimportproduct.html"
}
]
}

18
2024/27xxx/CVE-2024-27908.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27908",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/27xxx/CVE-2024-27909.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27909",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/27xxx/CVE-2024-27910.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27910",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/27xxx/CVE-2024-27911.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27911",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/27xxx/CVE-2024-27912.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27912",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}