diff --git a/2023/44xxx/CVE-2023-44211.json b/2023/44xxx/CVE-2023-44211.json index d25138c3fe4..3f2939e5a54 100644 --- a/2023/44xxx/CVE-2023-44211.json +++ b/2023/44xxx/CVE-2023-44211.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31637." + "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391." } ] }, @@ -36,7 +36,7 @@ "product": { "product_data": [ { - "product_name": "Acronis Agent", + "product_name": "Acronis Cyber Protect Cloud Agent", "version": { "version_data": [ { @@ -46,6 +46,18 @@ } ] } + }, + { + "product_name": "Acronis Cyber Protect 16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "37391" + } + ] + } } ] } diff --git a/2023/44xxx/CVE-2023-44213.json b/2023/44xxx/CVE-2023-44213.json index 7bb5d76ea79..1cecf7997c2 100644 --- a/2023/44xxx/CVE-2023-44213.json +++ b/2023/44xxx/CVE-2023-44213.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 35739." + "value": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber Protect 16 (Windows) before build 37391." } ] }, @@ -36,7 +36,7 @@ "product": { "product_data": [ { - "product_name": "Acronis Agent", + "product_name": "Acronis Cyber Protect Cloud Agent", "version": { "version_data": [ { @@ -46,6 +46,18 @@ } ] } + }, + { + "product_name": "Acronis Cyber Protect 16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "37391" + } + ] + } } ] } diff --git a/2023/45xxx/CVE-2023-45241.json b/2023/45xxx/CVE-2023-45241.json index 07640085038..667ea194461 100644 --- a/2023/45xxx/CVE-2023-45241.json +++ b/2023/45xxx/CVE-2023-45241.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739." + "value": "Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35739, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391." } ] }, @@ -36,7 +36,7 @@ "product": { "product_data": [ { - "product_name": "Acronis Agent", + "product_name": "Acronis Cyber Protect Cloud Agent", "version": { "version_data": [ { @@ -46,6 +46,18 @@ } ] } + }, + { + "product_name": "Acronis Cyber Protect 16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "37391" + } + ] + } } ] } diff --git a/2023/45xxx/CVE-2023-45244.json b/2023/45xxx/CVE-2023-45244.json index 8f09de5246f..c4a1d3b0421 100644 --- a/2023/45xxx/CVE-2023-45244.json +++ b/2023/45xxx/CVE-2023-45244.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35895." + "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391." } ] }, @@ -36,7 +36,7 @@ "product": { "product_data": [ { - "product_name": "Acronis Agent", + "product_name": "Acronis Cyber Protect Cloud Agent", "version": { "version_data": [ { @@ -46,6 +46,18 @@ } ] } + }, + { + "product_name": "Acronis Cyber Protect 16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "37391" + } + ] + } } ] } diff --git a/2023/45xxx/CVE-2023-45248.json b/2023/45xxx/CVE-2023-45248.json index 2467dab39eb..b42760d3046 100644 --- a/2023/45xxx/CVE-2023-45248.json +++ b/2023/45xxx/CVE-2023-45248.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Agent (Windows) before build 36497." + "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391." } ] }, @@ -36,7 +36,7 @@ "product": { "product_data": [ { - "product_name": "Acronis Agent", + "product_name": "Acronis Cyber Protect Cloud Agent", "version": { "version_data": [ { @@ -46,6 +46,18 @@ } ] } + }, + { + "product_name": "Acronis Cyber Protect 16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "37391" + } + ] + } } ] } diff --git a/2023/48xxx/CVE-2023-48678.json b/2023/48xxx/CVE-2023-48678.json index f2de67be5ac..e8d7ccacee8 100644 --- a/2023/48xxx/CVE-2023-48678.json +++ b/2023/48xxx/CVE-2023-48678.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48678", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@acronis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Acronis", + "product": { + "product_data": [ + { + "product_name": "Acronis Cyber Protect 16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "37391" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-2319", + "refsource": "MISC", + "name": "https://security-advisory.acronis.com/advisories/SEC-2319" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ] } diff --git a/2023/48xxx/CVE-2023-48679.json b/2023/48xxx/CVE-2023-48679.json index 8995a12c9c5..fc2a87e38fb 100644 --- a/2023/48xxx/CVE-2023-48679.json +++ b/2023/48xxx/CVE-2023-48679.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48679", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@acronis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Acronis", + "product": { + "product_data": [ + { + "product_name": "Acronis Cyber Protect 16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "37391" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-3469", + "refsource": "MISC", + "name": "https://security-advisory.acronis.com/advisories/SEC-3469" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseScore": 3.1, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ] } diff --git a/2023/48xxx/CVE-2023-48680.json b/2023/48xxx/CVE-2023-48680.json index fb778fa6820..0f82225cc44 100644 --- a/2023/48xxx/CVE-2023-48680.json +++ b/2023/48xxx/CVE-2023-48680.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48680", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@acronis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Acronis", + "product": { + "product_data": [ + { + "product_name": "Acronis Cyber Protect 16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "37391" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-5392", + "refsource": "MISC", + "name": "https://security-advisory.acronis.com/advisories/SEC-5392" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseScore": 3.3, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ] } diff --git a/2023/48xxx/CVE-2023-48681.json b/2023/48xxx/CVE-2023-48681.json index 97ec1da8fca..9fb0d4651d2 100644 --- a/2023/48xxx/CVE-2023-48681.json +++ b/2023/48xxx/CVE-2023-48681.json @@ -1,17 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48681", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@acronis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Acronis", + "product": { + "product_data": [ + { + "product_name": "Acronis Cyber Protect 16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "37391" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-5900", + "refsource": "MISC", + "name": "https://security-advisory.acronis.com/advisories/SEC-5900" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "@und3sc0n0c1d0 (https://hackerone.com/und3sc0n0c1d0)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.0", + "baseScore": 1.9, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" } ] } diff --git a/2023/48xxx/CVE-2023-48682.json b/2023/48xxx/CVE-2023-48682.json index c6d0b589aea..3bb609fff6d 100644 --- a/2023/48xxx/CVE-2023-48682.json +++ b/2023/48xxx/CVE-2023-48682.json @@ -1,17 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48682", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@acronis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Acronis", + "product": { + "product_data": [ + { + "product_name": "Acronis Cyber Protect 16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "37391" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-5901", + "refsource": "MISC", + "name": "https://security-advisory.acronis.com/advisories/SEC-5901" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "@und3sc0n0c1d0 (https://hackerone.com/und3sc0n0c1d0)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.0", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N" } ] } diff --git a/2023/50xxx/CVE-2023-50380.json b/2023/50xxx/CVE-2023-50380.json index 0489f9e45a9..5316c0f4b13 100644 --- a/2023/50xxx/CVE-2023-50380.json +++ b/2023/50xxx/CVE-2023-50380.json @@ -1,18 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50380", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML External Entity injection in apache ambari versions <= 2.7.7,\u00a0Users are recommended to upgrade to version 2.7.8, which fixes this issue.\n\nMore Details:\n\nOozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The vulnerability was caused through lack of proper user input validation.\n\nThis vulnerability is known as an XML External Entity (XXE) injection attack. Attackers can exploit XXE vulnerabilities to read arbitrary files on the server, including sensitive system files. In theory, it might be possible to use this to escalate privileges.\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 Improper Restriction of XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Ambari", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.7.0", + "version_value": "2.7.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/qrt7mq7v7zyrh1qsh1gkg1m7clysvy32", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/qrt7mq7v7zyrh1qsh1gkg1m7clysvy32" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52160.json b/2023/52xxx/CVE-2023-52160.json index 1d86ccf0b50..220b4d79c73 100644 --- a/2023/52xxx/CVE-2023-52160.json +++ b/2023/52xxx/CVE-2023-52160.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2024-a95bdde55b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20240227 [SECURITY] [DLA 3743-1] wpa security update", + "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html" } ] } diff --git a/2024/1xxx/CVE-2024-1924.json b/2024/1xxx/CVE-2024-1924.json index df65e078f6b..537faa383bf 100644 --- a/2024/1xxx/CVE-2024-1924.json +++ b/2024/1xxx/CVE-2024-1924.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1924", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /get_membership_amount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254859." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in CodeAstro Membership Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /get_membership_amount.php. Dank der Manipulation des Arguments membershipTypeId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CodeAstro", + "product": { + "product_data": [ + { + "product_name": "Membership Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.254859", + "refsource": "MISC", + "name": "https://vuldb.com/?id.254859" + }, + { + "url": "https://vuldb.com/?ctiid.254859", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.254859" + }, + { + "url": "https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md", + "refsource": "MISC", + "name": "https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "tekun (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/21xxx/CVE-2024-21742.json b/2024/21xxx/CVE-2024-21742.json index 6283c52adea..19a8aa71c0e 100644 --- a/2024/21xxx/CVE-2024-21742.json +++ b/2024/21xxx/CVE-2024-21742.json @@ -1,18 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21742", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.\nThis can be exploited by an attacker to add unintended headers to MIME messages.\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache James Mime4J", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "0.8.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Benoit TELLIER" + } + ] } \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24323.json b/2024/24xxx/CVE-2024-24323.json index 7b41b749918..ef50fa6cb44 100644 --- a/2024/24xxx/CVE-2024-24323.json +++ b/2024/24xxx/CVE-2024-24323.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24323", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24323", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md", + "url": "https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md" } ] } diff --git a/2024/25xxx/CVE-2024-25840.json b/2024/25xxx/CVE-2024-25840.json index 3ecb41d95b6..e0b11ad83f8 100644 --- a/2024/25xxx/CVE-2024-25840.json +++ b/2024/25xxx/CVE-2024-25840.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25840", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25840", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the module \"Account Manager | Sales Representative & Dealers | CRM\" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://addons.prestashop.com/en/third-party-data-integrations-crm-erp/90816-account-manager-sales-representative-dealers-crm.html", + "refsource": "MISC", + "name": "https://addons.prestashop.com/en/third-party-data-integrations-crm-erp/90816-account-manager-sales-representative-dealers-crm.html" + }, + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/02/27/prestasalesmanager.html", + "url": "https://security.friendsofpresta.org/modules/2024/02/27/prestasalesmanager.html" } ] } diff --git a/2024/25xxx/CVE-2024-25841.json b/2024/25xxx/CVE-2024-25841.json index 5971b1c794a..0772b772d6d 100644 --- a/2024/25xxx/CVE-2024-25841.json +++ b/2024/25xxx/CVE-2024-25841.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25841", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25841", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the module \"So Flexibilite\" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://addons.prestashop.com/fr/transporteurs/2704-colissimo-domicile-et-points-de-retrait.html", + "refsource": "MISC", + "name": "https://addons.prestashop.com/fr/transporteurs/2704-colissimo-domicile-et-points-de-retrait.html" + }, + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/02/27/soflexibilite.html", + "url": "https://security.friendsofpresta.org/modules/2024/02/27/soflexibilite.html" } ] } diff --git a/2024/25xxx/CVE-2024-25843.json b/2024/25xxx/CVE-2024-25843.json index d5869424891..6f0aa674da1 100644 --- a/2024/25xxx/CVE-2024-25843.json +++ b/2024/25xxx/CVE-2024-25843.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25843", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25843", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the module \"Import/Update Bulk Product from any Csv/Excel File Pro\" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://addons.prestashop.com/en/data-import-export/20579-import-update-bulk-product-from-any-csv-excel-file-pro.html", + "refsource": "MISC", + "name": "https://addons.prestashop.com/en/data-import-export/20579-import-update-bulk-product-from-any-csv-excel-file-pro.html" + }, + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/02/27/ba_importer.html", + "url": "https://security.friendsofpresta.org/modules/2024/02/27/ba_importer.html" } ] } diff --git a/2024/25xxx/CVE-2024-25846.json b/2024/25xxx/CVE-2024-25846.json index e1dbbaff8db..11e4a4eb25c 100644 --- a/2024/25xxx/CVE-2024-25846.json +++ b/2024/25xxx/CVE-2024-25846.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25846", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25846", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the module \"Product Catalog (CSV, Excel) Import\" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://addons.prestashop.com/fr/import-export-de-donnees/19091-catalogue-de-produits-csv-excel-dimportation.html", + "refsource": "MISC", + "name": "https://addons.prestashop.com/fr/import-export-de-donnees/19091-catalogue-de-produits-csv-excel-dimportation.html" + }, + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/02/27/simpleimportproduct.html", + "url": "https://security.friendsofpresta.org/modules/2024/02/27/simpleimportproduct.html" } ] } diff --git a/2024/27xxx/CVE-2024-27908.json b/2024/27xxx/CVE-2024-27908.json new file mode 100644 index 00000000000..8dcd81b98a1 --- /dev/null +++ b/2024/27xxx/CVE-2024-27908.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-27908", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/27xxx/CVE-2024-27909.json b/2024/27xxx/CVE-2024-27909.json new file mode 100644 index 00000000000..d56848eca1f --- /dev/null +++ b/2024/27xxx/CVE-2024-27909.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-27909", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/27xxx/CVE-2024-27910.json b/2024/27xxx/CVE-2024-27910.json new file mode 100644 index 00000000000..a936d19c230 --- /dev/null +++ b/2024/27xxx/CVE-2024-27910.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-27910", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/27xxx/CVE-2024-27911.json b/2024/27xxx/CVE-2024-27911.json new file mode 100644 index 00000000000..b8ab7ab80b8 --- /dev/null +++ b/2024/27xxx/CVE-2024-27911.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-27911", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/27xxx/CVE-2024-27912.json b/2024/27xxx/CVE-2024-27912.json new file mode 100644 index 00000000000..c15e48d02f4 --- /dev/null +++ b/2024/27xxx/CVE-2024-27912.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-27912", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file