From e01648240fa0c257ad22c5d4ad0cc6c0dde18a85 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 15:27:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/25xxx/CVE-2024-25574.json | 99 ++++++++++++++++++++- 2024/28xxx/CVE-2024-28734.json | 12 +-- 2024/28xxx/CVE-2024-28735.json | 2 +- 2024/28xxx/CVE-2024-28895.json | 64 +++++++++++++- 2024/29xxx/CVE-2024-29433.json | 56 ++++++++++-- 2024/29xxx/CVE-2024-29435.json | 56 ++++++++++-- 2024/29xxx/CVE-2024-29686.json | 7 +- 2024/30xxx/CVE-2024-30858.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30859.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30860.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30861.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30862.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30863.json | 56 ++++++++++-- 2024/30xxx/CVE-2024-30867.json | 56 ++++++++++-- 2024/31xxx/CVE-2024-31033.json | 66 ++++++++++++-- 2024/3xxx/CVE-2024-3094.json | 95 ++++++++++++++++++++ 2024/3xxx/CVE-2024-3129.json | 100 ++++++++++++++++++++- 2024/3xxx/CVE-2024-3131.json | 100 ++++++++++++++++++++- 2024/3xxx/CVE-2024-3135.json | 77 +++++++++++++++- 2024/3xxx/CVE-2024-3137.json | 77 +--------------- 2024/3xxx/CVE-2024-3142.json | 111 +---------------------- 2024/3xxx/CVE-2024-3143.json | 100 +-------------------- 2024/3xxx/CVE-2024-3144.json | 100 +-------------------- 2024/3xxx/CVE-2024-3145.json | 100 +-------------------- 2024/3xxx/CVE-2024-3146.json | 100 +-------------------- 2024/3xxx/CVE-2024-3147.json | 100 +-------------------- 2024/3xxx/CVE-2024-3148.json | 100 +-------------------- 2024/3xxx/CVE-2024-3160.json | 155 +-------------------------------- 28 files changed, 1069 insertions(+), 1000 deletions(-) diff --git a/2024/25xxx/CVE-2024-25574.json b/2024/25xxx/CVE-2024-25574.json index 0a28b358593..df376dc2a2b 100644 --- a/2024/25xxx/CVE-2024-25574.json +++ b/2024/25xxx/CVE-2024-25574.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nSQL injection vulnerability exists in GetDIAE_usListParameters.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Delta Electronics", + "product": { + "product_data": [ + { + "product_name": "DIAEnergie", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "v1.10.00.005" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "ICSA-24-074-12", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
" + } + ], + "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28734.json b/2024/28xxx/CVE-2024-28734.json index 94937f76bc4..de57a4ad738 100644 --- a/2024/28xxx/CVE-2024-28734.json +++ b/2024/28xxx/CVE-2024-28734.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter." + "value": "Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter." } ] }, @@ -52,16 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "http://financials.com", - "refsource": "MISC", - "name": "http://financials.com" - }, - { - "url": "http://unit4.com", - "refsource": "MISC", - "name": "http://unit4.com" - }, { "refsource": "MISC", "name": "https://packetstormsecurity.com/files/177619/Financials-By-Coda-Cross-Site-Scripting.html", diff --git a/2024/28xxx/CVE-2024-28735.json b/2024/28xxx/CVE-2024-28735.json index a1e308319e9..64214c84d87 100644 --- a/2024/28xxx/CVE-2024-28735.json +++ b/2024/28xxx/CVE-2024-28735.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 allows a remote attacker to escalate privileges via a crafted script to the change password function." + "value": "Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request." } ] }, diff --git a/2024/28xxx/CVE-2024-28895.json b/2024/28xxx/CVE-2024-28895.json index 9d89b79e0aa..21690df58fb 100644 --- a/2024/28xxx/CVE-2024-28895.json +++ b/2024/28xxx/CVE-2024-28895.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28895", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "'Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of 'Yahoo! JAPAN' App via other app installed on the user's device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LY Corporation", + "product": { + "product_data": [ + { + "product_name": "'Yahoo! JAPAN' App for Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v2.3.1 to v3.161.1" + } + ] + } + }, + { + "product_name": "'Yahoo! JAPAN' App for iOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v3.2.2 to v4.109.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://jvn.jp/en/jp/JVN23528780/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN23528780/" } ] } diff --git a/2024/29xxx/CVE-2024-29433.json b/2024/29xxx/CVE-2024-29433.json index 4588e0289c7..8c109a4838b 100644 --- a/2024/29xxx/CVE-2024-29433.json +++ b/2024/29xxx/CVE-2024-29433.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-29433", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-29433", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/Raybye/496a871c66715a531750d58651d2b5c4", + "url": "https://gist.github.com/Raybye/496a871c66715a531750d58651d2b5c4" } ] } diff --git a/2024/29xxx/CVE-2024-29435.json b/2024/29xxx/CVE-2024-29435.json index 3cabc017cec..a283d50bca8 100644 --- a/2024/29xxx/CVE-2024-29435.json +++ b/2024/29xxx/CVE-2024-29435.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-29435", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-29435", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/Raybye/ea3a46adc5ea51e659c42218f05153fa", + "url": "https://gist.github.com/Raybye/ea3a46adc5ea51e659c42218f05153fa" } ] } diff --git a/2024/29xxx/CVE-2024-29686.json b/2024/29xxx/CVE-2024-29686.json index a93917f6cf7..82f177c09f9 100644 --- a/2024/29xxx/CVE-2024-29686.json +++ b/2024/29xxx/CVE-2024-29686.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components." + "value": "** DISPUTED ** Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them." } ] }, @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779", "url": "https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779" + }, + { + "refsource": "MISC", + "name": "https://wintercms.com/docs/v1.2/docs/cms/themes#template-structure", + "url": "https://wintercms.com/docs/v1.2/docs/cms/themes#template-structure" } ] } diff --git a/2024/30xxx/CVE-2024-30858.json b/2024/30xxx/CVE-2024-30858.json index 8510d293fbf..ddce404b333 100644 --- a/2024/30xxx/CVE-2024-30858.json +++ b/2024/30xxx/CVE-2024-30858.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30858", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30858", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_fire_wall.md", + "refsource": "MISC", + "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_fire_wall.md" } ] } diff --git a/2024/30xxx/CVE-2024-30859.json b/2024/30xxx/CVE-2024-30859.json index 16409b021b6..7dd106cd5b6 100644 --- a/2024/30xxx/CVE-2024-30859.json +++ b/2024/30xxx/CVE-2024-30859.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30859", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30859", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-config_ISCGroupSSLCert.md", + "refsource": "MISC", + "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-config_ISCGroupSSLCert.md" } ] } diff --git a/2024/30xxx/CVE-2024-30860.json b/2024/30xxx/CVE-2024-30860.json index 085cae132d1..c42e5fc8eef 100644 --- a/2024/30xxx/CVE-2024-30860.json +++ b/2024/30xxx/CVE-2024-30860.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30860", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30860", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_excel_user.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-export_excel_user.md", + "refsource": "MISC", + "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-export_excel_user.md" } ] } diff --git a/2024/30xxx/CVE-2024-30861.json b/2024/30xxx/CVE-2024-30861.json index 7614fd7e741..d996822d8ed 100644 --- a/2024/30xxx/CVE-2024-30861.json +++ b/2024/30xxx/CVE-2024-30861.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30861", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30861", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsec_guide_1.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-ipsec_guide_1.md", + "refsource": "MISC", + "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-ipsec_guide_1.md" } ] } diff --git a/2024/30xxx/CVE-2024-30862.json b/2024/30xxx/CVE-2024-30862.json index d9930a11c75..e7988ce1186 100644 --- a/2024/30xxx/CVE-2024-30862.json +++ b/2024/30xxx/CVE-2024-30862.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30862", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30862", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-index.md", + "refsource": "MISC", + "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-index.md" } ] } diff --git a/2024/30xxx/CVE-2024-30863.json b/2024/30xxx/CVE-2024-30863.json index e6c13f103fc..28a6158de35 100644 --- a/2024/30xxx/CVE-2024-30863.json +++ b/2024/30xxx/CVE-2024-30863.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30863", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30863", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/history.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-history.md", + "refsource": "MISC", + "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-history.md" } ] } diff --git a/2024/30xxx/CVE-2024-30867.json b/2024/30xxx/CVE-2024-30867.json index 6cec6bb97d5..3060d73f924 100644 --- a/2024/30xxx/CVE-2024-30867.json +++ b/2024/30xxx/CVE-2024-30867.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30867", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30867", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_virtual_site_info.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_virtual_site_info.md", + "refsource": "MISC", + "name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_virtual_site_info.md" } ] } diff --git a/2024/31xxx/CVE-2024-31033.json b/2024/31xxx/CVE-2024-31033.json index 18d61a5af57..b754c1b915e 100644 --- a/2024/31xxx/CVE-2024-31033.json +++ b/2024/31xxx/CVE-2024-31033.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-31033", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-31033", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jwtk/jjwt", + "refsource": "MISC", + "name": "https://github.com/jwtk/jjwt" + }, + { + "url": "https://www.viralpatel.net/java-create-validate-jwt-token/", + "refsource": "MISC", + "name": "https://www.viralpatel.net/java-create-validate-jwt-token/" + }, + { + "refsource": "MISC", + "name": "https://github.com/2308652512/JJWT_BUG", + "url": "https://github.com/2308652512/JJWT_BUG" } ] } diff --git a/2024/3xxx/CVE-2024-3094.json b/2024/3xxx/CVE-2024-3094.json index 4f4e3d5fa36..8e6d5c5de77 100644 --- a/2024/3xxx/CVE-2024-3094.json +++ b/2024/3xxx/CVE-2024-3094.json @@ -255,6 +255,101 @@ "url": "https://gynvael.coldwind.pl/?lang=en&id=782", "refsource": "MISC", "name": "https://gynvael.coldwind.pl/?lang=en&id=782" + }, + { + "url": "https://ubuntu.com/security/CVE-2024-3094", + "refsource": "MISC", + "name": "https://ubuntu.com/security/CVE-2024-3094" + }, + { + "url": "https://github.com/advisories/GHSA-rxwq-x6h5-x525", + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-rxwq-x6h5-x525" + }, + { + "url": "https://bugs.gentoo.org/928134", + "refsource": "MISC", + "name": "https://bugs.gentoo.org/928134" + }, + { + "url": "https://lists.debian.org/debian-security-announce/2024/msg00057.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-security-announce/2024/msg00057.html" + }, + { + "url": "https://twitter.com/debian/status/1774219194638409898", + "refsource": "MISC", + "name": "https://twitter.com/debian/status/1774219194638409898" + }, + { + "url": "https://twitter.com/infosecb/status/1774597228864139400", + "refsource": "MISC", + "name": "https://twitter.com/infosecb/status/1774597228864139400" + }, + { + "url": "https://twitter.com/infosecb/status/1774595540233167206", + "refsource": "MISC", + "name": "https://twitter.com/infosecb/status/1774595540233167206" + }, + { + "url": "https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27", + "refsource": "MISC", + "name": "https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27" + }, + { + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024", + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024" + }, + { + "url": "https://github.com/karcherm/xz-malware", + "refsource": "MISC", + "name": "https://github.com/karcherm/xz-malware" + }, + { + "url": "https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405", + "refsource": "MISC", + "name": "https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405" + }, + { + "url": "https://xeiaso.net/notes/2024/xz-vuln/", + "refsource": "MISC", + "name": "https://xeiaso.net/notes/2024/xz-vuln/" + }, + { + "url": "https://lwn.net/Articles/967180/", + "refsource": "MISC", + "name": "https://lwn.net/Articles/967180/" + }, + { + "url": "https://boehs.org/node/everything-i-know-about-the-xz-backdoor", + "refsource": "MISC", + "name": "https://boehs.org/node/everything-i-know-about-the-xz-backdoor" + }, + { + "url": "https://tukaani.org/xz-backdoor/", + "refsource": "MISC", + "name": "https://tukaani.org/xz-backdoor/" + }, + { + "url": "https://twitter.com/LetsDefendIO/status/1774804387417751958", + "refsource": "MISC", + "name": "https://twitter.com/LetsDefendIO/status/1774804387417751958" + }, + { + "url": "https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094", + "refsource": "MISC", + "name": "https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094" + }, + { + "url": "https://news.ycombinator.com/item?id=39895344", + "refsource": "MISC", + "name": "https://news.ycombinator.com/item?id=39895344" + }, + { + "url": "https://github.com/amlweems/xzbot", + "refsource": "MISC", + "name": "https://github.com/amlweems/xzbot" } ] }, diff --git a/2024/3xxx/CVE-2024-3129.json b/2024/3xxx/CVE-2024-3129.json index ab75862a41c..e4c00dcb33b 100644 --- a/2024/3xxx/CVE-2024-3129.json +++ b/2024/3xxx/CVE-2024-3129.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. It has been classified as critical. This affects an unknown part of the file /endpoint/add-image.php. The manipulation of the argument image_name leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258873 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in SourceCodester Image Accordion Gallery App 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /endpoint/add-image.php. Durch Beeinflussen des Arguments image_name mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Image Accordion Gallery App", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258873", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258873" + }, + { + "url": "https://vuldb.com/?ctiid.258873", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258873" + }, + { + "url": "https://vuldb.com/?submit.308188", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.308188" + }, + { + "url": "https://github.com/Sospiro014/zday1/blob/main/Image_Accordion_Gallery.md", + "refsource": "MISC", + "name": "https://github.com/Sospiro014/zday1/blob/main/Image_Accordion_Gallery.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SoSPiro (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3131.json b/2024/3xxx/CVE-2024-3131.json index cc0f424f374..96657d41899 100644 --- a/2024/3xxx/CVE-2024-3131.json +++ b/2024/3xxx/CVE-2024-3131.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3131", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258874 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester Computer Laboratory Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /classes/Master.php?f=save_category. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Computer Laboratory Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.258874", + "refsource": "MISC", + "name": "https://vuldb.com/?id.258874" + }, + { + "url": "https://vuldb.com/?ctiid.258874", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.258874" + }, + { + "url": "https://vuldb.com/?submit.308184", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.308184" + }, + { + "url": "https://github.com/ycxdzj/CVE_Hunter/blob/main/SQL-7.md", + "refsource": "MISC", + "name": "https://github.com/ycxdzj/CVE_Hunter/blob/main/SQL-7.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "hjhctzz (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3135.json b/2024/3xxx/CVE-2024-3135.json index b20165789d0..a8d2c088ee8 100644 --- a/2024/3xxx/CVE-2024-3135.json +++ b/2024/3xxx/CVE-2024-3135.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3135", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@huntr.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The web server lacked CSRF tokens allowing an attacker to host malicious JavaScript on a host that when visited by a LocalAI user, could allow the attacker to fill disk space to deny service or abuse credits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mudler", + "product": { + "product_data": [ + { + "product_name": "mudler/localai", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "latest" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.com/bounties/7afdc4d3-4b68-45ea-96d0-cf9ed3712ae8", + "refsource": "MISC", + "name": "https://huntr.com/bounties/7afdc4d3-4b68-45ea-96d0-cf9ed3712ae8" + } + ] + }, + "source": { + "advisory": "7afdc4d3-4b68-45ea-96d0-cf9ed3712ae8", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/3xxx/CVE-2024-3137.json b/2024/3xxx/CVE-2024-3137.json index a536a566eaa..f5dcb82f4ff 100644 --- a/2024/3xxx/CVE-2024-3137.json +++ b/2024/3xxx/CVE-2024-3137.json @@ -1,86 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3137", - "ASSIGNER": "security@huntr.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper Privilege Management in uvdesk/community-skeleton" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-269 Improper Privilege Management", - "cweId": "CWE-269" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "uvdesk", - "product": { - "product_data": [ - { - "product_name": "uvdesk/community-skeleton", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "unspecified", - "version_value": "latest" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://huntr.com/bounties/faf74783-644c-40cd-aa98-2239e5fafcd1", - "refsource": "MISC", - "name": "https://huntr.com/bounties/faf74783-644c-40cd-aa98-2239e5fafcd1" - } - ] - }, - "source": { - "advisory": "faf74783-644c-40cd-aa98-2239e5fafcd1", - "discovery": "EXTERNAL" - }, - "impact": { - "cvss": [ - { - "version": "3.0", - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "confidentialityImpact": "LOW", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", - "baseScore": 7.1, - "baseSeverity": "HIGH" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3142.json b/2024/3xxx/CVE-2024-3142.json index 7ca35e43a0a..dd148349a0e 100644 --- a/2024/3xxx/CVE-2024-3142.json +++ b/2024/3xxx/CVE-2024-3142.json @@ -1,120 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3142", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Clavister E10 and E80 up to 20240323 and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258917 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine problematische Schwachstelle wurde in Clavister E10 and E80 bis 20240323 gefunden. Dies betrifft einen unbekannten Teil der Komponente Setting Handler. Durch Beeinflussen mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Clavister", - "product": { - "product_data": [ - { - "product_name": "E10", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "20240323" - } - ] - } - }, - { - "product_name": "E80", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "20240323" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258917", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258917" - }, - { - "url": "https://vuldb.com/?ctiid.258917", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258917" - }, - { - "url": "https://vuldb.com/?submit.303530", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.303530" - }, - { - "url": "https://github.com/strik3r0x1/Vulns/blob/main/CSRF_Clavister-E80,E10.md", - "refsource": "MISC", - "name": "https://github.com/strik3r0x1/Vulns/blob/main/CSRF_Clavister-E80,E10.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Strik3r (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 4.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 4.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 5, - "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3143.json b/2024/3xxx/CVE-2024-3143.json index df92568042a..8a400b3a1b7 100644 --- a/2024/3xxx/CVE-2024-3143.json +++ b/2024/3xxx/CVE-2024-3143.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3143", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/member_rank.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258918 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine problematische Schwachstelle in DedeCMS 5.7 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /src/dede/member_rank.php. Dank der Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "DedeCMS", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "5.7" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258918", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258918" - }, - { - "url": "https://vuldb.com/?ctiid.258918", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258918" - }, - { - "url": "https://vuldb.com/?submit.303432", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.303432" - }, - { - "url": "https://github.com/E1CHO/demo/blob/main/39.pdf", - "refsource": "MISC", - "name": "https://github.com/E1CHO/demo/blob/main/39.pdf" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 4.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 4.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 5, - "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3144.json b/2024/3xxx/CVE-2024-3144.json index 923382e7956..c52489894d7 100644 --- a/2024/3xxx/CVE-2024-3144.json +++ b/2024/3xxx/CVE-2024-3144.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3144", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/makehtml_spec.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In DedeCMS 5.7 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei /src/dede/makehtml_spec.php. Dank Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "DedeCMS", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "5.7" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258919", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258919" - }, - { - "url": "https://vuldb.com/?ctiid.258919", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258919" - }, - { - "url": "https://vuldb.com/?submit.303954", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.303954" - }, - { - "url": "https://github.com/Hckwzh/cms/blob/main/12.md", - "refsource": "MISC", - "name": "https://github.com/Hckwzh/cms/blob/main/12.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "urkc (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 4.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 4.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 5, - "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3145.json b/2024/3xxx/CVE-2024-3145.json index 05d9bc83e27..384c2d9b096 100644 --- a/2024/3xxx/CVE-2024-3145.json +++ b/2024/3xxx/CVE-2024-3145.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3145", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/makehtml_js_action.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine problematische Schwachstelle wurde in DedeCMS 5.7 ausgemacht. Davon betroffen ist unbekannter Code der Datei /src/dede/makehtml_js_action.php. Mit der Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "DedeCMS", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "5.7" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258920", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258920" - }, - { - "url": "https://vuldb.com/?ctiid.258920", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258920" - }, - { - "url": "https://vuldb.com/?submit.303955", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.303955" - }, - { - "url": "https://github.com/Hckwzh/cms/blob/main/13.md", - "refsource": "MISC", - "name": "https://github.com/Hckwzh/cms/blob/main/13.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "urkc (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 4.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 4.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 5, - "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3146.json b/2024/3xxx/CVE-2024-3146.json index 6356c9dc89d..817ee505977 100644 --- a/2024/3xxx/CVE-2024-3146.json +++ b/2024/3xxx/CVE-2024-3146.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3146", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/makehtml_rss_action.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine Schwachstelle in DedeCMS 5.7 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /src/dede/makehtml_rss_action.php. Durch die Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "DedeCMS", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "5.7" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258921", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258921" - }, - { - "url": "https://vuldb.com/?ctiid.258921", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258921" - }, - { - "url": "https://vuldb.com/?submit.303956", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.303956" - }, - { - "url": "https://github.com/Hckwzh/cms/blob/main/14.md", - "refsource": "MISC", - "name": "https://github.com/Hckwzh/cms/blob/main/14.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "urkc (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 4.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 4.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 5, - "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3147.json b/2024/3xxx/CVE-2024-3147.json index c8c69e8e08a..8adf28b115d 100644 --- a/2024/3xxx/CVE-2024-3147.json +++ b/2024/3xxx/CVE-2024-3147.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3147", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/makehtml_map.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In DedeCMS 5.7 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /src/dede/makehtml_map.php. Durch Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery", - "cweId": "CWE-352" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "DedeCMS", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "5.7" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258922", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258922" - }, - { - "url": "https://vuldb.com/?ctiid.258922", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258922" - }, - { - "url": "https://vuldb.com/?submit.303957", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.303957" - }, - { - "url": "https://github.com/Hckwzh/cms/blob/main/15.md", - "refsource": "MISC", - "name": "https://github.com/Hckwzh/cms/blob/main/15.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "urkc (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 4.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 4.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 5, - "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3148.json b/2024/3xxx/CVE-2024-3148.json index 8e11962eb5b..0c5f07d5491 100644 --- a/2024/3xxx/CVE-2024-3148.json +++ b/2024/3xxx/CVE-2024-3148.json @@ -1,109 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3148", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as critical, has been found in DedeCMS 5.7.112. This issue affects some unknown processing of the file dede/makehtml_archives_action.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258923. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine Schwachstelle wurde in DedeCMS 5.7.112 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei dede/makehtml_archives_action.php. Mittels dem Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "DedeCMS", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "5.7.112" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258923", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258923" - }, - { - "url": "https://vuldb.com/?ctiid.258923", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258923" - }, - { - "url": "https://vuldb.com/?submit.303889", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.303889" - }, - { - "url": "https://github.com/gatsby2003/DedeCms/blob/main/DedeCms%20sql%20time-based%20blind%20injection.md", - "refsource": "MISC", - "name": "https://github.com/gatsby2003/DedeCms/blob/main/DedeCms%20sql%20time-based%20blind%20injection.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "gatsby (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3160.json b/2024/3xxx/CVE-2024-3160.json index ad375444f2d..b8830f85e17 100644 --- a/2024/3xxx/CVE-2024-3160.json +++ b/2024/3xxx/CVE-2024-3160.json @@ -1,164 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3160", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** ** DISPUTED ** A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-258933 was assigned to this vulnerability. NOTE: The vendor explains that they do not classify the information shown as sensitive and therefore there is no vulnerability which is about to harm the user." - }, - { - "lang": "deu", - "value": "** DISPUTED ** Es wurde eine problematische Schwachstelle in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 bis 20240401 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei /cap.js der Komponente HTTP GET Request Handler. Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200 Information Disclosure", - "cweId": "CWE-200" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Intelbras", - "product": { - "product_data": [ - { - "product_name": "MHDX 1004", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "20240401" - } - ] - } - }, - { - "product_name": "MHDX 1008", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "20240401" - } - ] - } - }, - { - "product_name": "MHDX 1016", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "20240401" - } - ] - } - }, - { - "product_name": "MHDX 5016", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "20240401" - } - ] - } - }, - { - "product_name": "HDCVI 1008", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "20240401" - } - ] - } - }, - { - "product_name": "HDCVI 1016", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "20240401" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.258933", - "refsource": "MISC", - "name": "https://vuldb.com/?id.258933" - }, - { - "url": "https://vuldb.com/?ctiid.258933", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.258933" - }, - { - "url": "https://vuldb.com/?submit.305410", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.305410" - }, - { - "url": "https://github.com/netsecfish/intelbras_cap_js", - "refsource": "MISC", - "name": "https://github.com/netsecfish/intelbras_cap_js" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "netsecfish (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 5.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 5.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 5, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] }