admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-02 15:27:40 +00:00
parent 70a0c5660f
commit e01648240f
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
28 changed files with 1069 additions and 1000 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
2024/25xxx/CVE-2024-25574.json
View File

@ -1,17 +1,108 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-25574", "ID": "CVE-2024-25574",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "\nSQL injection vulnerability exists in GetDIAE_usListParameters.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Delta Electronics",
"product": {
"product_data": [
{
"product_name": "DIAEnergie",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v1.10.00.005"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-074-12",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en/customerService\">Delta Electronics' regional sales or agents</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

12
2024/28xxx/CVE-2024-28734.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter." "value": "Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter."
} }
] ]
}, },
@ -52,16 +52,6 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"url": "http://financials.com",
"refsource": "MISC",
"name": "http://financials.com"
},
{
"url": "http://unit4.com",
"refsource": "MISC",
"name": "http://unit4.com"
},
{ {
"refsource": "MISC", "refsource": "MISC",
"name": "https://packetstormsecurity.com/files/177619/Financials-By-Coda-Cross-Site-Scripting.html", "name": "https://packetstormsecurity.com/files/177619/Financials-By-Coda-Cross-Site-Scripting.html",

2
2024/28xxx/CVE-2024-28735.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 allows a remote attacker to escalate privileges via a crafted script to the change password function." "value": "Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request."
} }
] ]
}, },

64
2024/28xxx/CVE-2024-28895.json
View File

@ -1,17 +1,73 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28895", "ID": "CVE-2024-28895",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "'Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of 'Yahoo! JAPAN' App via other app installed on the user's device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LY Corporation",
"product": {
"product_data": [
{
"product_name": "'Yahoo! JAPAN' App for Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v2.3.1 to v3.161.1"
}
]
}
},
{
"product_name": "'Yahoo! JAPAN' App for iOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v3.2.2 to v4.109.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jvn.jp/en/jp/JVN23528780/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN23528780/"
} }
] ]
} }

56
2024/29xxx/CVE-2024-29433.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-29433",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-29433",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/Raybye/496a871c66715a531750d58651d2b5c4",
"url": "https://gist.github.com/Raybye/496a871c66715a531750d58651d2b5c4"
} }
] ]
} }

56
2024/29xxx/CVE-2024-29435.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-29435",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-29435",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/Raybye/ea3a46adc5ea51e659c42218f05153fa",
"url": "https://gist.github.com/Raybye/ea3a46adc5ea51e659c42218f05153fa"
} }
] ]
} }

7
2024/29xxx/CVE-2024-29686.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components." "value": "** DISPUTED ** Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them."
} }
] ]
}, },
@ -61,6 +61,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779", "name": "https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779",
"url": "https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779" "url": "https://forum.ksec.co.uk/t/webapps-winter-cms-1-2-3-server-side-template-injection-ssti-authenticated/2779"
},
{
"refsource": "MISC",
"name": "https://wintercms.com/docs/v1.2/docs/cms/themes#template-structure",
"url": "https://wintercms.com/docs/v1.2/docs/cms/themes#template-structure"
} }
] ]
} }

56
2024/30xxx/CVE-2024-30858.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-30858",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-30858",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_fire_wall.md",
"refsource": "MISC",
"name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_fire_wall.md"
} }
] ]
} }

56
2024/30xxx/CVE-2024-30859.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-30859",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-30859",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-config_ISCGroupSSLCert.md",
"refsource": "MISC",
"name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-config_ISCGroupSSLCert.md"
} }
] ]
} }

56
2024/30xxx/CVE-2024-30860.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-30860",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-30860",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_excel_user.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-export_excel_user.md",
"refsource": "MISC",
"name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-export_excel_user.md"
} }
] ]
} }

56
2024/30xxx/CVE-2024-30861.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-30861",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-30861",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsec_guide_1.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-ipsec_guide_1.md",
"refsource": "MISC",
"name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-ipsec_guide_1.md"
} }
] ]
} }

56
2024/30xxx/CVE-2024-30862.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-30862",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-30862",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-index.md",
"refsource": "MISC",
"name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-index.md"
} }
] ]
} }

56
2024/30xxx/CVE-2024-30863.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-30863",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-30863",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/history.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-history.md",
"refsource": "MISC",
"name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-history.md"
} }
] ]
} }

56
2024/30xxx/CVE-2024-30867.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-30867",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-30867",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_virtual_site_info.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_virtual_site_info.md",
"refsource": "MISC",
"name": "https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_virtual_site_info.md"
} }
] ]
} }

66
2024/31xxx/CVE-2024-31033.json
View File

@ -1,17 +1,71 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-31033",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-31033",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/jwtk/jjwt",
"refsource": "MISC",
"name": "https://github.com/jwtk/jjwt"
},
{
"url": "https://www.viralpatel.net/java-create-validate-jwt-token/",
"refsource": "MISC",
"name": "https://www.viralpatel.net/java-create-validate-jwt-token/"
},
{
"refsource": "MISC",
"name": "https://github.com/2308652512/JJWT_BUG",
"url": "https://github.com/2308652512/JJWT_BUG"
} }
] ]
} }

95
2024/3xxx/CVE-2024-3094.json
View File

@ -255,6 +255,101 @@
"url": "https://gynvael.coldwind.pl/?lang=en&id=782", "url": "https://gynvael.coldwind.pl/?lang=en&id=782",
"refsource": "MISC", "refsource": "MISC",
"name": "https://gynvael.coldwind.pl/?lang=en&id=782" "name": "https://gynvael.coldwind.pl/?lang=en&id=782"
},
{
"url": "https://ubuntu.com/security/CVE-2024-3094",
"refsource": "MISC",
"name": "https://ubuntu.com/security/CVE-2024-3094"
},
{
"url": "https://github.com/advisories/GHSA-rxwq-x6h5-x525",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-rxwq-x6h5-x525"
},
{
"url": "https://bugs.gentoo.org/928134",
"refsource": "MISC",
"name": "https://bugs.gentoo.org/928134"
},
{
"url": "https://lists.debian.org/debian-security-announce/2024/msg00057.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-security-announce/2024/msg00057.html"
},
{
"url": "https://twitter.com/debian/status/1774219194638409898",
"refsource": "MISC",
"name": "https://twitter.com/debian/status/1774219194638409898"
},
{
"url": "https://twitter.com/infosecb/status/1774597228864139400",
"refsource": "MISC",
"name": "https://twitter.com/infosecb/status/1774597228864139400"
},
{
"url": "https://twitter.com/infosecb/status/1774595540233167206",
"refsource": "MISC",
"name": "https://twitter.com/infosecb/status/1774595540233167206"
},
{
"url": "https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27",
"refsource": "MISC",
"name": "https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27"
},
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024",
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024"
},
{
"url": "https://github.com/karcherm/xz-malware",
"refsource": "MISC",
"name": "https://github.com/karcherm/xz-malware"
},
{
"url": "https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405",
"refsource": "MISC",
"name": "https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405"
},
{
"url": "https://xeiaso.net/notes/2024/xz-vuln/",
"refsource": "MISC",
"name": "https://xeiaso.net/notes/2024/xz-vuln/"
},
{
"url": "https://lwn.net/Articles/967180/",
"refsource": "MISC",
"name": "https://lwn.net/Articles/967180/"
},
{
"url": "https://boehs.org/node/everything-i-know-about-the-xz-backdoor",
"refsource": "MISC",
"name": "https://boehs.org/node/everything-i-know-about-the-xz-backdoor"
},
{
"url": "https://tukaani.org/xz-backdoor/",
"refsource": "MISC",
"name": "https://tukaani.org/xz-backdoor/"
},
{
"url": "https://twitter.com/LetsDefendIO/status/1774804387417751958",
"refsource": "MISC",
"name": "https://twitter.com/LetsDefendIO/status/1774804387417751958"
},
{
"url": "https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094",
"refsource": "MISC",
"name": "https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094"
},
{
"url": "https://news.ycombinator.com/item?id=39895344",
"refsource": "MISC",
"name": "https://news.ycombinator.com/item?id=39895344"
},
{
"url": "https://github.com/amlweems/xzbot",
"refsource": "MISC",
"name": "https://github.com/amlweems/xzbot"
} }
] ]
}, },

100
2024/3xxx/CVE-2024-3129.json
View File

@ -1,17 +1,109 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-3129", "ID": "CVE-2024-3129",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. It has been classified as critical. This affects an unknown part of the file /endpoint/add-image.php. The manipulation of the argument image_name leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258873 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in SourceCodester Image Accordion Gallery App 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /endpoint/add-image.php. Durch Beeinflussen des Arguments image_name mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Image Accordion Gallery App",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.258873",
"refsource": "MISC",
"name": "https://vuldb.com/?id.258873"
},
{
"url": "https://vuldb.com/?ctiid.258873",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.258873"
},
{
"url": "https://vuldb.com/?submit.308188",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.308188"
},
{
"url": "https://github.com/Sospiro014/zday1/blob/main/Image_Accordion_Gallery.md",
"refsource": "MISC",
"name": "https://github.com/Sospiro014/zday1/blob/main/Image_Accordion_Gallery.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "SoSPiro (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
} }
] ]
} }

100
2024/3xxx/CVE-2024-3131.json
View File

@ -1,17 +1,109 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-3131", "ID": "CVE-2024-3131",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258874 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In SourceCodester Computer Laboratory Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /classes/Master.php?f=save_category. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Computer Laboratory Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.258874",
"refsource": "MISC",
"name": "https://vuldb.com/?id.258874"
},
{
"url": "https://vuldb.com/?ctiid.258874",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.258874"
},
{
"url": "https://vuldb.com/?submit.308184",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.308184"
},
{
"url": "https://github.com/ycxdzj/CVE_Hunter/blob/main/SQL-7.md",
"refsource": "MISC",
"name": "https://github.com/ycxdzj/CVE_Hunter/blob/main/SQL-7.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "hjhctzz (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
} }
] ]
} }

77
2024/3xxx/CVE-2024-3135.json
View File

@ -1,17 +1,86 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-3135", "ID": "CVE-2024-3135",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@huntr.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The web server lacked CSRF tokens allowing an attacker to host malicious JavaScript on a host that when visited by a LocalAI user, could allow the attacker to fill disk space to deny service or abuse credits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mudler",
"product": {
"product_data": [
{
"product_name": "mudler/localai",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "latest"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/7afdc4d3-4b68-45ea-96d0-cf9ed3712ae8",
"refsource": "MISC",
"name": "https://huntr.com/bounties/7afdc4d3-4b68-45ea-96d0-cf9ed3712ae8"
}
]
},
"source": {
"advisory": "7afdc4d3-4b68-45ea-96d0-cf9ed3712ae8",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
} }
] ]
} }

77
2024/3xxx/CVE-2024-3137.json
View File

@ -1,86 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-3137", "ID": "CVE-2024-3137",
"ASSIGNER": "security@huntr.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Privilege Management in uvdesk/community-skeleton" "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "uvdesk",
"product": {
"product_data": [
{
"product_name": "uvdesk/community-skeleton",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "latest"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/faf74783-644c-40cd-aa98-2239e5fafcd1",
"refsource": "MISC",
"name": "https://huntr.com/bounties/faf74783-644c-40cd-aa98-2239e5fafcd1"
}
]
},
"source": {
"advisory": "faf74783-644c-40cd-aa98-2239e5fafcd1",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"baseScore": 7.1,
"baseSeverity": "HIGH"
} }
] ]
} }

111
2024/3xxx/CVE-2024-3142.json
View File

@ -1,120 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-3142", "ID": "CVE-2024-3142",
"ASSIGNER": "cna@vuldb.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability was found in Clavister E10 and E80 up to 20240323 and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258917 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in Clavister E10 and E80 bis 20240323 gefunden. Dies betrifft einen unbekannten Teil der Komponente Setting Handler. Durch Beeinflussen mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Clavister",
"product": {
"product_data": [
{
"product_name": "E10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240323"
}
]
}
},
{
"product_name": "E80",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240323"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.258917",
"refsource": "MISC",
"name": "https://vuldb.com/?id.258917"
},
{
"url": "https://vuldb.com/?ctiid.258917",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.258917"
},
{
"url": "https://vuldb.com/?submit.303530",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.303530"
},
{
"url": "https://github.com/strik3r0x1/Vulns/blob/main/CSRF_Clavister-E80,E10.md",
"refsource": "MISC",
"name": "https://github.com/strik3r0x1/Vulns/blob/main/CSRF_Clavister-E80,E10.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "Strik3r (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
} }
] ]
} }

100
2024/3xxx/CVE-2024-3143.json
View File

@ -1,109 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-3143", "ID": "CVE-2024-3143",
"ASSIGNER": "cna@vuldb.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/member_rank.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258918 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in DedeCMS 5.7 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /src/dede/member_rank.php. Dank der Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "DedeCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.258918",
"refsource": "MISC",
"name": "https://vuldb.com/?id.258918"
},
{
"url": "https://vuldb.com/?ctiid.258918",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.258918"
},
{
"url": "https://vuldb.com/?submit.303432",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.303432"
},
{
"url": "https://github.com/E1CHO/demo/blob/main/39.pdf",
"refsource": "MISC",
"name": "https://github.com/E1CHO/demo/blob/main/39.pdf"
}
]
},
"credits": [
{
"lang": "en",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
} }
] ]
} }

100
2024/3xxx/CVE-2024-3144.json
View File

@ -1,109 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-3144", "ID": "CVE-2024-3144",
"ASSIGNER": "cna@vuldb.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/makehtml_spec.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
},
{
"lang": "deu",
"value": "In DedeCMS 5.7 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei /src/dede/makehtml_spec.php. Dank Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "DedeCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.258919",
"refsource": "MISC",
"name": "https://vuldb.com/?id.258919"
},
{
"url": "https://vuldb.com/?ctiid.258919",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.258919"
},
{
"url": "https://vuldb.com/?submit.303954",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.303954"
},
{
"url": "https://github.com/Hckwzh/cms/blob/main/12.md",
"refsource": "MISC",
"name": "https://github.com/Hckwzh/cms/blob/main/12.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "urkc (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
} }
] ]
} }

100
2024/3xxx/CVE-2024-3145.json
View File

@ -1,109 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-3145", "ID": "CVE-2024-3145",
"ASSIGNER": "cna@vuldb.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/makehtml_js_action.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in DedeCMS 5.7 ausgemacht. Davon betroffen ist unbekannter Code der Datei /src/dede/makehtml_js_action.php. Mit der Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "DedeCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.258920",
"refsource": "MISC",
"name": "https://vuldb.com/?id.258920"
},
{
"url": "https://vuldb.com/?ctiid.258920",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.258920"
},
{
"url": "https://vuldb.com/?submit.303955",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.303955"
},
{
"url": "https://github.com/Hckwzh/cms/blob/main/13.md",
"refsource": "MISC",
"name": "https://github.com/Hckwzh/cms/blob/main/13.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "urkc (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
} }
] ]
} }

100
2024/3xxx/CVE-2024-3146.json
View File

@ -1,109 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-3146", "ID": "CVE-2024-3146",
"ASSIGNER": "cna@vuldb.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/makehtml_rss_action.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in DedeCMS 5.7 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /src/dede/makehtml_rss_action.php. Durch die Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "DedeCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.258921",
"refsource": "MISC",
"name": "https://vuldb.com/?id.258921"
},
{
"url": "https://vuldb.com/?ctiid.258921",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.258921"
},
{
"url": "https://vuldb.com/?submit.303956",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.303956"
},
{
"url": "https://github.com/Hckwzh/cms/blob/main/14.md",
"refsource": "MISC",
"name": "https://github.com/Hckwzh/cms/blob/main/14.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "urkc (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
} }
] ]
} }

100
2024/3xxx/CVE-2024-3147.json
View File

@ -1,109 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-3147", "ID": "CVE-2024-3147",
"ASSIGNER": "cna@vuldb.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/makehtml_map.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
},
{
"lang": "deu",
"value": "In DedeCMS 5.7 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /src/dede/makehtml_map.php. Durch Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "DedeCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.258922",
"refsource": "MISC",
"name": "https://vuldb.com/?id.258922"
},
{
"url": "https://vuldb.com/?ctiid.258922",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.258922"
},
{
"url": "https://vuldb.com/?submit.303957",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.303957"
},
{
"url": "https://github.com/Hckwzh/cms/blob/main/15.md",
"refsource": "MISC",
"name": "https://github.com/Hckwzh/cms/blob/main/15.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "urkc (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
} }
] ]
} }

100
2024/3xxx/CVE-2024-3148.json
View File

@ -1,109 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-3148", "ID": "CVE-2024-3148",
"ASSIGNER": "cna@vuldb.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability, which was classified as critical, has been found in DedeCMS 5.7.112. This issue affects some unknown processing of the file dede/makehtml_archives_action.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258923. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in DedeCMS 5.7.112 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei dede/makehtml_archives_action.php. Mittels dem Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "DedeCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7.112"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.258923",
"refsource": "MISC",
"name": "https://vuldb.com/?id.258923"
},
{
"url": "https://vuldb.com/?ctiid.258923",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.258923"
},
{
"url": "https://vuldb.com/?submit.303889",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.303889"
},
{
"url": "https://github.com/gatsby2003/DedeCms/blob/main/DedeCms%20sql%20time-based%20blind%20injection.md",
"refsource": "MISC",
"name": "https://github.com/gatsby2003/DedeCms/blob/main/DedeCms%20sql%20time-based%20blind%20injection.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "gatsby (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
} }
] ]
} }

155
2024/3xxx/CVE-2024-3160.json
View File

@ -1,164 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-3160", "ID": "CVE-2024-3160",
"ASSIGNER": "cna@vuldb.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** DISPUTED ** ** DISPUTED ** A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-258933 was assigned to this vulnerability. NOTE: The vendor explains that they do not classify the information shown as sensitive and therefore there is no vulnerability which is about to harm the user." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
},
{
"lang": "deu",
"value": "** DISPUTED ** Es wurde eine problematische Schwachstelle in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 bis 20240401 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei /cap.js der Komponente HTTP GET Request Handler. Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Intelbras",
"product": {
"product_data": [
{
"product_name": "MHDX 1004",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240401"
}
]
}
},
{
"product_name": "MHDX 1008",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240401"
}
]
}
},
{
"product_name": "MHDX 1016",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240401"
}
]
}
},
{
"product_name": "MHDX 5016",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240401"
}
]
}
},
{
"product_name": "HDCVI 1008",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240401"
}
]
}
},
{
"product_name": "HDCVI 1016",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240401"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.258933",
"refsource": "MISC",
"name": "https://vuldb.com/?id.258933"
},
{
"url": "https://vuldb.com/?ctiid.258933",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.258933"
},
{
"url": "https://vuldb.com/?submit.305410",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.305410"
},
{
"url": "https://github.com/netsecfish/intelbras_cap_js",
"refsource": "MISC",
"name": "https://github.com/netsecfish/intelbras_cap_js"
}
]
},
"credits": [
{
"lang": "en",
"value": "netsecfish (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
} }
] ]
} }