From e61dcc1337cbccb8d36462df5b778cf7e63d5a71 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 23 Sep 2024 12:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/25xxx/CVE-2024-25102.json | 17 ++++---- 2024/25xxx/CVE-2024-25103.json | 9 ++-- 2024/36xxx/CVE-2024-36148.json | 4 +- 2024/7xxx/CVE-2024-7735.json | 77 +++++++++++++++++++++++++++++++--- 2024/7xxx/CVE-2024-7835.json | 77 +++++++++++++++++++++++++++++++--- 2024/9xxx/CVE-2024-9100.json | 18 ++++++++ 6 files changed, 180 insertions(+), 22 deletions(-) create mode 100644 2024/9xxx/CVE-2024-9100.json diff --git a/2024/25xxx/CVE-2024-25102.json b/2024/25xxx/CVE-2024-25102.json index 311bc468bc4..3433cf02de1 100644 --- a/2024/25xxx/CVE-2024-25102.json +++ b/2024/25xxx/CVE-2024-25102.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system.\n" + "value": "This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-326: Inadequate Encryption Strength ", + "value": "CWE-326: Inadequate Encryption Strength", "cweId": "CWE-326" } ] @@ -61,6 +61,9 @@ } ] }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, "source": { "discovery": "UNKNOWN" }, @@ -74,13 +77,13 @@ "value": "Upgrade to AppSamvid version 2.0.2 or later.

https://cdac.in/index.aspx?id=cs_eps_appsamvid
" } ], - "value": "Upgrade to AppSamvid version 2.0.2 or later.\n\n https://cdac.in/index.aspx?id=cs_eps_appsamvid https://cdac.in/index.aspx \n" + "value": "Upgrade to AppSamvid version 2.0.2 or later.\n\n https://cdac.in/index.aspx?id=cs_eps_appsamvid" } ], "credits": [ { "lang": "en", - "value": "This vulnerability is reported by Mukund Kedia." + "value": "This vulnerability is reported by Mukund Kedia and Avinash Kumar" } ], "impact": { @@ -89,14 +92,14 @@ "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", - "baseScore": 7.1, + "baseScore": 7.8, "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", + "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ] diff --git a/2024/25xxx/CVE-2024-25103.json b/2024/25xxx/CVE-2024-25103.json index 2bf5eb0bc32..69cd5e0a751 100644 --- a/2024/25xxx/CVE-2024-25103.json +++ b/2024/25xxx/CVE-2024-25103.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.\n" + "value": "This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system." } ] }, @@ -61,6 +61,9 @@ } ] }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, "source": { "discovery": "UNKNOWN" }, @@ -74,13 +77,13 @@ "value": "Upgrade to AppSamvid version 2.0.2 or later.

https://cdac.in/index.aspx?id=cs_eps_appsamvid
" } ], - "value": "Upgrade to AppSamvid version 2.0.2 or later.\n\n https://cdac.in/index.aspx?id=cs_eps_appsamvid https://cdac.in/index.aspx \n" + "value": "Upgrade to AppSamvid version 2.0.2 or later.\n\n https://cdac.in/index.aspx?id=cs_eps_appsamvid" } ], "credits": [ { "lang": "en", - "value": "This vulnerability is reported by Mukund Kedia." + "value": "This vulnerability is reported by Mukund Kedia and Avinash Kumar." } ], "impact": { diff --git a/2024/36xxx/CVE-2024-36148.json b/2024/36xxx/CVE-2024-36148.json index 9723dee068b..8e4a802b10d 100644 --- a/2024/36xxx/CVE-2024-36148.json +++ b/2024/36xxx/CVE-2024-36148.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + "value": "Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." } ] }, @@ -96,7 +96,7 @@ "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "LOW", - "modifiedScope": "NOT_DEFINED", + "modifiedScope": "CHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "LOW", "remediationLevel": "NOT_DEFINED", diff --git a/2024/7xxx/CVE-2024-7735.json b/2024/7xxx/CVE-2024-7735.json index 092283151e8..fe2d1dc5865 100644 --- a/2024/7xxx/CVE-2024-7735.json +++ b/2024/7xxx/CVE-2024-7735.json @@ -1,18 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7735", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Exnet Informatics Software Ferry Reservation System allows SQL Injection.This issue affects Ferry Reservation System: before 240805-002." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Exnet Informatics Software", + "product": { + "product_data": [ + { + "product_name": "Ferry Reservation System", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "240805-002" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-1518", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-24-1518" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TR-24-1518", + "defect": [ + "TR-24-1518" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Ya\u011f\u0131z B\u0130LG\u0130L\u0130" + }, + { + "lang": "en", + "value": "Privia Security Inc." + } + ] } \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7835.json b/2024/7xxx/CVE-2024-7835.json index 6a3771fdd2b..b98aad5912c 100644 --- a/2024/7xxx/CVE-2024-7835.json +++ b/2024/7xxx/CVE-2024-7835.json @@ -1,18 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7835", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Exnet Informatics Software Ferry Reservation System allows Reflected XSS.This issue affects Ferry Reservation System: before 240805-002." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Exnet Informatics Software", + "product": { + "product_data": [ + { + "product_name": "Ferry Reservation System", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "240805-002" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-1518", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-24-1518" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TR-24-1518", + "defect": [ + "TR-24-1518" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Ya\u011f\u0131z B\u0130LG\u0130L\u0130" + }, + { + "lang": "en", + "value": "Privia Security Inc." + } + ] } \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9100.json b/2024/9xxx/CVE-2024-9100.json new file mode 100644 index 00000000000..837c06be83e --- /dev/null +++ b/2024/9xxx/CVE-2024-9100.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9100", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file