diff --git a/2022/48xxx/CVE-2022-48620.json b/2022/48xxx/CVE-2022-48620.json
index 69f32d0a7e6..a9cbc5ac937 100644
--- a/2022/48xxx/CVE-2022-48620.json
+++ b/2022/48xxx/CVE-2022-48620.json
@@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2024-75e1256954",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/"
+ },
+ {
+ "refsource": "FEDORA",
+ "name": "FEDORA-2024-d6a850992f",
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/"
}
]
}
diff --git a/2022/48xxx/CVE-2022-48681.json b/2022/48xxx/CVE-2022-48681.json
new file mode 100644
index 00000000000..ee6f9d07668
--- /dev/null
+++ b/2022/48xxx/CVE-2022-48681.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2022-48681",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/42xxx/CVE-2023-42954.json b/2023/42xxx/CVE-2023-42954.json
index 365bf798e8f..b476f34e0b7 100644
--- a/2023/42xxx/CVE-2023-42954.json
+++ b/2023/42xxx/CVE-2023-42954.json
@@ -1,17 +1,63 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42954",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "product-security@apple.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role."
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Claris",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "FileMaker Server",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "unspecified",
+ "version_value": "20.3.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.claris.com/s/answerview?anum=000041424&language=en_US",
+ "refsource": "MISC",
+ "name": "https://support.claris.com/s/answerview?anum=000041424&language=en_US"
}
]
}
diff --git a/2023/48xxx/CVE-2023-48901.json b/2023/48xxx/CVE-2023-48901.json
index bb36ce2b89c..518a67b13f5 100644
--- a/2023/48xxx/CVE-2023-48901.json
+++ b/2023/48xxx/CVE-2023-48901.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-48901",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-48901",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter \"id\" within the getPhotosByCarId function call in details.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://packetstormsecurity.com/files/177660/Tramyardg-Autoexpress-1.3.0-SQL-Injection.html",
+ "url": "https://packetstormsecurity.com/files/177660/Tramyardg-Autoexpress-1.3.0-SQL-Injection.html"
}
]
}
diff --git a/2023/48xxx/CVE-2023-48902.json b/2023/48xxx/CVE-2023-48902.json
index 64809816c7b..65014b80eef 100644
--- a/2023/48xxx/CVE-2023-48902.json
+++ b/2023/48xxx/CVE-2023-48902.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-48902",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-48902",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://packetstormsecurity.com/files/177661/Tramyardg-Autoexpress-1.3.0-Authentication-Bypass.html",
+ "url": "https://packetstormsecurity.com/files/177661/Tramyardg-Autoexpress-1.3.0-Authentication-Bypass.html"
}
]
}
diff --git a/2023/48xxx/CVE-2023-48903.json b/2023/48xxx/CVE-2023-48903.json
index 7007c1dd7bb..57045db3a59 100644
--- a/2023/48xxx/CVE-2023-48903.json
+++ b/2023/48xxx/CVE-2023-48903.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-48903",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-48903",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter \"imgType\" via in uploadCarImages.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://packetstormsecurity.com/files/177662/Tramyardg-Autoexpress-1.3.0-Cross-Site-Scripting.html",
+ "url": "https://packetstormsecurity.com/files/177662/Tramyardg-Autoexpress-1.3.0-Cross-Site-Scripting.html"
}
]
}
diff --git a/2023/52xxx/CVE-2023-52620.json b/2023/52xxx/CVE-2023-52620.json
index 99a6152b9a9..2becfbc7360 100644
--- a/2023/52xxx/CVE-2023-52620.json
+++ b/2023/52xxx/CVE-2023-52620.json
@@ -1,18 +1,103 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52620",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow timeout for anonymous sets\n\nNever used from userspace, disallow these parameters."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "1da177e4c3f4",
+ "version_value": "00b19ee0dcc1"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "5.15.151",
+ "lessThanOrEqual": "5.15.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.81",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.4",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-b4257b672505"
}
}
\ No newline at end of file
diff --git a/2023/52xxx/CVE-2023-52710.json b/2023/52xxx/CVE-2023-52710.json
new file mode 100644
index 00000000000..b69405633d5
--- /dev/null
+++ b/2023/52xxx/CVE-2023-52710.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-52710",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/52xxx/CVE-2023-52711.json b/2023/52xxx/CVE-2023-52711.json
new file mode 100644
index 00000000000..354a234c333
--- /dev/null
+++ b/2023/52xxx/CVE-2023-52711.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-52711",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/52xxx/CVE-2023-52712.json b/2023/52xxx/CVE-2023-52712.json
new file mode 100644
index 00000000000..cbe82e96d74
--- /dev/null
+++ b/2023/52xxx/CVE-2023-52712.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-52712",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/6xxx/CVE-2023-6240.json b/2023/6xxx/CVE-2023-6240.json
index df700c4fc70..06ace7674a0 100644
--- a/2023/6xxx/CVE-2023-6240.json
+++ b/2023/6xxx/CVE-2023-6240.json
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "Observable Discrepancy",
- "cweId": "CWE-203"
+ "value": "Use of a Broken or Risky Cryptographic Algorithm",
+ "cweId": "CWE-327"
}
]
}
diff --git a/2024/1xxx/CVE-2024-1048.json b/2024/1xxx/CVE-2024-1048.json
index b09fedfe5e9..31ef34cd5ba 100644
--- a/2024/1xxx/CVE-2024-1048.json
+++ b/2024/1xxx/CVE-2024-1048.json
@@ -164,6 +164,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRZQCVZ3XOASVFT6XLO7F2ZXOLOHIJZQ/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRZQCVZ3XOASVFT6XLO7F2ZXOLOHIJZQ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSJAEGRR3XHMBBBKYOVMII4P34IXEYPE/",
+ "refsource": "MISC",
+ "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSJAEGRR3XHMBBBKYOVMII4P34IXEYPE/"
}
]
},
diff --git a/2024/1xxx/CVE-2024-1147.json b/2024/1xxx/CVE-2024-1147.json
index 9d44d7e1717..7931d15dd16 100644
--- a/2024/1xxx/CVE-2024-1147.json
+++ b/2024/1xxx/CVE-2024-1147.json
@@ -1,17 +1,101 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1147",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@opentext.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "OpenText",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PVCS Version Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "8.6.3.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://portal.microfocus.com/s/article/KM000026669",
+ "refsource": "MISC",
+ "name": "https://portal.microfocus.com/s/article/KM000026669"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "https://portal.microfocus.com/s/article/KM000026669
"
+ }
+ ],
+ "value": " https://portal.microfocus.com/s/article/KM000026669 \n\n"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/1xxx/CVE-2024-1148.json b/2024/1xxx/CVE-2024-1148.json
index d37fd800da7..efe30c06e28 100644
--- a/2024/1xxx/CVE-2024-1148.json
+++ b/2024/1xxx/CVE-2024-1148.json
@@ -1,17 +1,101 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1148",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@opentext.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "OpenText",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PVCS Version Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "8.6.3.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://portal.microfocus.com/s/article/KM000026669",
+ "refsource": "MISC",
+ "name": "https://portal.microfocus.com/s/article/KM000026669"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "https://portal.microfocus.com/s/article/KM000026669
"
+ }
+ ],
+ "value": " https://portal.microfocus.com/s/article/KM000026669 \n\n"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/1xxx/CVE-2024-1538.json b/2024/1xxx/CVE-2024-1538.json
index c23daa2832e..31cfa0981ea 100644
--- a/2024/1xxx/CVE-2024-1538.json
+++ b/2024/1xxx/CVE-2024-1538.json
@@ -1,17 +1,84 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1538",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can be leveraged to achieve RCE via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This issue was partially patched in version 7.2.4, and fully patched in 7.2.5."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "mndpsingh287",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "File Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "7.2.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57cc15a6-2cf5-481f-bb81-ada48aa74009?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57cc15a6-2cf5-481f-bb81-ada48aa74009?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/3051451/wp-file-manager",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/changeset/3051451/wp-file-manager"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Daniel Holley"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2024/22xxx/CVE-2024-22724.json b/2024/22xxx/CVE-2024-22724.json
index 6f6879ef2bb..3ddeaaefa51 100644
--- a/2024/22xxx/CVE-2024-22724.json
+++ b/2024/22xxx/CVE-2024-22724.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-22724",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-22724",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://medium.com/@cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c",
+ "refsource": "MISC",
+ "name": "https://medium.com/@cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/osCommerce/osCommerce-V4/issues/62",
+ "url": "https://github.com/osCommerce/osCommerce-V4/issues/62"
}
]
}
diff --git a/2024/23xxx/CVE-2024-23494.json b/2024/23xxx/CVE-2024-23494.json
index 181dc12c3e3..8cd23597170 100644
--- a/2024/23xxx/CVE-2024-23494.json
+++ b/2024/23xxx/CVE-2024-23494.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23494",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nSQL injection vulnerability exists in GetDIAE_unListParameters.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89: Improper neutralization of special elements used in an SQL command ('SQL injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delta Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIAEnergie",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "v1.10.00.005"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-24-074-12",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
"
+ }
+ ],
+ "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/23xxx/CVE-2024-23975.json b/2024/23xxx/CVE-2024-23975.json
index 09ec6c75f0d..7b4c62877ff 100644
--- a/2024/23xxx/CVE-2024-23975.json
+++ b/2024/23xxx/CVE-2024-23975.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23975",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nSQL injection vulnerability exists in GetDIAE_slogListParameters.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection') ",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delta Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIAEnergie",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "v1.10.00.005"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-24-074-12",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
"
+ }
+ ],
+ "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/24xxx/CVE-2024-24272.json b/2024/24xxx/CVE-2024-24272.json
index 0b63f9cfc6c..d87b41cedc6 100644
--- a/2024/24xxx/CVE-2024-24272.json
+++ b/2024/24xxx/CVE-2024-24272.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-24272",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-24272",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by the local user without knowledge of the master secret."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://research.hisolutions.com/2024/03/cve-2024-24272-dualsafe-password-manager-leaks-credentials/",
+ "url": "https://research.hisolutions.com/2024/03/cve-2024-24272-dualsafe-password-manager-leaks-credentials/"
}
]
}
diff --git a/2024/25xxx/CVE-2024-25567.json b/2024/25xxx/CVE-2024-25567.json
index 6072f8015c1..f867eaaca6a 100644
--- a/2024/25xxx/CVE-2024-25567.json
+++ b/2024/25xxx/CVE-2024-25567.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25567",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nPath traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-22: Improper limitation of a pathname to a restricted directory ('Path traversal')",
+ "cweId": "CWE-22"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delta Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIAEnergie",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "v1.10.00.005"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-24-074-12",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
"
+ }
+ ],
+ "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/25xxx/CVE-2024-25937.json b/2024/25xxx/CVE-2024-25937.json
index c90c9550bb8..1953d7f858c 100644
--- a/2024/25xxx/CVE-2024-25937.json
+++ b/2024/25xxx/CVE-2024-25937.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25937",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nSQL injection vulnerability exists in the script DIAE_tagHandler.ashx.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delta Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIAEnergie",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "v1.10.00.005"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-24-074-12",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
"
+ }
+ ],
+ "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/26xxx/CVE-2024-26307.json b/2024/26xxx/CVE-2024-26307.json
index 5e29f3567c0..84bf7d5d7d7 100644
--- a/2024/26xxx/CVE-2024-26307.json
+++ b/2024/26xxx/CVE-2024-26307.json
@@ -1,18 +1,71 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-26307",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@apache.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Possible race condition vulnerability in Apache Doris.\nSome of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file.\nThis could theoretically happen, but the impact would be minimal.\nThis issue affects Apache Doris: before 1.2.8, before 2.0.4.\n\nUsers are recommended to upgrade to version 2.0.4, which fixes the issue.\n\n"
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-362: Possible race condition",
+ "cweId": "CWE-362"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache Doris",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "1.2.8"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl",
+ "refsource": "MISC",
+ "name": "https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
}
}
\ No newline at end of file
diff --git a/2024/26xxx/CVE-2024-26642.json b/2024/26xxx/CVE-2024-26642.json
index 88a1d99d9bc..65766f8252e 100644
--- a/2024/26xxx/CVE-2024-26642.json
+++ b/2024/26xxx/CVE-2024-26642.json
@@ -1,18 +1,91 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-26642",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow anonymous set with timeout flag\n\nAnonymous sets are never used with timeout from userspace, reject this.\nException to this rule is NFT_SET_EVAL to ensure legacy meters still work."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "761da2935d6e",
+ "version_value": "16603605b667"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "4.1",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "4.1",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.8",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-b4257b672505"
}
}
\ No newline at end of file
diff --git a/2024/27xxx/CVE-2024-27285.json b/2024/27xxx/CVE-2024-27285.json
index deeed5114d7..4f2951eda32 100644
--- a/2024/27xxx/CVE-2024-27285.json
+++ b/2024/27xxx/CVE-2024-27285.json
@@ -83,6 +83,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00006.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00006.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MR3Z2E2UIZZ7YOR7R645EVSBGWMB2RGA/",
+ "refsource": "MISC",
+ "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MR3Z2E2UIZZ7YOR7R645EVSBGWMB2RGA/"
}
]
},
diff --git a/2024/27xxx/CVE-2024-27438.json b/2024/27xxx/CVE-2024-27438.json
index 953de56f3e6..b0bed95e0c8 100644
--- a/2024/27xxx/CVE-2024-27438.json
+++ b/2024/27xxx/CVE-2024-27438.json
@@ -1,18 +1,71 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27438",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@apache.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Download of Code Without Integrity Check vulnerability in Apache Doris.\nThe jdbc driver files used for JDBC catalog is not checked and may\u00a0resulting in remote command execution.\nOnce the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This\u00a0code snippet will be run when catalog is initializing without any check.\nThis issue affects Apache Doris: from 1.2.0 through 2.0.4.\n\nUsers are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue.\n\n"
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-494: Download of Code Without Integrity Check",
+ "cweId": "CWE-494"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache Doris",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "1.2.0",
+ "version_value": "2.0.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://lists.apache.org/thread/h95h82b0svlnwcg6c2xq4b08j6gwgczh",
+ "refsource": "MISC",
+ "name": "https://lists.apache.org/thread/h95h82b0svlnwcg6c2xq4b08j6gwgczh"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
}
}
\ No newline at end of file
diff --git a/2024/27xxx/CVE-2024-27921.json b/2024/27xxx/CVE-2024-27921.json
index 8da77ce5ca8..6727d559b5b 100644
--- a/2024/27xxx/CVE-2024-27921.json
+++ b/2024/27xxx/CVE-2024-27921.json
@@ -1,17 +1,90 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27921",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques. Upgrading to patched version 1.7.45 can mitigate the issue."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
+ "cweId": "CWE-22"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "getgrav",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "grav",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 1.7.45"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc",
+ "refsource": "MISC",
+ "name": "https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc"
+ },
+ {
+ "url": "https://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99",
+ "refsource": "MISC",
+ "name": "https://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-m7hx-hw6h-mqmc",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28029.json b/2024/28xxx/CVE-2024-28029.json
index e2de2bc7160..40cd1c36621 100644
--- a/2024/28xxx/CVE-2024-28029.json
+++ b/2024/28xxx/CVE-2024-28029.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28029",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nPrivileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-285 Improper Authorization",
+ "cweId": "CWE-285"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delta Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIAEnergie",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "v1.10.00.005"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-24-074-12",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
"
+ }
+ ],
+ "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28040.json b/2024/28xxx/CVE-2024-28040.json
index 56c981349a2..cf03c7136fa 100644
--- a/2024/28xxx/CVE-2024-28040.json
+++ b/2024/28xxx/CVE-2024-28040.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28040",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nSQL injection vulnerability exists in GetDIAE_astListParameters.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection') ",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delta Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIAEnergie",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "v1.10.00.005"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-24-074-12",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
"
+ }
+ ],
+ "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28045.json b/2024/28xxx/CVE-2024-28045.json
index 97ac74f44d4..76a7a6ff056 100644
--- a/2024/28xxx/CVE-2024-28045.json
+++ b/2024/28xxx/CVE-2024-28045.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28045",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nImproper neutralization of input within the affected product could lead to cross-site scripting.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79: Improper neutralization of input during web page generation ('Cross-site scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delta Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIAEnergie",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "v1.10.00.005"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-24-074-12",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
"
+ }
+ ],
+ "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.6,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28116.json b/2024/28xxx/CVE-2024-28116.json
index 226483c9e99..d9a2a81ad14 100644
--- a/2024/28xxx/CVE-2024-28116.json
+++ b/2024/28xxx/CVE-2024-28116.json
@@ -1,17 +1,99 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28116",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
+ "cweId": "CWE-94"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
+ "cweId": "CWE-1336"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "getgrav",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "grav",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 1.7.45"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh",
+ "refsource": "MISC",
+ "name": "https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh"
+ },
+ {
+ "url": "https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e",
+ "refsource": "MISC",
+ "name": "https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-c9gp-64c4-2rrh",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28117.json b/2024/28xxx/CVE-2024-28117.json
index 04500b671e3..d32ee7cd363 100644
--- a/2024/28xxx/CVE-2024-28117.json
+++ b/2024/28xxx/CVE-2024-28117.json
@@ -1,17 +1,90 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28117",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Upgrading to patched version 1.7.45 can mitigate this issue.\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
+ "cweId": "CWE-94"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "getgrav",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "grav",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 1.7.45"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/getgrav/grav/security/advisories/GHSA-qfv4-q44r-g7rv",
+ "refsource": "MISC",
+ "name": "https://github.com/getgrav/grav/security/advisories/GHSA-qfv4-q44r-g7rv"
+ },
+ {
+ "url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe",
+ "refsource": "MISC",
+ "name": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-qfv4-q44r-g7rv",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28118.json b/2024/28xxx/CVE-2024-28118.json
index 2e95376d849..dd91f87e906 100644
--- a/2024/28xxx/CVE-2024-28118.json
+++ b/2024/28xxx/CVE-2024-28118.json
@@ -1,17 +1,90 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28118",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a fix for this issue.\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
+ "cweId": "CWE-94"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "getgrav",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "grav",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 1.7.45"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4",
+ "refsource": "MISC",
+ "name": "https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4"
+ },
+ {
+ "url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe",
+ "refsource": "MISC",
+ "name": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-r6vw-8v8r-pmp4",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28119.json b/2024/28xxx/CVE-2024-28119.json
index 5fcac704f8e..0e44623414a 100644
--- a/2024/28xxx/CVE-2024-28119.json
+++ b/2024/28xxx/CVE-2024-28119.json
@@ -1,17 +1,95 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28119",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a patch for this issue."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
+ "cweId": "CWE-94"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "getgrav",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "grav",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 1.7.45"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58",
+ "refsource": "MISC",
+ "name": "https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58"
+ },
+ {
+ "url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe",
+ "refsource": "MISC",
+ "name": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe"
+ },
+ {
+ "url": "https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99",
+ "refsource": "MISC",
+ "name": "https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-2m7x-c7px-hp58",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28171.json b/2024/28xxx/CVE-2024-28171.json
index 525af06fdcb..347125c4002 100644
--- a/2024/28xxx/CVE-2024-28171.json
+++ b/2024/28xxx/CVE-2024-28171.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28171",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nIt is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-22: Improper limitation of a pathname to a restricted directory ('Path traversal')",
+ "cweId": "CWE-22"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delta Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIAEnergie",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "v1.10.00.005"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-24-074-12",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
"
+ }
+ ],
+ "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28635.json b/2024/28xxx/CVE-2024-28635.json
index abdbceaf8c3..1af1b505634 100644
--- a/2024/28xxx/CVE-2024-28635.json
+++ b/2024/28xxx/CVE-2024-28635.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-28635",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-28635",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/surveyjs/survey-creator/issues/5285",
+ "refsource": "MISC",
+ "name": "https://github.com/surveyjs/survey-creator/issues/5285"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txt",
+ "url": "https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txt"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28835.json b/2024/28xxx/CVE-2024-28835.json
index 7d412d049a3..e8f95903030 100644
--- a/2024/28xxx/CVE-2024-28835.json
+++ b/2024/28xxx/CVE-2024-28835.json
@@ -1,17 +1,183 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28835",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secalert@redhat.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Uncaught Exception",
+ "cweId": "CWE-248"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "n/a",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "gnutls",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "3.8.4",
+ "status": "unaffected"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 6",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 8",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 9",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ {
+ "vendor_name": "Fedora",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Fedora",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2024-28835",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2024-28835"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269084",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2269084"
+ },
+ {
+ "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html",
+ "refsource": "MISC",
+ "name": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html"
+ }
+ ]
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28863.json b/2024/28xxx/CVE-2024-28863.json
index b021a8b85ef..02b52607dd8 100644
--- a/2024/28xxx/CVE-2024-28863.json
+++ b/2024/28xxx/CVE-2024-28863.json
@@ -1,17 +1,99 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28863",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-400: Uncontrolled Resource Consumption",
+ "cweId": "CWE-400"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-770: Allocation of Resources Without Limits or Throttling",
+ "cweId": "CWE-770"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "isaacs",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "node-tar",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 6.2.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36",
+ "refsource": "MISC",
+ "name": "https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36"
+ },
+ {
+ "url": "https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7",
+ "refsource": "MISC",
+ "name": "https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-f5x3-32g6-xq36",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28891.json b/2024/28xxx/CVE-2024-28891.json
index 39beedededd..3d79630844b 100644
--- a/2024/28xxx/CVE-2024-28891.json
+++ b/2024/28xxx/CVE-2024-28891.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28891",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nSQL injection vulnerability exists in the script Handler_CFG.ashx.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delta Electronics",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIAEnergie",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "v1.10.00.005"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-24-074-12",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
"
+ }
+ ],
+ "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported these vulnerabilities to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/29xxx/CVE-2024-29031.json b/2024/29xxx/CVE-2024-29031.json
index 3524e2db960..d59e4eaf58f 100644
--- a/2024/29xxx/CVE-2024-29031.json
+++ b/2024/29xxx/CVE-2024-29031.json
@@ -1,17 +1,95 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29031",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the `order` parameter of `GetMeshSyncResources`. Version 0.7.17 contains a patch for this issue."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "meshery",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "meshery",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 0.7.17"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://securitylab.github.com/advisories/GHSL-2023-249_Meshery/",
+ "refsource": "MISC",
+ "name": "https://securitylab.github.com/advisories/GHSL-2023-249_Meshery/"
+ },
+ {
+ "url": "https://github.com/meshery/meshery/pull/10207",
+ "refsource": "MISC",
+ "name": "https://github.com/meshery/meshery/pull/10207"
+ },
+ {
+ "url": "https://github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917f13",
+ "refsource": "MISC",
+ "name": "https://github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917f13"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-652r-q29p-m25h",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/29xxx/CVE-2024-29131.json b/2024/29xxx/CVE-2024-29131.json
index 026c98d4711..1664fa35249 100644
--- a/2024/29xxx/CVE-2024-29131.json
+++ b/2024/29xxx/CVE-2024-29131.json
@@ -1,18 +1,80 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29131",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@apache.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\n\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue.\n\n"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache Commons Configuration",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "2.0",
+ "version_value": "2.10.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37",
+ "refsource": "MISC",
+ "name": "https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "defect": [
+ "CONFIGURATION-840"
+ ],
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Bob Marinier"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29133.json b/2024/29xxx/CVE-2024-29133.json
index 4ac29828cc6..8be285bd178 100644
--- a/2024/29xxx/CVE-2024-29133.json
+++ b/2024/29xxx/CVE-2024-29133.json
@@ -1,18 +1,80 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29133",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@apache.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\n\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue.\n\n"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache Commons Configuration",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "2.0",
+ "version_value": "2.10.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2",
+ "refsource": "MISC",
+ "name": "https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "defect": [
+ "CONFIGURATION-841"
+ ],
+ "discovery": "INTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Gary Gregory"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29732.json b/2024/29xxx/CVE-2024-29732.json
index f424cf31dd0..4d92ab8c166 100644
--- a/2024/29xxx/CVE-2024-29732.json
+++ b/2024/29xxx/CVE-2024-29732.json
@@ -1,17 +1,110 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29732",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve-coordination@incibe.es",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via \"user\" parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Abast",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "SCAN_VISIO eDocument Suite Web Viewer",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.28.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-scanvisio-edocument-suite-web-viewer-abast",
+ "refsource": "MISC",
+ "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-scanvisio-edocument-suite-web-viewer-abast"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Vulnerability has been fixed in later versions."
+ }
+ ],
+ "value": "Vulnerability has been fixed in later versions."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Alberto Gasulla"
+ },
+ {
+ "lang": "en",
+ "value": "Ismael Pacheco Torrecilla"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/29xxx/CVE-2024-29856.json b/2024/29xxx/CVE-2024-29856.json
new file mode 100644
index 00000000000..1bf9141fa49
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29856.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29856",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29857.json b/2024/29xxx/CVE-2024-29857.json
new file mode 100644
index 00000000000..fa622c4bc8a
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29857.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29857",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29858.json b/2024/29xxx/CVE-2024-29858.json
new file mode 100644
index 00000000000..06238be8e0f
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29858.json
@@ -0,0 +1,62 @@
+{
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2024-29858",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/MISP/MISP/commit/6a2986be6aad6b37858b4869e238f517b295c111",
+ "refsource": "MISC",
+ "name": "https://github.com/MISP/MISP/commit/6a2986be6aad6b37858b4869e238f517b295c111"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29859.json b/2024/29xxx/CVE-2024-29859.json
new file mode 100644
index 00000000000..feb1eba102b
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29859.json
@@ -0,0 +1,62 @@
+{
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2024-29859",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/MISP/MISP/commit/238010bfd004680757b324cba0c6344f77a25399",
+ "refsource": "MISC",
+ "name": "https://github.com/MISP/MISP/commit/238010bfd004680757b324cba0c6344f77a25399"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29860.json b/2024/29xxx/CVE-2024-29860.json
new file mode 100644
index 00000000000..01bbc7e9598
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29860.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29860",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29861.json b/2024/29xxx/CVE-2024-29861.json
new file mode 100644
index 00000000000..7209e960f4d
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29861.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29861",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29862.json b/2024/29xxx/CVE-2024-29862.json
new file mode 100644
index 00000000000..f1c2fea9fbb
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29862.json
@@ -0,0 +1,67 @@
+{
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2024-29862",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/chirpstack/chirpstack-mqtt-forwarder/commit/4fa9e6eaaec8c3ca49ebfbf6317572671f17700f",
+ "refsource": "MISC",
+ "name": "https://github.com/chirpstack/chirpstack-mqtt-forwarder/commit/4fa9e6eaaec8c3ca49ebfbf6317572671f17700f"
+ },
+ {
+ "url": "https://github.com/chirpstack/chirpstack-gateway-bridge/commit/0c1e80c9fa9f5d093ff62903caedad86ec4640b6",
+ "refsource": "MISC",
+ "name": "https://github.com/chirpstack/chirpstack-gateway-bridge/commit/0c1e80c9fa9f5d093ff62903caedad86ec4640b6"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29863.json b/2024/29xxx/CVE-2024-29863.json
new file mode 100644
index 00000000000..6685e5d1477
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29863.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29863",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29864.json b/2024/29xxx/CVE-2024-29864.json
new file mode 100644
index 00000000000..b5f60c36550
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29864.json
@@ -0,0 +1,67 @@
+{
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2024-29864",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/89luca89/distrobox/commit/82a69f0a234e73e447d0ea8c8b3443b84fd31944",
+ "refsource": "MISC",
+ "name": "https://github.com/89luca89/distrobox/commit/82a69f0a234e73e447d0ea8c8b3443b84fd31944"
+ },
+ {
+ "url": "https://github.com/89luca89/distrobox/issues/1275",
+ "refsource": "MISC",
+ "name": "https://github.com/89luca89/distrobox/issues/1275"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29865.json b/2024/29xxx/CVE-2024-29865.json
new file mode 100644
index 00000000000..8dc5122e1d7
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29865.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29865",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29866.json b/2024/29xxx/CVE-2024-29866.json
new file mode 100644
index 00000000000..272516c28ce
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29866.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29866",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29867.json b/2024/29xxx/CVE-2024-29867.json
new file mode 100644
index 00000000000..ceb6ca66a38
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29867.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29867",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29868.json b/2024/29xxx/CVE-2024-29868.json
new file mode 100644
index 00000000000..ac8f03b731a
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29868.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29868",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29869.json b/2024/29xxx/CVE-2024-29869.json
new file mode 100644
index 00000000000..b5505a5b32b
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29869.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29869",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29870.json b/2024/29xxx/CVE-2024-29870.json
new file mode 100644
index 00000000000..7837e3c1de3
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29870.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29870",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29871.json b/2024/29xxx/CVE-2024-29871.json
new file mode 100644
index 00000000000..b98977fd77c
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29871.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29871",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29872.json b/2024/29xxx/CVE-2024-29872.json
new file mode 100644
index 00000000000..829c70b24ee
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29872.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29872",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29873.json b/2024/29xxx/CVE-2024-29873.json
new file mode 100644
index 00000000000..77fce2f4e7d
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29873.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29873",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29874.json b/2024/29xxx/CVE-2024-29874.json
new file mode 100644
index 00000000000..5e423f8b2c6
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29874.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29874",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29875.json b/2024/29xxx/CVE-2024-29875.json
new file mode 100644
index 00000000000..ea8f5dab852
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29875.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29875",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29876.json b/2024/29xxx/CVE-2024-29876.json
new file mode 100644
index 00000000000..5a8684ed1c6
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29876.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29876",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29877.json b/2024/29xxx/CVE-2024-29877.json
new file mode 100644
index 00000000000..765fecfd37f
--- /dev/null
+++ b/2024/29xxx/CVE-2024-29877.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-29877",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/29xxx/CVE-2024-29878.json b/2024/29xxx/CVE-2024-29878.json
index 885a53574ea..0290e9d851d 100644
--- a/2024/29xxx/CVE-2024-29878.json
+++ b/2024/29xxx/CVE-2024-29878.json
@@ -1,93 +1,17 @@
{
- "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
+ "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29878",
- "ASSIGNER": "cve-coordination@incibe.es",
- "STATE": "PUBLIC"
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through\u00a0 /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.\n"
- }
- ]
- },
- "problemtype": {
- "problemtype_data": [
- {
- "description": [
- {
- "lang": "eng",
- "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
- "cweId": "CWE-79"
- }
- ]
- }
- ]
- },
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "vendor_name": "Sentrifugo",
- "product": {
- "product_data": [
- {
- "product_name": "Sentrifugo",
- "version": {
- "version_data": [
- {
- "version_affected": "=",
- "version_value": "3.2"
- }
- ]
- }
- }
- ]
- }
- }
- ]
- }
- },
- "references": {
- "reference_data": [
- {
- "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo",
- "refsource": "MISC",
- "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo"
- }
- ]
- },
- "generator": {
- "engine": "Vulnogram 0.1.0-dev"
- },
- "source": {
- "discovery": "UNKNOWN"
- },
- "credits": [
- {
- "lang": "en",
- "value": "Rafael Pedrero"
- }
- ],
- "impact": {
- "cvss": [
- {
- "attackComplexity": "LOW",
- "attackVector": "NETWORK",
- "availabilityImpact": "LOW",
- "baseScore": 7.1,
- "baseSeverity": "HIGH",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "privilegesRequired": "NONE",
- "scope": "CHANGED",
- "userInteraction": "REQUIRED",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
- "version": "3.1"
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
diff --git a/2024/29xxx/CVE-2024-29879.json b/2024/29xxx/CVE-2024-29879.json
index ab17e4f2089..36c0885469c 100644
--- a/2024/29xxx/CVE-2024-29879.json
+++ b/2024/29xxx/CVE-2024-29879.json
@@ -1,93 +1,17 @@
{
- "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
+ "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29879",
- "ASSIGNER": "cve-coordination@incibe.es",
- "STATE": "PUBLIC"
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through\u00a0 /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.\n"
- }
- ]
- },
- "problemtype": {
- "problemtype_data": [
- {
- "description": [
- {
- "lang": "eng",
- "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
- "cweId": "CWE-79"
- }
- ]
- }
- ]
- },
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "vendor_name": "Sentrifugo",
- "product": {
- "product_data": [
- {
- "product_name": "Sentrifugo",
- "version": {
- "version_data": [
- {
- "version_affected": "=",
- "version_value": "3.2"
- }
- ]
- }
- }
- ]
- }
- }
- ]
- }
- },
- "references": {
- "reference_data": [
- {
- "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo",
- "refsource": "MISC",
- "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo"
- }
- ]
- },
- "generator": {
- "engine": "Vulnogram 0.1.0-dev"
- },
- "source": {
- "discovery": "UNKNOWN"
- },
- "credits": [
- {
- "lang": "en",
- "value": "Rafael Pedrero"
- }
- ],
- "impact": {
- "cvss": [
- {
- "attackComplexity": "LOW",
- "attackVector": "NETWORK",
- "availabilityImpact": "LOW",
- "baseScore": 7.1,
- "baseSeverity": "HIGH",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "privilegesRequired": "NONE",
- "scope": "CHANGED",
- "userInteraction": "REQUIRED",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
- "version": "3.1"
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
diff --git a/2024/2xxx/CVE-2024-2161.json b/2024/2xxx/CVE-2024-2161.json
index 33da0353e2a..23af5a15ce6 100644
--- a/2024/2xxx/CVE-2024-2161.json
+++ b/2024/2xxx/CVE-2024-2161.json
@@ -1,17 +1,172 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2161",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vulnerability@ncsc.ch",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects\u00a0Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version\u00a02.02.0227 .\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-798 Use of Hard-coded Credentials",
+ "cweId": "CWE-798"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Kiloview",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "NDI",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "unaffected",
+ "version": "N3 Firmware 2.02.0227"
+ },
+ {
+ "status": "unaffected",
+ "version": "N3-s Firmware 2.02.0227"
+ },
+ {
+ "status": "unaffected",
+ "version": "N4 Firmware 2.02.0227"
+ },
+ {
+ "status": "unaffected",
+ "version": "N20 Firmware 2.02.0227"
+ },
+ {
+ "status": "unaffected",
+ "version": "N30 Firmware 2.02.0227"
+ },
+ {
+ "status": "unaffected",
+ "version": "N40 Firmware 2.02.0227"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.kiloview.com/en/support/download/n3-for-ndi/",
+ "refsource": "MISC",
+ "name": "https://www.kiloview.com/en/support/download/n3-for-ndi/"
+ },
+ {
+ "url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/",
+ "refsource": "MISC",
+ "name": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/"
+ },
+ {
+ "url": "https://www.kiloview.com/en/support/download/1779/",
+ "refsource": "MISC",
+ "name": "https://www.kiloview.com/en/support/download/1779/"
+ },
+ {
+ "url": "https://www.kiloview.com/en/support/download/n20-firmware-download/",
+ "refsource": "MISC",
+ "name": "https://www.kiloview.com/en/support/download/n20-firmware-download/"
+ },
+ {
+ "url": "https://www.kiloview.com/en/support/download/n30-for-ndi/",
+ "refsource": "MISC",
+ "name": "https://www.kiloview.com/en/support/download/n30-for-ndi/"
+ },
+ {
+ "url": "https://www.kiloview.com/en/support/download/n40/",
+ "refsource": "MISC",
+ "name": "https://www.kiloview.com/en/support/download/n40/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n
"
+ }
+ ],
+ "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n\n"
+ }
+ ],
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Upgrade to the firmware 2.02.0227 or later
"
+ }
+ ],
+ "value": "Upgrade to the firmware 2.02.0227 or later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Milan Duric, EBU"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/2xxx/CVE-2024-2162.json b/2024/2xxx/CVE-2024-2162.json
index 77c176317c7..baead930036 100644
--- a/2024/2xxx/CVE-2024-2162.json
+++ b/2024/2xxx/CVE-2024-2162.json
@@ -1,17 +1,172 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2162",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vulnerability@ncsc.ch",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges.\n\nThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Kiloview",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "NDI",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "unaffected",
+ "version": "N3 Firmware 2.02.0227"
+ },
+ {
+ "status": "unaffected",
+ "version": "N3-s Firmware 2.02.0227"
+ },
+ {
+ "status": "unaffected",
+ "version": "N4 Firmware 2.02.0227"
+ },
+ {
+ "status": "unaffected",
+ "version": "N20 Firmware 2.02.0227"
+ },
+ {
+ "status": "unaffected",
+ "version": "N30 Firmware 2.02.0227"
+ },
+ {
+ "status": "unaffected",
+ "version": "N40 Firmware 2.02.0227"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.kiloview.com/en/support/download/n3-for-ndi/",
+ "refsource": "MISC",
+ "name": "https://www.kiloview.com/en/support/download/n3-for-ndi/"
+ },
+ {
+ "url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/",
+ "refsource": "MISC",
+ "name": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/"
+ },
+ {
+ "url": "https://www.kiloview.com/en/support/download/1779/",
+ "refsource": "MISC",
+ "name": "https://www.kiloview.com/en/support/download/1779/"
+ },
+ {
+ "url": "https://www.kiloview.com/en/support/download/n20-firmware-download/",
+ "refsource": "MISC",
+ "name": "https://www.kiloview.com/en/support/download/n20-firmware-download/"
+ },
+ {
+ "url": "https://www.kiloview.com/en/support/download/n30-for-ndi/",
+ "refsource": "MISC",
+ "name": "https://www.kiloview.com/en/support/download/n30-for-ndi/"
+ },
+ {
+ "url": "https://www.kiloview.com/en/support/download/n40/",
+ "refsource": "MISC",
+ "name": "https://www.kiloview.com/en/support/download/n40/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n
"
+ }
+ ],
+ "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n\n"
+ }
+ ],
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Upgrade to the firmware 2.02.0227 or later
"
+ }
+ ],
+ "value": "Upgrade to the firmware 2.02.0227 or later\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Milan Duric, EBU"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/2xxx/CVE-2024-2453.json b/2024/2xxx/CVE-2024-2453.json
index 937d6e4ed1b..9cbd3d1f2b6 100644
--- a/2024/2xxx/CVE-2024-2453.json
+++ b/2024/2xxx/CVE-2024-2453.json
@@ -1,17 +1,107 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2453",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nThere is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Advantech",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WebAccess/SCADA",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.1.5U"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-081-01",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-081-01"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "ICSA-24-081-01",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nAdvantech recommends updating WebAccess/SCADA to version 9.1.6 or higher to mitigate this vulnerability.\n\n
"
+ }
+ ],
+ "value": "\nAdvantech recommends updating WebAccess/SCADA to version 9.1.6 or higher to mitigate this vulnerability.\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "CISA discovered a public proof of concept as authored by Prze\u015blij Komentarz and reported it to Advantech."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/2xxx/CVE-2024-2754.json b/2024/2xxx/CVE-2024-2754.json
index 38b0aa01cbd..d305bba816c 100644
--- a/2024/2xxx/CVE-2024-2754.json
+++ b/2024/2xxx/CVE-2024-2754.json
@@ -1,17 +1,104 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2754",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257544."
+ },
+ {
+ "lang": "deu",
+ "value": "Es wurde eine kritische Schwachstelle in SourceCodester Complete E-Commerce Site 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/users_photo.php. Dank Manipulation des Arguments photo mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-434 Unrestricted Upload",
+ "cweId": "CWE-434"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "SourceCodester",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Complete E-Commerce Site",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.257544",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.257544"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.257544",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.257544"
+ },
+ {
+ "url": "https://github.com/wkeyi0x1/vul-report/issues/4",
+ "refsource": "MISC",
+ "name": "https://github.com/wkeyi0x1/vul-report/issues/4"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Shuning Yue (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 4.7,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 4.7,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 5.8,
+ "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
}
]
}
diff --git a/2024/2xxx/CVE-2024-2755.json b/2024/2xxx/CVE-2024-2755.json
new file mode 100644
index 00000000000..c6bd60e39eb
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2755.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2755",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2756.json b/2024/2xxx/CVE-2024-2756.json
new file mode 100644
index 00000000000..54f7b038e0e
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2756.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2756",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2757.json b/2024/2xxx/CVE-2024-2757.json
new file mode 100644
index 00000000000..a2e54327e8b
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2757.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2757",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2768.json b/2024/2xxx/CVE-2024-2768.json
index 8808e26c0a4..394ddf6c5bd 100644
--- a/2024/2xxx/CVE-2024-2768.json
+++ b/2024/2xxx/CVE-2024-2768.json
@@ -1,17 +1,104 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2768",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257604."
+ },
+ {
+ "lang": "deu",
+ "value": "Es wurde eine kritische Schwachstelle in Campcodes Complete Online Beauty Parlor Management System 1.0 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/edit-services.php. Mittels Manipulieren des Arguments editid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Campcodes",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Complete Online Beauty Parlor Management System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.257604",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.257604"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.257604",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.257604"
+ },
+ {
+ "url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%203.pdf",
+ "refsource": "MISC",
+ "name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%203.pdf"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 6.5,
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2024/2xxx/CVE-2024-2769.json b/2024/2xxx/CVE-2024-2769.json
index 339a732c8bb..fbd932af610 100644
--- a/2024/2xxx/CVE-2024-2769.json
+++ b/2024/2xxx/CVE-2024-2769.json
@@ -1,17 +1,104 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2769",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257605 was assigned to this vulnerability."
+ },
+ {
+ "lang": "deu",
+ "value": "In Campcodes Complete Online Beauty Parlor Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /admin/admin-profile.php. Durch das Manipulieren des Arguments adminname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Campcodes",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Complete Online Beauty Parlor Management System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.257605",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.257605"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.257605",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.257605"
+ },
+ {
+ "url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%205.pdf",
+ "refsource": "MISC",
+ "name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%205.pdf"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 6.5,
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2024/2xxx/CVE-2024-2770.json b/2024/2xxx/CVE-2024-2770.json
index 9abb6bcecd6..0ed0c374e64 100644
--- a/2024/2xxx/CVE-2024-2770.json
+++ b/2024/2xxx/CVE-2024-2770.json
@@ -1,17 +1,104 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2770",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/contact-us.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257606 is the identifier assigned to this vulnerability."
+ },
+ {
+ "lang": "deu",
+ "value": "Eine kritische Schwachstelle wurde in Campcodes Complete Online Beauty Parlor Management System 1.0 ausgemacht. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /admin/contact-us.php. Durch Manipulieren des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Campcodes",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Complete Online Beauty Parlor Management System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.257606",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.257606"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.257606",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.257606"
+ },
+ {
+ "url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%204.pdf",
+ "refsource": "MISC",
+ "name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%204.pdf"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 6.5,
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2024/2xxx/CVE-2024-2773.json b/2024/2xxx/CVE-2024-2773.json
index 90751f85925..1a1585d4757 100644
--- a/2024/2xxx/CVE-2024-2773.json
+++ b/2024/2xxx/CVE-2024-2773.json
@@ -1,17 +1,104 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2773",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability classified as problematic has been found in Campcodes Online Marriage Registration System 1.0. This affects an unknown part of the file /user/search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257607."
+ },
+ {
+ "lang": "deu",
+ "value": "Es wurde eine Schwachstelle in Campcodes Online Marriage Registration System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /user/search.php. Durch das Beeinflussen des Arguments searchdata mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross Site Scripting",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Campcodes",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Online Marriage Registration System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.257607",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.257607"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.257607",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.257607"
+ },
+ {
+ "url": "https://github.com/Kurunie/vuln_report/blob/main/Complete%20Online%20Marriage%20Registration%20System's%20vuln.pdf",
+ "refsource": "MISC",
+ "name": "https://github.com/Kurunie/vuln_report/blob/main/Complete%20Online%20Marriage%20Registration%20System's%20vuln.pdf"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Limmry (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 3.5,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 3.5,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 4,
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}
diff --git a/2024/2xxx/CVE-2024-2774.json b/2024/2xxx/CVE-2024-2774.json
index aaba1e53181..5de91dbc2cd 100644
--- a/2024/2xxx/CVE-2024-2774.json
+++ b/2024/2xxx/CVE-2024-2774.json
@@ -1,17 +1,104 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2774",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability classified as critical was found in Campcodes Online Marriage Registration System 1.0. This vulnerability affects unknown code of the file /user/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257608."
+ },
+ {
+ "lang": "deu",
+ "value": "In Campcodes Online Marriage Registration System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /user/search.php. Durch Beeinflussen des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Campcodes",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Online Marriage Registration System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.257608",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.257608"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.257608",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.257608"
+ },
+ {
+ "url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%201.pdf",
+ "refsource": "MISC",
+ "name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%201.pdf"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 6.5,
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2024/2xxx/CVE-2024-2775.json b/2024/2xxx/CVE-2024-2775.json
index a9d070ad158..e944d36ca1c 100644
--- a/2024/2xxx/CVE-2024-2775.json
+++ b/2024/2xxx/CVE-2024-2775.json
@@ -1,17 +1,104 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2775",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability, which was classified as problematic, has been found in Campcodes Online Marriage Registration System 1.0. This issue affects some unknown processing of the file /user/user-profile.php. The manipulation of the argument lname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257609 was assigned to this vulnerability."
+ },
+ {
+ "lang": "deu",
+ "value": "Eine Schwachstelle wurde in Campcodes Online Marriage Registration System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /user/user-profile.php. Dank der Manipulation des Arguments lname mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross Site Scripting",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Campcodes",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Online Marriage Registration System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.257609",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.257609"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.257609",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.257609"
+ },
+ {
+ "url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%202.pdf",
+ "refsource": "MISC",
+ "name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%202.pdf"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 3.5,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 3.5,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 4,
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}
diff --git a/2024/2xxx/CVE-2024-2776.json b/2024/2xxx/CVE-2024-2776.json
index fb947d65006..9f9062b3dc7 100644
--- a/2024/2xxx/CVE-2024-2776.json
+++ b/2024/2xxx/CVE-2024-2776.json
@@ -1,17 +1,104 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2776",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability, which was classified as critical, was found in Campcodes Online Marriage Registration System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257610 is the identifier assigned to this vulnerability."
+ },
+ {
+ "lang": "deu",
+ "value": "Es wurde eine Schwachstelle in Campcodes Online Marriage Registration System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /admin/search.php. Dank Manipulation des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-89 SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Campcodes",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Online Marriage Registration System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.257610",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.257610"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.257610",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.257610"
+ },
+ {
+ "url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%201.pdf",
+ "refsource": "MISC",
+ "name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%201.pdf"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 6.5,
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2024/2xxx/CVE-2024-2805.json b/2024/2xxx/CVE-2024-2805.json
new file mode 100644
index 00000000000..5101a8a818f
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2805.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2805",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2806.json b/2024/2xxx/CVE-2024-2806.json
new file mode 100644
index 00000000000..72291bf4033
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2806.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2806",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2807.json b/2024/2xxx/CVE-2024-2807.json
new file mode 100644
index 00000000000..0788be02da8
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2807.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2807",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2808.json b/2024/2xxx/CVE-2024-2808.json
new file mode 100644
index 00000000000..2150ff3901f
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2808.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2808",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2809.json b/2024/2xxx/CVE-2024-2809.json
new file mode 100644
index 00000000000..aceab5cc9df
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2809.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2809",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2810.json b/2024/2xxx/CVE-2024-2810.json
new file mode 100644
index 00000000000..3ebf8a4ed23
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2810.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2810",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2811.json b/2024/2xxx/CVE-2024-2811.json
new file mode 100644
index 00000000000..73e60e4da06
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2811.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2811",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2812.json b/2024/2xxx/CVE-2024-2812.json
new file mode 100644
index 00000000000..d8e574bd6ed
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2812.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2812",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2813.json b/2024/2xxx/CVE-2024-2813.json
new file mode 100644
index 00000000000..ca12c679698
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2813.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2813",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2814.json b/2024/2xxx/CVE-2024-2814.json
new file mode 100644
index 00000000000..36cfb7e7d88
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2814.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2814",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2815.json b/2024/2xxx/CVE-2024-2815.json
new file mode 100644
index 00000000000..b140e639acf
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2815.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2815",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2816.json b/2024/2xxx/CVE-2024-2816.json
new file mode 100644
index 00000000000..6fe8347c398
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2816.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2816",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/2xxx/CVE-2024-2817.json b/2024/2xxx/CVE-2024-2817.json
new file mode 100644
index 00000000000..a17104be974
--- /dev/null
+++ b/2024/2xxx/CVE-2024-2817.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-2817",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file