admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-09 01:01:03 +00:00
parent 41351cce4b
commit f28632b9df
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
13 changed files with 1046 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
2023/23xxx/CVE-2023-23913.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23913",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rails",
"product": {
"product_data": [
{
"product_name": "rails-ujs",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.7.3",
"status": "affected",
"lessThan": "6.1.7.3",
"versionType": "custom"
},
{
"version": "7.0.4.3",
"status": "affected",
"lessThan": "7.0.4.3",
"versionType": "custom"
},
{
"version": "5.1.0",
"status": "unaffected",
"lessThan": "5.1.0",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263",
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263"
},
{
"url": "https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468",
"refsource": "MISC",
"name": "https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468"
},
{
"url": "https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd",
"refsource": "MISC",
"name": "https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240605-0007/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240605-0007/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5389",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5389"
}
]
}

54
2023/27xxx/CVE-2023-27531.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27531",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rails",
"product": {
"product_data": [
{
"product_name": "Kredis JSON",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.3.0.1",
"version_value": "1.3.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.rubyonrails.org/t/cve-2023-27531-possible-deserialization-of-untrusted-data-vulnerability-in-kredis-json/82467",
"refsource": "MISC",
"name": "https://discuss.rubyonrails.org/t/cve-2023-27531-possible-deserialization-of-untrusted-data-vulnerability-in-kredis-json/82467"
}
]
}

89
2023/27xxx/CVE-2023-27539.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27539",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a denial of service vulnerability in the header parsing component of Rack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rails",
"product": {
"product_data": [
{
"product_name": "Rack",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.6.4",
"version_value": "2.2.6.4"
},
{
"version_affected": "<",
"version_name": "3.0.6.1",
"version_value": "3.0.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466",
"refsource": "MISC",
"name": "https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466"
},
{
"url": "https://github.com/advisories/GHSA-c6qg-cjj8-47qp",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-c6qg-cjj8-47qp"
},
{
"url": "https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c",
"refsource": "MISC",
"name": "https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c"
},
{
"url": "https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff",
"refsource": "MISC",
"name": "https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231208-0016/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20231208-0016/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5530",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5530"
}
]
}

84
2023/28xxx/CVE-2023-28120.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28120",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rails",
"product": {
"product_data": [
{
"product_name": "ActiveSupport",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.0.4.3",
"version_value": "7.0.4.3"
},
{
"version_affected": "<",
"version_name": "6.1.7.3",
"version_value": "6.1.7.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469",
"refsource": "MISC",
"name": "https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469"
},
{
"url": "https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70",
"refsource": "MISC",
"name": "https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240202-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240202-0006/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5389",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5389"
}
]
}

74
2023/28xxx/CVE-2023-28362.json
View File

@ -1,17 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28362",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rails",
"product": {
"product_data": [
{
"product_name": "Action Pack",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.0.5.1",
"version_value": "7.0.5.1"
},
{
"version_affected": "<",
"version_name": "6.1.7.4",
"version_value": "6.1.7.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132",
"refsource": "MISC",
"name": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132"
},
{
"url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf"
},
{
"url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441",
"refsource": "MISC",
"name": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441"
},
{
"url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5",
"refsource": "MISC",
"name": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5"
}
]
}

84
2023/38xxx/CVE-2023-38037.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38037",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ActiveSupport::EncryptedFile writes contents that will be encrypted to a\r\ntemporary file. The temporary file's permissions are defaulted to the user's\r\ncurrent `umask` settings, meaning that it's possible for other users on the\r\nsame system to read the contents of the temporary file.\r\n\r\nAttackers that have access to the file system could possibly read the contents\r\nof this temporary file while a user is editing it.\r\n\r\nAll users running an affected release should either upgrade or use one of the\r\nworkarounds immediately."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rails",
"product": {
"product_data": [
{
"product_name": "ActiveSupport",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": ">= 5.2.0",
"status": "affected",
"lessThan": ">= 5.2.0",
"versionType": "custom"
},
{
"version": "5.2.0",
"status": "unaffected",
"lessThan": "5.2.0",
"versionType": "semver"
},
{
"version": "7.0.7.1, 6.1.7.5",
"status": "unaffected",
"lessThan": "7.0.7.1, 6.1.7.5",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544",
"refsource": "MISC",
"name": "https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
]
}

114
2024/13xxx/CVE-2024-13196.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13196",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in donglight bookstore\u7535\u5546\u4e66\u57ce\u7cfb\u7edf\u8bf4\u660e 1.0.0. It has been declared as problematic. This vulnerability affects the function BookSearchList of the file src/main/java/org/zdd/bookstore/web/controller/BookInfoController.java. The manipulation of the argument keywords leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In donglight bookstore\u7535\u5546\u4e66\u57ce\u7cfb\u7edf\u8bf4\u660e 1.0.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um die Funktion BookSearchList der Datei src/main/java/org/zdd/bookstore/web/controller/BookInfoController.java. Durch die Manipulation des Arguments keywords mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "donglight",
"product": {
"product_data": [
{
"product_name": "bookstore\u7535\u5546\u4e66\u57ce\u7cfb\u7edf\u8bf4\u660e",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.290788",
"refsource": "MISC",
"name": "https://vuldb.com/?id.290788"
},
{
"url": "https://vuldb.com/?ctiid.290788",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.290788"
},
{
"url": "https://vuldb.com/?submit.469771",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.469771"
},
{
"url": "https://github.com/donglight/bookstore/issues/12",
"refsource": "MISC",
"name": "https://github.com/donglight/bookstore/issues/12"
},
{
"url": "https://github.com/donglight/bookstore/issues/12#issue-2760934170",
"refsource": "MISC",
"name": "https://github.com/donglight/bookstore/issues/12#issue-2760934170"
}
]
},
"credits": [
{
"lang": "en",
"value": "LVZC2 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

114
2024/13xxx/CVE-2024-13197.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13197",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in donglight bookstore\u7535\u5546\u4e66\u57ce\u7cfb\u7edf\u8bf4\u660e 1.0.0. It has been rated as problematic. This issue affects the function updateUser of the file src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in donglight bookstore\u7535\u5546\u4e66\u57ce\u7cfb\u7edf\u8bf4\u660e 1.0.0 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um die Funktion updateUser der Datei src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "donglight",
"product": {
"product_data": [
{
"product_name": "bookstore\u7535\u5546\u4e66\u57ce\u7cfb\u7edf\u8bf4\u660e",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.290789",
"refsource": "MISC",
"name": "https://vuldb.com/?id.290789"
},
{
"url": "https://vuldb.com/?ctiid.290789",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.290789"
},
{
"url": "https://vuldb.com/?submit.469772",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.469772"
},
{
"url": "https://github.com/donglight/bookstore/issues/13",
"refsource": "MISC",
"name": "https://github.com/donglight/bookstore/issues/13"
},
{
"url": "https://github.com/donglight/bookstore/issues/13#issue-2760943787",
"refsource": "MISC",
"name": "https://github.com/donglight/bookstore/issues/13#issue-2760943787"
}
]
},
"credits": [
{
"lang": "en",
"value": "LVZC2 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

109
2024/13xxx/CVE-2024-13198.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13198",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in langhsu Mblog Blog System 3.5.0 entdeckt. Es betrifft eine unbekannte Funktion der Datei /login. Mittels dem Manipulieren mit unbekannten Daten kann eine observable response discrepancy-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Observable Response Discrepancy",
"cweId": "CWE-204"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Information Exposure Through Discrepancy",
"cweId": "CWE-203"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "langhsu",
"product": {
"product_data": [
{
"product_name": "Mblog Blog System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.290790",
"refsource": "MISC",
"name": "https://vuldb.com/?id.290790"
},
{
"url": "https://vuldb.com/?ctiid.290790",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.290790"
},
{
"url": "https://vuldb.com/?submit.470429",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.470429"
},
{
"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/mblog/ObservableDiscrepancy-UserLogin.md",
"refsource": "MISC",
"name": "https://github.com/cydtseng/Vulnerability-Research/blob/main/mblog/ObservableDiscrepancy-UserLogin.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "vastzero (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.7,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"
}
]
}

109
2024/13xxx/CVE-2024-13199.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13199",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in langhsu Mblog Blog System 3.5.0. Affected by this vulnerability is an unknown functionality of the file /search of the component Search Bar. The manipulation of the argument kw leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In langhsu Mblog Blog System 3.5.0 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /search der Komponente Search Bar. Mittels Manipulieren des Arguments kw mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "langhsu",
"product": {
"product_data": [
{
"product_name": "Mblog Blog System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.290791",
"refsource": "MISC",
"name": "https://vuldb.com/?id.290791"
},
{
"url": "https://vuldb.com/?ctiid.290791",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.290791"
},
{
"url": "https://vuldb.com/?submit.470430",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.470430"
},
{
"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/mblog/ReflectedXSS-Search.md",
"refsource": "MISC",
"name": "https://github.com/cydtseng/Vulnerability-Research/blob/main/mblog/ReflectedXSS-Search.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "vastzero (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

94
2024/27xxx/CVE-2024-27980.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Node.js",
"product": {
"product_data": [
{
"product_name": "Node.js",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "21.7.0",
"version_value": "21.7.0"
},
{
"version_affected": "<=",
"version_name": "20.11.1",
"version_value": "20.11.1"
},
{
"version_affected": "<=",
"version_name": "18.19.1",
"version_value": "18.19.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/15",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/04/10/15"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/11/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/11/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/19/3"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MZN6PFXHTCCUENAKZXTGWPKUAHI6E2W/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MZN6PFXHTCCUENAKZXTGWPKUAHI6E2W/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUWBYDVCUSCX7YWTBX75LADMCVYFBGKU/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUWBYDVCUSCX7YWTBX75LADMCVYFBGKU/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH"
}
]
}

74
2024/37xxx/CVE-2024-37372.json
View File

@ -1,17 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37372",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Permission Model assumes that any path starting with two backslashes \\ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nodejs",
"product": {
"product_data": [
{
"product_name": "node",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "20.15.0",
"version_value": "20.15.0"
},
{
"version_affected": "<=",
"version_name": "22.4.0",
"version_value": "22.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/11/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/11/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/19/3"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 3.6,
"baseSeverity": "LOW"
}
]
}

2
2024/53xxx/CVE-2024-53564.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A serious vulnerability was discovered in FreePBX 17.0.19.17. FreePBX does not verify the type of uploaded files and does not restrict user access paths, allowing attackers to remotely control the FreePBX server by uploading malicious files with malicious content and accessing the default directory where the files are uploaded. This will result in particularly serious consequences."
"value": "** DISPUTED ** A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are intentionally allowed to do."
}
]
},