From f2d46693d362ef4b7ea98ffe3c504caec6660b8b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 13 Jan 2024 00:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4962.json | 99 +++++++++++++++++++++++++++-- 2024/0xxx/CVE-2024-0057.json | 36 +++++++++++ 2024/0xxx/CVE-2024-0230.json | 54 ++++++++++++++-- 2024/0xxx/CVE-2024-0475.json | 95 +++++++++++++++++++++++++-- 2024/20xxx/CVE-2024-20674.json | 6 +- 2024/21xxx/CVE-2024-21307.json | 12 ++++ 2024/22xxx/CVE-2024-22137.json | 85 +++++++++++++++++++++++-- 2024/22xxx/CVE-2024-22142.json | 113 +++++++++++++++++++++++++++++++-- 2024/23xxx/CVE-2024-23302.json | 18 ++++++ 9 files changed, 495 insertions(+), 23 deletions(-) create mode 100644 2024/23xxx/CVE-2024-23302.json diff --git a/2022/4xxx/CVE-2022-4962.json b/2022/4xxx/CVE-2022-4962.json index 14ff9bbeebd..db233730b67 100644 --- a/2022/4xxx/CVE-2022-4962.json +++ b/2022/4xxx/CVE-2022-4962.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4962", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** DISPUTED ** A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive." + }, + { + "lang": "deu", + "value": "** DISPUTED ** Eine Schwachstelle wurde in Apollo 2.0.0/2.0.1 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /users der Komponente Configuration Center. Durch Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Bisher konnte die Existenz der vermeintlichen Schwachstelle noch nicht eindeutig nachgewiesen werden." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 Improper Authorization", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apollo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.250430", + "refsource": "MISC", + "name": "https://vuldb.com/?id.250430" + }, + { + "url": "https://vuldb.com/?ctiid.250430", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.250430" + }, + { + "url": "https://github.com/apolloconfig/apollo/issues/4684", + "refsource": "MISC", + "name": "https://github.com/apolloconfig/apollo/issues/4684" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "puppy (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N" } ] } diff --git a/2024/0xxx/CVE-2024-0057.json b/2024/0xxx/CVE-2024-0057.json index 16cc59a8dde..5ae2d6f10b9 100644 --- a/2024/0xxx/CVE-2024-0057.json +++ b/2024/0xxx/CVE-2024-0057.json @@ -118,6 +118,42 @@ ] } }, + { + "product_name": "PowerShell 7.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.2.0", + "version_value": "7.2.18" + } + ] + } + }, + { + "product_name": "PowerShell 7.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.3.0", + "version_value": "7.3.11" + } + ] + } + }, + { + "product_name": "PowerShell 7.4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.4.0", + "version_value": "7.4.1" + } + ] + } + }, { "product_name": "Microsoft .NET Framework 4.8", "version": { diff --git a/2024/0xxx/CVE-2024-0230.json b/2024/0xxx/CVE-2024-0230.json index c8b135c4d66..50a15b35a64 100644 --- a/2024/0xxx/CVE-2024-0230.json +++ b/2024/0xxx/CVE-2024-0230.json @@ -1,17 +1,63 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0230", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "Magic Keyboard Firmware Update", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "2.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/en-us/HT214050", + "refsource": "MISC", + "name": "https://support.apple.com/en-us/HT214050" } ] } diff --git a/2024/0xxx/CVE-2024-0475.json b/2024/0xxx/CVE-2024-0475.json index a7619908f54..95e1eef8ed0 100644 --- a/2024/0xxx/CVE-2024-0475.json +++ b/2024/0xxx/CVE-2024-0475.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0475", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250580." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in code-projects Dormitory Management System 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei modifyuser.php. Dank der Manipulation des Arguments user_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Dormitory Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.250580", + "refsource": "MISC", + "name": "https://vuldb.com/?id.250580" + }, + { + "url": "https://vuldb.com/?ctiid.250580", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.250580" + }, + { + "url": "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20modifyuser.php.pdf", + "refsource": "MISC", + "name": "https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20modifyuser.php.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "FirePunch (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/20xxx/CVE-2024-20674.json b/2024/20xxx/CVE-2024-20674.json index 7cb9c5e0650..c51e6f96984 100644 --- a/2024/20xxx/CVE-2024-20674.json +++ b/2024/20xxx/CVE-2024-20674.json @@ -341,9 +341,9 @@ "cvss": [ { "version": "3.1", - "baseSeverity": "CRITICAL", - "baseScore": 9, - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C" + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/21xxx/CVE-2024-21307.json b/2024/21xxx/CVE-2024-21307.json index 52ec51819e4..90c5ad2eec2 100644 --- a/2024/21xxx/CVE-2024-21307.json +++ b/2024/21xxx/CVE-2024-21307.json @@ -70,6 +70,18 @@ ] } }, + { + "product_name": "Remote Desktop client for Windows Desktop", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.2.0.0", + "version_value": "1.2.5105.0" + } + ] + } + }, { "product_name": "Windows Server 2022", "version": { diff --git a/2024/22xxx/CVE-2024-22137.json b/2024/22xxx/CVE-2024-22137.json index 056a2d9789b..8dad0127422 100644 --- a/2024/22xxx/CVE-2024-22137.json +++ b/2024/22xxx/CVE-2024-22137.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22137", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MailMunch", + "product": { + "product_data": [ + { + "product_name": "Constant Contact Forms by MailMunch", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.0.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/constant-contact-forms-by-mailmunch/wordpress-constant-contact-forms-by-mailmunch-plugin-2-0-11-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/constant-contact-forms-by-mailmunch/wordpress-constant-contact-forms-by-mailmunch-plugin-2-0-11-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Abu Hurayra (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22142.json b/2024/22xxx/CVE-2024-22142.json index 14ebf7d287b..f845e0b4294 100644 --- a/2024/22xxx/CVE-2024-22142.json +++ b/2024/22xxx/CVE-2024-22142.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22142", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cozmoslabs", + "product": { + "product_data": [ + { + "product_name": "Profile Builder Pro", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.10.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.10.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.10.1 or a higher version." + } + ], + "value": "Update to\u00a03.10.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dave Jong (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/23xxx/CVE-2024-23302.json b/2024/23xxx/CVE-2024-23302.json new file mode 100644 index 00000000000..269ef763d83 --- /dev/null +++ b/2024/23xxx/CVE-2024-23302.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-23302", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file