admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-10 16:00:33 +00:00
parent e5ef3e4292
commit fa13594e69
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
17 changed files with 977 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2022/37xxx/CVE-2022-37601.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js."
"value": "Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3."
}
]
},

9
2023/6xxx/CVE-2023-6799.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The WP Reset \u2013 Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.99 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames."
"value": "The WP Reset \u2013 Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames. Please note that the vendor does not plan to do any further hardening on this functionality."
}
]
},
@ -41,7 +41,7 @@
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.99"
"version_value": "2.0"
}
]
}
@ -63,6 +63,11 @@
"url": "https://plugins.trac.wordpress.org/changeset?old_path=/wp-reset/tags/1.99&old=3059287&new_path=/wp-reset/tags/2.0&new=3059287&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?old_path=/wp-reset/tags/1.99&old=3059287&new_path=/wp-reset/tags/2.0&new=3059287&sfp_email=&sfph_mail="
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3071811%40wp-reset&new=3071811%40wp-reset&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3071811%40wp-reset&new=3071811%40wp-reset&sfp_email=&sfph_mail="
}
]
},

104
2024/28xxx/CVE-2024-28781.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28781",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0",
"version_value": "7.0.5.20"
},
{
"version_affected": "<=",
"version_name": "7.1",
"version_value": "7.1.2.16"
},
{
"version_affected": "<=",
"version_name": "7.2",
"version_value": "7.2.3.9"
},
{
"version_affected": "<=",
"version_name": "7.3",
"version_value": "7.3.2.4"
},
{
"version_affected": "<=",
"version_name": "8.0",
"version_value": "8.0.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7150747",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7150747"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285654",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285654"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

66
2024/30xxx/CVE-2024-30801.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30801",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-30801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://cloud.com",
"refsource": "MISC",
"name": "http://cloud.com"
},
{
"url": "http://www.minipacs.com/ylqxrj",
"refsource": "MISC",
"name": "http://www.minipacs.com/ylqxrj"
},
{
"url": "https://github.com/WarmBrew/web_vul/blob/main/Cloud%20based%20customer%20service/SQLi.md",
"refsource": "MISC",
"name": "https://github.com/WarmBrew/web_vul/blob/main/Cloud%20based%20customer%20service/SQLi.md"
}
]
}

56
2024/30xxx/CVE-2024-30802.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30802",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-30802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/WarmBrew/web_vul/blob/main/TTX.md",
"refsource": "MISC",
"name": "https://github.com/WarmBrew/web_vul/blob/main/TTX.md"
}
]
}

84
2024/32xxx/CVE-2024-32655.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Npgsql is the .NET data provider for PostgreSQL. In 8.0.2 and earlier, The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is too small when constructing a Postgres protocol message to send it over the network to the database. When parsing the message, the database will only read a small number of bytes and treat any following bytes as new messages while they belong to the old message. Attackers can abuse this to inject arbitrary Postgres protocol messages into the connection, leading to the execution of arbitrary SQL statements on the application's behalf."
"value": "Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is too small when constructing a Postgres protocol message to send it over the network to the database. When parsing the message, the database will only read a small number of bytes and treat any following bytes as new messages while they belong to the old message. Attackers can abuse this to inject arbitrary Postgres protocol messages into the connection, leading to the execution of arbitrary SQL statements on the application's behalf. This vulnerability is fixed in 4.0.14, 4.1.13, 5.0.18, 6.0.11, 7.0.7, and 8.0.3."
}
]
},
@ -50,7 +50,27 @@
"version_data": [
{
"version_affected": "=",
"version_value": "<= 8.0.2"
"version_value": ">= 4.0.0, < 4.0.14"
},
{
"version_affected": "=",
"version_value": ">= 4.1.0, < 4.1.13"
},
{
"version_affected": "=",
"version_value": ">= 5.0.0, < 5.0.18"
},
{
"version_affected": "=",
"version_value": ">= 6.0.0, < 6.0.11"
},
{
"version_affected": "=",
"version_value": ">= 7.0.0, < 7.0.7"
},
{
"version_affected": "=",
"version_value": ">= 8.0.0, < 8.0.3"
}
]
}
@ -68,10 +88,70 @@
"refsource": "MISC",
"name": "https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c"
},
{
"url": "https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928",
"refsource": "MISC",
"name": "https://github.com/npgsql/npgsql/commit/091655eed0c84e502ab424950c930339d17c1928"
},
{
"url": "https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0",
"refsource": "MISC",
"name": "https://github.com/npgsql/npgsql/commit/3183efb2bdcca159c8c2e22af57e18ea8f853cf0"
},
{
"url": "https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169",
"refsource": "MISC",
"name": "https://github.com/npgsql/npgsql/commit/67acbe027e28477ac2199e15cfb554bb2ffaf169"
},
{
"url": "https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b",
"refsource": "MISC",
"name": "https://github.com/npgsql/npgsql/commit/703d9af8fa48dfe8c0180e36edb8278f34342d7b"
},
{
"url": "https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af",
"refsource": "MISC",
"name": "https://github.com/npgsql/npgsql/commit/a22a42d8141d7a3528f43c02c095a409507cf1af"
},
{
"url": "https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56",
"refsource": "MISC",
"name": "https://github.com/npgsql/npgsql/commit/e34e2ba8042e666d9af54a1b255fba4d5b11df56"
},
{
"url": "https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6",
"refsource": "MISC",
"name": "https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6"
},
{
"url": "https://github.com/npgsql/npgsql/releases/tag/v4.0.14",
"refsource": "MISC",
"name": "https://github.com/npgsql/npgsql/releases/tag/v4.0.14"
},
{
"url": "https://github.com/npgsql/npgsql/releases/tag/v4.1.13",
"refsource": "MISC",
"name": "https://github.com/npgsql/npgsql/releases/tag/v4.1.13"
},
{
"url": "https://github.com/npgsql/npgsql/releases/tag/v5.0.18",
"refsource": "MISC",
"name": "https://github.com/npgsql/npgsql/releases/tag/v5.0.18"
},
{
"url": "https://github.com/npgsql/npgsql/releases/tag/v6.0.11",
"refsource": "MISC",
"name": "https://github.com/npgsql/npgsql/releases/tag/v6.0.11"
},
{
"url": "https://github.com/npgsql/npgsql/releases/tag/v7.0.7",
"refsource": "MISC",
"name": "https://github.com/npgsql/npgsql/releases/tag/v7.0.7"
},
{
"url": "https://github.com/npgsql/npgsql/releases/tag/v8.0.3",
"refsource": "MISC",
"name": "https://github.com/npgsql/npgsql/releases/tag/v8.0.3"
}
]
},

90
2024/34xxx/CVE-2024-34070.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34070",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on the Login attempt, which will then be executed when viewed by the Administrator in the System Logs. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. This vulnerability is fixed in 2.1.9.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "froxlor",
"product": {
"product_data": [
{
"product_name": "Froxlor",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.1.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53",
"refsource": "MISC",
"name": "https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53"
},
{
"url": "https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6",
"refsource": "MISC",
"name": "https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6"
}
]
},
"source": {
"advisory": "GHSA-x525-54hf-xr53",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2024/34xxx/CVE-2024-34166.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

85
2024/34xxx/CVE-2024-34349.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34349",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The code will be executed while using an autocomplete field with one of the listed entities in the Admin Panel. Also for the taxons in the category tree on the product form.The issue is fixed in versions: 1.12.16, 1.13.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sylius",
"product": {
"product_data": [
{
"product_name": "Sylius",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.12.16"
},
{
"version_affected": "=",
"version_value": ">= 1.13.0-alpha.1, < 1.13.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-v2f9-rv6w-vw8r",
"refsource": "MISC",
"name": "https://github.com/Sylius/Sylius/security/advisories/GHSA-v2f9-rv6w-vw8r"
},
{
"url": "https://github.com/Sylius/Sylius/commit/ba4b66da5af88cdb1bba6174de8bdf42f4853e12",
"refsource": "MISC",
"name": "https://github.com/Sylius/Sylius/commit/ba4b66da5af88cdb1bba6174de8bdf42f4853e12"
}
]
},
"source": {
"advisory": "GHSA-v2f9-rv6w-vw8r",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

86
2024/34xxx/CVE-2024-34360.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34360",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions (ATXs) which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an identity. Allowing Smeshers to reference an earlier (but not the latest) ATX as previous breaks this protocol rule and can serve as an attack vector where Nodes are rewarded for holding their PoST data for less than one epoch but still being eligible for rewards. This vulnerability is fixed in go-spacemesh 1.5.2-hotfix1 and Spacemesh API 1.37.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"cweId": "CWE-754"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "spacemeshos",
"product": {
"product_data": [
{
"product_name": "go-spacemesh",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.5.2-hotfix1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/spacemeshos/go-spacemesh/security/advisories/GHSA-jcqq-g64v-gcm7",
"refsource": "MISC",
"name": "https://github.com/spacemeshos/go-spacemesh/security/advisories/GHSA-jcqq-g64v-gcm7"
},
{
"url": "https://github.com/spacemeshos/api/commit/1d5bd972bbe225d024c3e0ae5214ddb6b481716e",
"refsource": "MISC",
"name": "https://github.com/spacemeshos/api/commit/1d5bd972bbe225d024c3e0ae5214ddb6b481716e"
},
{
"url": "https://github.com/spacemeshos/go-spacemesh/commit/9aff88d54be809ac43d60e8a8b4d65359c356b87",
"refsource": "MISC",
"name": "https://github.com/spacemeshos/go-spacemesh/commit/9aff88d54be809ac43d60e8a8b4d65359c356b87"
}
]
},
"source": {
"advisory": "GHSA-jcqq-g64v-gcm7",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
]
}

86
2024/34xxx/CVE-2024-34695.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34695",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on \"create\" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously requests bypasses the cooldown validation, however are not refreshing a user's metrics more than once, due to concurrent karma updates. This issue is fixed in 0.17.4.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-799: Improper Control of Interaction Frequency",
"cweId": "CWE-799"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SakuraIsayeki",
"product": {
"product_data": [
{
"product_name": "WOWS-Karma",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 0.17.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/SakuraIsayeki/WOWS-Karma/security/advisories/GHSA-v6cc-v976-mj8g",
"refsource": "MISC",
"name": "https://github.com/SakuraIsayeki/WOWS-Karma/security/advisories/GHSA-v6cc-v976-mj8g"
},
{
"url": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/3210b516fa3551e30fe760c915f7656d9046e69a",
"refsource": "MISC",
"name": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/3210b516fa3551e30fe760c915f7656d9046e69a"
},
{
"url": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/6cb825976f28c68d79172aeda00e955bf5853de2",
"refsource": "MISC",
"name": "https://github.com/SakuraIsayeki/WOWS-Karma/commit/6cb825976f28c68d79172aeda00e955bf5853de2"
}
]
},
"source": {
"advisory": "GHSA-v6cc-v976-mj8g",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
}
]
}

8
2024/4xxx/CVE-2024-4631.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4631",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-3557. Reason: This candidate was issued in error and is a duplicate. Please use CVE-2024-3557 instead. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

100
2024/4xxx/CVE-2024-4720.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4720",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /model/approve_petty_cash.php. The manipulation of the argument admin_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263798 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in Campcodes Complete Web-Based School Management System 1.0 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei /model/approve_petty_cash.php. Durch das Manipulieren des Arguments admin_index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Campcodes",
"product": {
"product_data": [
{
"product_name": "Complete Web-Based School Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.263798",
"refsource": "MISC",
"name": "https://vuldb.com/?id.263798"
},
{
"url": "https://vuldb.com/?ctiid.263798",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.263798"
},
{
"url": "https://vuldb.com/?submit.331886",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.331886"
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2043.pdf",
"refsource": "MISC",
"name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2043.pdf"
}
]
},
"credits": [
{
"lang": "en",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

100
2024/4xxx/CVE-2024-4721.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4721",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/add_student_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263799."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Campcodes Complete Web-Based School Management System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /model/add_student_subject.php. Durch Manipulieren des Arguments index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Campcodes",
"product": {
"product_data": [
{
"product_name": "Complete Web-Based School Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.263799",
"refsource": "MISC",
"name": "https://vuldb.com/?id.263799"
},
{
"url": "https://vuldb.com/?ctiid.263799",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.263799"
},
{
"url": "https://vuldb.com/?submit.331887",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.331887"
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2044.pdf",
"refsource": "MISC",
"name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2044.pdf"
}
]
},
"credits": [
{
"lang": "en",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

100
2024/4xxx/CVE-2024-4722.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4722",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument category leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263800."
},
{
"lang": "deu",
"value": "In Campcodes Complete Web-Based School Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei index.php. Durch das Beeinflussen des Arguments category mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Campcodes",
"product": {
"product_data": [
{
"product_name": "Complete Web-Based School Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.263800",
"refsource": "MISC",
"name": "https://vuldb.com/?id.263800"
},
{
"url": "https://vuldb.com/?ctiid.263800",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.263800"
},
{
"url": "https://vuldb.com/?submit.331888",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.331888"
},
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2045.pdf",
"refsource": "MISC",
"name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2045.pdf"
}
]
},
"credits": [
{
"lang": "en",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

18
2024/4xxx/CVE-2024-4760.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4760",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/4xxx/CVE-2024-4761.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4761",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}