diff --git a/2020/36xxx/CVE-2020-36662.json b/2020/36xxx/CVE-2020-36662.json index a7856f88a6c..cc217bdeab9 100644 --- a/2020/36xxx/CVE-2020-36662.json +++ b/2020/36xxx/CVE-2020-36662.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-36662", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2023/26xxx/CVE-2023-26566.json b/2023/26xxx/CVE-2023-26566.json index d79730bc43d..0a8166763be 100644 --- a/2023/26xxx/CVE-2023-26566.json +++ b/2023/26xxx/CVE-2023-26566.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-26566", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-26566", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface (ARI), which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://qsecure.com.cy/resources/advisories/sangoma-freepbx-linux-hardcoded-credentials", + "url": "https://qsecure.com.cy/resources/advisories/sangoma-freepbx-linux-hardcoded-credentials" } ] } diff --git a/2023/26xxx/CVE-2023-26863.json b/2023/26xxx/CVE-2023-26863.json index 637e643c660..5087843bce4 100644 --- a/2023/26xxx/CVE-2023-26863.json +++ b/2023/26xxx/CVE-2023-26863.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2023-26863", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2023/29xxx/CVE-2023-29579.json b/2023/29xxx/CVE-2023-29579.json index c8bb88cf335..01a2341a55a 100644 --- a/2023/29xxx/CVE-2023-29579.json +++ b/2023/29xxx/CVE-2023-29579.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf." + "value": "** DISPUTED ** yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code." } ] }, diff --git a/2023/29xxx/CVE-2023-29582.json b/2023/29xxx/CVE-2023-29582.json index e0f912bff45..02a7982c186 100644 --- a/2023/29xxx/CVE-2023-29582.json +++ b/2023/29xxx/CVE-2023-29582.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c." + "value": "** DISPUTED ** yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code." } ] }, @@ -61,6 +61,11 @@ "url": "https://github.com/z1r00/fuzz_vuln/blob/main/yasm/stack-overflow/parse_expr1/readme.md", "refsource": "MISC", "name": "https://github.com/z1r00/fuzz_vuln/blob/main/yasm/stack-overflow/parse_expr1/readme.md" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2189601#c3", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189601#c3" } ] } diff --git a/2023/29xxx/CVE-2023-29583.json b/2023/29xxx/CVE-2023-29583.json index 33ca6033ec8..fb7065cf086 100644 --- a/2023/29xxx/CVE-2023-29583.json +++ b/2023/29xxx/CVE-2023-29583.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c." + "value": "** DISPUTED ** yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code." } ] }, diff --git a/2023/30xxx/CVE-2023-30402.json b/2023/30xxx/CVE-2023-30402.json index ffd6eb4914f..963ab1340c1 100644 --- a/2023/30xxx/CVE-2023-30402.json +++ b/2023/30xxx/CVE-2023-30402.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re." + "value": "** DISPUTED ** YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code." } ] }, diff --git a/2024/27xxx/CVE-2024-27269.json b/2024/27xxx/CVE-2024-27269.json index 044777fa47c..48196ba862c 100644 --- a/2024/27xxx/CVE-2024-27269.json +++ b/2024/27xxx/CVE-2024-27269.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27269", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-286 Incorrect User Management", + "cweId": "CWE-286" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "QRadar SIEM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7150684", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7150684" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284575", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284575" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/33xxx/CVE-2024-33623.json b/2024/33xxx/CVE-2024-33623.json new file mode 100644 index 00000000000..6ef56e891d8 --- /dev/null +++ b/2024/33xxx/CVE-2024-33623.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-33623", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/33xxx/CVE-2024-33818.json b/2024/33xxx/CVE-2024-33818.json index d24179b8860..f194bf0e0a4 100644 --- a/2024/33xxx/CVE-2024-33818.json +++ b/2024/33xxx/CVE-2024-33818.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-33818", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-33818", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via the userID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://medium.com/@rajput.thakur/insecure-direct-object-references-cve-2024-33818-86785aa8c969", + "url": "https://medium.com/@rajput.thakur/insecure-direct-object-references-cve-2024-33818-86785aa8c969" } ] } diff --git a/2024/33xxx/CVE-2024-33819.json b/2024/33xxx/CVE-2024-33819.json index a7f74b66d22..fdfadb87a69 100644 --- a/2024/33xxx/CVE-2024-33819.json +++ b/2024/33xxx/CVE-2024-33819.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-33819", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-33819", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Save Query function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://medium.com/@rajput.thakur/speechlog-v-8-1-stored-cross-site-scripting-cve-2024-33819-1b1164fb0ecd", + "url": "https://medium.com/@rajput.thakur/speechlog-v-8-1-stored-cross-site-scripting-cve-2024-33819-1b1164fb0ecd" } ] } diff --git a/2024/34xxx/CVE-2024-34199.json b/2024/34xxx/CVE-2024-34199.json index 5e50ff99b1d..f8e13747950 100644 --- a/2024/34xxx/CVE-2024-34199.json +++ b/2024/34xxx/CVE-2024-34199.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-34199", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-34199", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/DMCERTCE/PoC_Tiny_Overflow", + "url": "https://github.com/DMCERTCE/PoC_Tiny_Overflow" } ] } diff --git a/2024/34xxx/CVE-2024-34245.json b/2024/34xxx/CVE-2024-34245.json index 5b426fd8579..864b4f89610 100644 --- a/2024/34xxx/CVE-2024-34245.json +++ b/2024/34xxx/CVE-2024-34245.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-34245", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-34245", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/Stoocea/Vulnerability-analysis-Notes/blob/main/cms/DedeCMS-V5.7.114%20%20Arbitrary%20file%20read%20vulnerability.md", + "url": "https://github.com/Stoocea/Vulnerability-analysis-Notes/blob/main/cms/DedeCMS-V5.7.114%20%20Arbitrary%20file%20read%20vulnerability.md" } ] } diff --git a/2024/4xxx/CVE-2024-4723.json b/2024/4xxx/CVE-2024-4723.json index 8f9b64c1e95..479d2ac03fe 100644 --- a/2024/4xxx/CVE-2024-4723.json +++ b/2024/4xxx/CVE-2024-4723.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in Campcodes Legal Case Management System 1.0. This issue affects some unknown processing of the file /admin/case-status. The manipulation of the argument case_status leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263801 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Campcodes Legal Case Management System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /admin/case-status. Durch Beeinflussen des Arguments case_status mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Legal Case Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.263801", + "refsource": "MISC", + "name": "https://vuldb.com/?id.263801" + }, + { + "url": "https://vuldb.com/?ctiid.263801", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.263801" + }, + { + "url": "https://vuldb.com/?submit.331982", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.331982" + }, + { + "url": "https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_case-status.md", + "refsource": "MISC", + "name": "https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_case-status.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yylm (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/4xxx/CVE-2024-4724.json b/2024/4xxx/CVE-2024-4724.json index c52d38ee513..50318ef4e58 100644 --- a/2024/4xxx/CVE-2024-4724.json +++ b/2024/4xxx/CVE-2024-4724.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in Campcodes Legal Case Management System 1.0. Affected is an unknown function of the file /admin/case-type. The manipulation of the argument case_type_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263802 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Campcodes Legal Case Management System 1.0 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/case-type. Dank der Manipulation des Arguments case_type_name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Legal Case Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.263802", + "refsource": "MISC", + "name": "https://vuldb.com/?id.263802" + }, + { + "url": "https://vuldb.com/?ctiid.263802", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.263802" + }, + { + "url": "https://vuldb.com/?submit.331983", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.331983" + }, + { + "url": "https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_case-type.md", + "refsource": "MISC", + "name": "https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_case-type.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yylm (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/4xxx/CVE-2024-4725.json b/2024/4xxx/CVE-2024-4725.json index b637b1003db..983b5049701 100644 --- a/2024/4xxx/CVE-2024-4725.json +++ b/2024/4xxx/CVE-2024-4725.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Campcodes Legal Case Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/client_user. The manipulation of the argument f_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263803." + }, + { + "lang": "deu", + "value": "In Campcodes Legal Case Management System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/client_user. Dank Manipulation des Arguments f_name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Legal Case Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.263803", + "refsource": "MISC", + "name": "https://vuldb.com/?id.263803" + }, + { + "url": "https://vuldb.com/?ctiid.263803", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.263803" + }, + { + "url": "https://vuldb.com/?submit.331988", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.331988" + }, + { + "url": "https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_client_user.md", + "refsource": "MISC", + "name": "https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_client_user.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yylm (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/4xxx/CVE-2024-4762.json b/2024/4xxx/CVE-2024-4762.json new file mode 100644 index 00000000000..7906d6c913d --- /dev/null +++ b/2024/4xxx/CVE-2024-4762.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4762", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4763.json b/2024/4xxx/CVE-2024-4763.json new file mode 100644 index 00000000000..d7be565efd3 --- /dev/null +++ b/2024/4xxx/CVE-2024-4763.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4763", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file