From fce4c465c02d9794f5374312fef49a7574eef32e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 30 Apr 2024 22:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/31xxx/CVE-2024-31151.json | 18 +++++++ 2024/4xxx/CVE-2024-4348.json | 95 ++++++++++++++++++++++++++++++++-- 2024/4xxx/CVE-2024-4383.json | 18 +++++++ 2024/4xxx/CVE-2024-4384.json | 18 +++++++ 4 files changed, 145 insertions(+), 4 deletions(-) create mode 100644 2024/31xxx/CVE-2024-31151.json create mode 100644 2024/4xxx/CVE-2024-4383.json create mode 100644 2024/4xxx/CVE-2024-4384.json diff --git a/2024/31xxx/CVE-2024-31151.json b/2024/31xxx/CVE-2024-31151.json new file mode 100644 index 00000000000..94871f5454f --- /dev/null +++ b/2024/31xxx/CVE-2024-31151.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31151", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4348.json b/2024/4xxx/CVE-2024-4348.json index c539a1bd357..5667d6c925e 100644 --- a/2024/4xxx/CVE-2024-4348.json +++ b/2024/4xxx/CVE-2024-4348.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4348", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262488. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in osCommerce 4 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /catalog/all-products. Mittels Manipulieren des Arguments cat mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "osCommerce", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.262488", + "refsource": "MISC", + "name": "https://vuldb.com/?id.262488" + }, + { + "url": "https://vuldb.com/?ctiid.262488", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.262488" + }, + { + "url": "https://vuldb.com/?submit.320855", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.320855" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "skalvin (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2024/4xxx/CVE-2024-4383.json b/2024/4xxx/CVE-2024-4383.json new file mode 100644 index 00000000000..43c47161332 --- /dev/null +++ b/2024/4xxx/CVE-2024-4383.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4383", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4384.json b/2024/4xxx/CVE-2024-4384.json new file mode 100644 index 00000000000..34ef448c02b --- /dev/null +++ b/2024/4xxx/CVE-2024-4384.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4384", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file