From 1b92303ea65bb585447741fd2cbdb4bc8f886ccb Mon Sep 17 00:00:00 2001 From: GSD-automation Date: Fri, 29 Mar 2024 00:05:27 -0500 Subject: [PATCH] Update CVE and NVD data --- 2013/4xxx/GSD-2013-4558.json | 265 +++++++-------- 2018/8xxx/GSD-2018-8822.json | 592 ++++++++++++++++++--------------- 2020/36xxx/GSD-2020-36771.json | 10 +- 2020/36xxx/GSD-2020-36772.json | 10 +- 2021/31xxx/GSD-2021-31156.json | 30 ++ 2022/45xxx/GSD-2022-45850.json | 57 ++++ 2023/23xxx/GSD-2023-23649.json | 57 ++++ 2023/25xxx/GSD-2023-25341.json | 22 ++ 2023/29xxx/GSD-2023-29162.json | 22 +- 2023/33xxx/GSD-2023-33528.json | 26 ++ 2023/34xxx/GSD-2023-34370.json | 61 ++++ 2023/35xxx/GSD-2023-35121.json | 22 +- 2023/36xxx/GSD-2023-36679.json | 57 ++++ 2023/39xxx/GSD-2023-39309.json | 57 ++++ 2023/39xxx/GSD-2023-39313.json | 57 ++++ 2023/40xxx/GSD-2023-40390.json | 22 ++ 2023/42xxx/GSD-2023-42892.json | 30 ++ 2023/42xxx/GSD-2023-42893.json | 46 +++ 2023/42xxx/GSD-2023-42896.json | 38 +++ 2023/42xxx/GSD-2023-42913.json | 22 ++ 2023/42xxx/GSD-2023-42930.json | 30 ++ 2023/42xxx/GSD-2023-42931.json | 30 ++ 2023/42xxx/GSD-2023-42936.json | 42 +++ 2023/42xxx/GSD-2023-42947.json | 42 +++ 2023/42xxx/GSD-2023-42950.json | 38 +++ 2023/42xxx/GSD-2023-42956.json | 30 ++ 2023/42xxx/GSD-2023-42962.json | 26 ++ 2023/42xxx/GSD-2023-42974.json | 38 +++ 2023/45xxx/GSD-2023-45705.json | 45 +++ 2023/45xxx/GSD-2023-45706.json | 45 +++ 2023/45xxx/GSD-2023-45715.json | 45 +++ 2023/45xxx/GSD-2023-45754.json | 162 +++++---- 2023/47xxx/GSD-2023-47038.json | 6 +- 2023/47xxx/GSD-2023-47039.json | 6 +- 2023/50xxx/GSD-2023-50374.json | 57 ++++ 2023/50xxx/GSD-2023-50969.json | 26 ++ 2023/52xxx/GSD-2023-52231.json | 57 ++++ 2023/52xxx/GSD-2023-52234.json | 57 ++++ 2023/52xxx/GSD-2023-52628.json | 38 +++ 2023/6xxx/GSD-2023-6371.json | 61 ++++ 2023/6xxx/GSD-2023-6437.json | 57 ++++ 2024/0xxx/GSD-2024-0259.json | 61 ++++ 2024/0xxx/GSD-2024-0672.json | 22 ++ 2024/0xxx/GSD-2024-0673.json | 22 ++ 2024/0xxx/GSD-2024-0677.json | 22 ++ 2024/1xxx/GSD-2024-1770.json | 4 +- 2024/22xxx/GSD-2024-22138.json | 57 ++++ 2024/23xxx/GSD-2024-23500.json | 57 ++++ 2024/23xxx/GSD-2024-23727.json | 22 ++ 2024/24xxx/GSD-2024-24399.json | 12 +- 2024/24xxx/GSD-2024-24407.json | 26 ++ 2024/24xxx/GSD-2024-24681.json | 14 +- 2024/25xxx/GSD-2024-25506.json | 22 ++ 2024/25xxx/GSD-2024-25599.json | 57 ++++ 2024/25xxx/GSD-2024-25923.json | 57 ++++ 2024/25xxx/GSD-2024-25924.json | 57 ++++ 2024/25xxx/GSD-2024-25946.json | 57 ++++ 2024/25xxx/GSD-2024-25952.json | 57 ++++ 2024/25xxx/GSD-2024-25953.json | 57 ++++ 2024/25xxx/GSD-2024-25954.json | 57 ++++ 2024/25xxx/GSD-2024-25955.json | 57 ++++ 2024/25xxx/GSD-2024-25959.json | 57 ++++ 2024/25xxx/GSD-2024-25960.json | 57 ++++ 2024/25xxx/GSD-2024-25961.json | 57 ++++ 2024/25xxx/GSD-2024-25963.json | 57 ++++ 2024/25xxx/GSD-2024-25971.json | 57 ++++ 2024/27xxx/GSD-2024-27318.json | 10 +- 2024/27xxx/GSD-2024-27319.json | 10 +- 2024/27xxx/GSD-2024-27719.json | 26 ++ 2024/27xxx/GSD-2024-27775.json | 57 ++++ 2024/27xxx/GSD-2024-27999.json | 57 ++++ 2024/28xxx/GSD-2024-28001.json | 57 ++++ 2024/28xxx/GSD-2024-28002.json | 57 ++++ 2024/28xxx/GSD-2024-28003.json | 57 ++++ 2024/28xxx/GSD-2024-28004.json | 57 ++++ 2024/28xxx/GSD-2024-28090.json | 22 ++ 2024/28xxx/GSD-2024-28091.json | 22 ++ 2024/28xxx/GSD-2024-28109.json | 73 ++++ 2024/28xxx/GSD-2024-28456.json | 30 ++ 2024/28xxx/GSD-2024-28713.json | 50 +++ 2024/28xxx/GSD-2024-28714.json | 34 ++ 2024/29xxx/GSD-2024-29090.json | 61 ++++ 2024/29xxx/GSD-2024-29100.json | 61 ++++ 2024/29xxx/GSD-2024-29200.json | 61 ++++ 2024/29xxx/GSD-2024-29227.json | 61 ++++ 2024/29xxx/GSD-2024-29228.json | 61 ++++ 2024/29xxx/GSD-2024-29229.json | 61 ++++ 2024/29xxx/GSD-2024-29230.json | 61 ++++ 2024/29xxx/GSD-2024-29231.json | 61 ++++ 2024/29xxx/GSD-2024-29232.json | 61 ++++ 2024/29xxx/GSD-2024-29233.json | 61 ++++ 2024/29xxx/GSD-2024-29234.json | 61 ++++ 2024/29xxx/GSD-2024-29235.json | 61 ++++ 2024/29xxx/GSD-2024-29236.json | 61 ++++ 2024/29xxx/GSD-2024-29237.json | 61 ++++ 2024/29xxx/GSD-2024-29238.json | 61 ++++ 2024/29xxx/GSD-2024-29239.json | 61 ++++ 2024/29xxx/GSD-2024-29240.json | 61 ++++ 2024/29xxx/GSD-2024-29241.json | 61 ++++ 2024/29xxx/GSD-2024-29316.json | 30 ++ 2024/29xxx/GSD-2024-29489.json | 38 +++ 2024/29xxx/GSD-2024-29882.json | 65 ++++ 2024/29xxx/GSD-2024-29896.json | 65 ++++ 2024/29xxx/GSD-2024-29897.json | 73 ++++ 2024/29xxx/GSD-2024-29898.json | 69 ++++ 2024/2xxx/GSD-2024-2091.json | 4 +- 2024/2xxx/GSD-2024-2110.json | 4 +- 2024/2xxx/GSD-2024-2111.json | 4 +- 2024/2xxx/GSD-2024-2818.json | 61 ++++ 2024/2xxx/GSD-2024-2883.json | 14 +- 2024/2xxx/GSD-2024-2885.json | 14 +- 2024/2xxx/GSD-2024-2886.json | 14 +- 2024/2xxx/GSD-2024-2887.json | 14 +- 2024/2xxx/GSD-2024-2890.json | 61 ++++ 2024/2xxx/GSD-2024-2947.json | 65 ++++ 2024/30xxx/GSD-2024-30200.json | 61 ++++ 2024/30xxx/GSD-2024-30221.json | 61 ++++ 2024/30xxx/GSD-2024-30222.json | 61 ++++ 2024/30xxx/GSD-2024-30223.json | 61 ++++ 2024/30xxx/GSD-2024-30224.json | 61 ++++ 2024/30xxx/GSD-2024-30225.json | 61 ++++ 2024/30xxx/GSD-2024-30226.json | 61 ++++ 2024/30xxx/GSD-2024-30227.json | 61 ++++ 2024/30xxx/GSD-2024-30228.json | 61 ++++ 2024/30xxx/GSD-2024-30229.json | 61 ++++ 2024/30xxx/GSD-2024-30230.json | 61 ++++ 2024/30xxx/GSD-2024-30236.json | 61 ++++ 2024/30xxx/GSD-2024-30237.json | 61 ++++ 2024/30xxx/GSD-2024-30239.json | 61 ++++ 2024/30xxx/GSD-2024-30240.json | 61 ++++ 2024/30xxx/GSD-2024-30241.json | 61 ++++ 2024/30xxx/GSD-2024-30242.json | 61 ++++ 2024/30xxx/GSD-2024-30243.json | 61 ++++ 2024/30xxx/GSD-2024-30244.json | 61 ++++ 2024/30xxx/GSD-2024-30245.json | 61 ++++ 2024/30xxx/GSD-2024-30421.json | 61 ++++ 2024/30xxx/GSD-2024-30422.json | 61 ++++ 2024/30xxx/GSD-2024-30583.json | 26 ++ 2024/30xxx/GSD-2024-30584.json | 26 ++ 2024/30xxx/GSD-2024-30585.json | 26 ++ 2024/30xxx/GSD-2024-30586.json | 26 ++ 2024/30xxx/GSD-2024-30587.json | 26 ++ 2024/30xxx/GSD-2024-30588.json | 26 ++ 2024/30xxx/GSD-2024-30589.json | 26 ++ 2024/30xxx/GSD-2024-30590.json | 26 ++ 2024/30xxx/GSD-2024-30591.json | 26 ++ 2024/30xxx/GSD-2024-30592.json | 26 ++ 2024/30xxx/GSD-2024-30593.json | 26 ++ 2024/30xxx/GSD-2024-30594.json | 26 ++ 2024/30xxx/GSD-2024-30595.json | 26 ++ 2024/30xxx/GSD-2024-30596.json | 26 ++ 2024/30xxx/GSD-2024-30597.json | 26 ++ 2024/30xxx/GSD-2024-30598.json | 26 ++ 2024/30xxx/GSD-2024-30599.json | 26 ++ 2024/30xxx/GSD-2024-30600.json | 26 ++ 2024/30xxx/GSD-2024-30601.json | 26 ++ 2024/30xxx/GSD-2024-30602.json | 26 ++ 2024/30xxx/GSD-2024-30603.json | 26 ++ 2024/30xxx/GSD-2024-30604.json | 26 ++ 2024/30xxx/GSD-2024-30606.json | 26 ++ 2024/30xxx/GSD-2024-30607.json | 26 ++ 2024/30xxx/GSD-2024-30612.json | 26 ++ 2024/31xxx/GSD-2024-31061.json | 34 ++ 2024/31xxx/GSD-2024-31062.json | 34 ++ 2024/31xxx/GSD-2024-31063.json | 34 ++ 2024/31xxx/GSD-2024-31064.json | 38 +++ 2024/31xxx/GSD-2024-31065.json | 34 ++ 2024/31xxx/GSD-2024-31134.json | 61 ++++ 2024/31xxx/GSD-2024-31135.json | 61 ++++ 2024/31xxx/GSD-2024-31136.json | 61 ++++ 2024/31xxx/GSD-2024-31137.json | 61 ++++ 2024/31xxx/GSD-2024-31138.json | 61 ++++ 2024/31xxx/GSD-2024-31139.json | 61 ++++ 2024/31xxx/GSD-2024-31140.json | 61 ++++ 2024/3xxx/GSD-2024-3015.json | 4 +- 2024/3xxx/GSD-2024-3019.json | 65 ++++ 2024/3xxx/GSD-2024-3024.json | 4 +- 2024/3xxx/GSD-2024-3039.json | 98 ++++++ 2024/3xxx/GSD-2024-3040.json | 98 ++++++ 2024/3xxx/GSD-2024-3041.json | 98 ++++++ 2024/3xxx/GSD-2024-3042.json | 98 ++++++ nvd_updated_time.txt | 2 +- 182 files changed, 8359 insertions(+), 536 deletions(-) create mode 100644 2024/29xxx/GSD-2024-29090.json create mode 100644 2024/29xxx/GSD-2024-29100.json create mode 100644 2024/29xxx/GSD-2024-29200.json create mode 100644 2024/29xxx/GSD-2024-29227.json create mode 100644 2024/29xxx/GSD-2024-29228.json create mode 100644 2024/29xxx/GSD-2024-29229.json create mode 100644 2024/29xxx/GSD-2024-29230.json create mode 100644 2024/29xxx/GSD-2024-29231.json create mode 100644 2024/29xxx/GSD-2024-29232.json create mode 100644 2024/29xxx/GSD-2024-29233.json create mode 100644 2024/29xxx/GSD-2024-29234.json create mode 100644 2024/29xxx/GSD-2024-29235.json create mode 100644 2024/29xxx/GSD-2024-29236.json create mode 100644 2024/29xxx/GSD-2024-29237.json create mode 100644 2024/29xxx/GSD-2024-29238.json create mode 100644 2024/29xxx/GSD-2024-29239.json create mode 100644 2024/29xxx/GSD-2024-29240.json create mode 100644 2024/29xxx/GSD-2024-29241.json create mode 100644 2024/29xxx/GSD-2024-29316.json create mode 100644 2024/29xxx/GSD-2024-29489.json create mode 100644 2024/29xxx/GSD-2024-29882.json create mode 100644 2024/29xxx/GSD-2024-29896.json create mode 100644 2024/29xxx/GSD-2024-29897.json create mode 100644 2024/29xxx/GSD-2024-29898.json create mode 100644 2024/2xxx/GSD-2024-2818.json create mode 100644 2024/2xxx/GSD-2024-2890.json create mode 100644 2024/2xxx/GSD-2024-2947.json create mode 100644 2024/30xxx/GSD-2024-30200.json create mode 100644 2024/30xxx/GSD-2024-30221.json create mode 100644 2024/30xxx/GSD-2024-30222.json create mode 100644 2024/30xxx/GSD-2024-30223.json create mode 100644 2024/30xxx/GSD-2024-30224.json create mode 100644 2024/30xxx/GSD-2024-30225.json create mode 100644 2024/30xxx/GSD-2024-30226.json create mode 100644 2024/30xxx/GSD-2024-30227.json create mode 100644 2024/30xxx/GSD-2024-30228.json create mode 100644 2024/30xxx/GSD-2024-30229.json create mode 100644 2024/30xxx/GSD-2024-30230.json create mode 100644 2024/30xxx/GSD-2024-30236.json create mode 100644 2024/30xxx/GSD-2024-30237.json create mode 100644 2024/30xxx/GSD-2024-30239.json create mode 100644 2024/30xxx/GSD-2024-30240.json create mode 100644 2024/30xxx/GSD-2024-30241.json create mode 100644 2024/30xxx/GSD-2024-30242.json create mode 100644 2024/30xxx/GSD-2024-30243.json create mode 100644 2024/30xxx/GSD-2024-30244.json create mode 100644 2024/30xxx/GSD-2024-30245.json create mode 100644 2024/30xxx/GSD-2024-30421.json create mode 100644 2024/30xxx/GSD-2024-30422.json create mode 100644 2024/30xxx/GSD-2024-30583.json create mode 100644 2024/30xxx/GSD-2024-30584.json create mode 100644 2024/30xxx/GSD-2024-30585.json create mode 100644 2024/30xxx/GSD-2024-30586.json create mode 100644 2024/30xxx/GSD-2024-30587.json create mode 100644 2024/30xxx/GSD-2024-30588.json create mode 100644 2024/30xxx/GSD-2024-30589.json create mode 100644 2024/30xxx/GSD-2024-30590.json create mode 100644 2024/30xxx/GSD-2024-30591.json create mode 100644 2024/30xxx/GSD-2024-30592.json create mode 100644 2024/30xxx/GSD-2024-30593.json create mode 100644 2024/30xxx/GSD-2024-30594.json create mode 100644 2024/30xxx/GSD-2024-30595.json create mode 100644 2024/30xxx/GSD-2024-30596.json create mode 100644 2024/30xxx/GSD-2024-30597.json create mode 100644 2024/30xxx/GSD-2024-30598.json create mode 100644 2024/30xxx/GSD-2024-30599.json create mode 100644 2024/30xxx/GSD-2024-30600.json create mode 100644 2024/30xxx/GSD-2024-30601.json create mode 100644 2024/30xxx/GSD-2024-30602.json create mode 100644 2024/30xxx/GSD-2024-30603.json create mode 100644 2024/30xxx/GSD-2024-30604.json create mode 100644 2024/30xxx/GSD-2024-30606.json create mode 100644 2024/30xxx/GSD-2024-30607.json create mode 100644 2024/30xxx/GSD-2024-30612.json create mode 100644 2024/31xxx/GSD-2024-31061.json create mode 100644 2024/31xxx/GSD-2024-31062.json create mode 100644 2024/31xxx/GSD-2024-31063.json create mode 100644 2024/31xxx/GSD-2024-31064.json create mode 100644 2024/31xxx/GSD-2024-31065.json create mode 100644 2024/31xxx/GSD-2024-31134.json create mode 100644 2024/31xxx/GSD-2024-31135.json create mode 100644 2024/31xxx/GSD-2024-31136.json create mode 100644 2024/31xxx/GSD-2024-31137.json create mode 100644 2024/31xxx/GSD-2024-31138.json create mode 100644 2024/31xxx/GSD-2024-31139.json create mode 100644 2024/31xxx/GSD-2024-31140.json create mode 100644 2024/3xxx/GSD-2024-3019.json create mode 100644 2024/3xxx/GSD-2024-3039.json create mode 100644 2024/3xxx/GSD-2024-3040.json create mode 100644 2024/3xxx/GSD-2024-3041.json create mode 100644 2024/3xxx/GSD-2024-3042.json diff --git a/2013/4xxx/GSD-2013-4558.json b/2013/4xxx/GSD-2013-4558.json index 917769f8839..9bd2070b18b 100644 --- a/2013/4xxx/GSD-2013-4558.json +++ b/2013/4xxx/GSD-2013-4558.json @@ -110,147 +110,148 @@ } }, "nvd.nist.gov": { - "configurations": { - "CVE_data_version": "4.0", - "nodes": [ + "cve": { + "configurations": [ { - "children": [], - "cpe_match": [ - { - "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:a:apache:mod_dav_svn:-:*:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, + "nodes": [ { - "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true + "cpeMatch": [ + { + "criteria": "cpe:2.3:a:apache:mod_dav_svn:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EF1F71DC-F66A-4F20-AF88-636DEFBD30BB", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*", + "matchCriteriaId": "75CF5BC1-7071-48A3-86A9-C843485CAED5", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*", + "matchCriteriaId": "9EB23250-EBD2-4A5F-BF5E-1DAE1A64EF0E", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*", + "matchCriteriaId": "200DB058-C9F0-4983-AF99-EBB8FC2E7875", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "A57A3347-6C48-4803-AB4E-A4BC0E6BFA41", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*", + "matchCriteriaId": "50D26799-D038-470A-A468-58DBDB64A7E6", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*", + "matchCriteriaId": "D3769BD6-B104-4F74-B8C4-89398A8894FB", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*", + "matchCriteriaId": "9757DD5E-42A6-44B8-9692-49690F60C8D1", + "vulnerable": true + } + ], + "negate": false, + "operator": "OR" } - ], - "operator": "OR" + ] } - ] - }, - "cve": { - "CVE_data_meta": { - "ASSIGNER": "secalert@redhat.com", - "ID": "CVE-2013-4558" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "en", - "value": "The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /." - } - ] - }, - "problemtype": { - "problemtype_data": [ + ], + "descriptions": [ + { + "lang": "en", + "value": "The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /." + }, + { + "lang": "es", + "value": "La funci\u00f3n get_parent_resource en respos.c en el m\u00f3dulo de servidor mod_dav_svn Apache HTTPD en Subversion 1.7.11 a 1.7.13 y 1.8.1 a 1.8.4, cuando se construyen con aserciones activas y SVNAutoversioning est\u00e1 habilitado, permite a atacantes remotos causar denegaci\u00f3n de servicio (fallo de aserci\u00f3n y aborto de proceso Apache) a trav\u00e9s de una URL no can\u00f3nica en una petici\u00f3n, como se muestra utilizando una '/' final." + } + ], + "id": "CVE-2013-4558", + "lastModified": "2024-03-28T14:15:13.023", + "metrics": { + "cvssMetricV2": [ { - "description": [ - { - "lang": "en", - "value": "CWE-20" - } - ] + "acInsufInfo": false, + "baseSeverity": "LOW", + "cvssData": { + "accessComplexity": "MEDIUM", + "accessVector": "NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "PARTIAL", + "baseScore": 3.5, + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", + "version": "2.0" + }, + "exploitabilityScore": 6.8, + "impactScore": 2.9, + "obtainAllPrivilege": false, + "obtainOtherPrivilege": false, + "obtainUserPrivilege": false, + "source": "nvd@nist.gov", + "type": "Primary", + "userInteractionRequired": false } ] }, - "references": { - "reference_data": [ - { - "name": "100363", - "refsource": "OSVDB", - "tags": [], - "url": "http://osvdb.org/100363" - }, - { - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1033431", - "refsource": "CONFIRM", - "tags": [], - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033431" - }, - { - "name": "http://subversion.apache.org/security/CVE-2013-4558-advisory.txt", - "refsource": "CONFIRM", - "tags": [ - "Patch", - "Vendor Advisory" - ], - "url": "http://subversion.apache.org/security/CVE-2013-4558-advisory.txt" - }, - { - "name": "openSUSE-SU-2013:1860", - "refsource": "SUSE", - "tags": [], - "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html" - }, - { - "name": "openSUSE-SU-2013:1836", - "refsource": "SUSE", - "tags": [], - "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html" - } - ] - } - }, - "impact": { - "baseMetricV2": { - "cvssV2": { - "accessComplexity": "MEDIUM", - "accessVector": "NETWORK", - "authentication": "SINGLE", - "availabilityImpact": "PARTIAL", - "baseScore": 3.5, - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "version": "2.0" + "published": "2013-12-07T20:55:02.553", + "references": [ + { + "source": "secalert@redhat.com", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html" }, - "exploitabilityScore": 6.8, - "impactScore": 2.9, - "obtainAllPrivilege": false, - "obtainOtherPrivilege": false, - "obtainUserPrivilege": false, - "severity": "LOW", - "userInteractionRequired": false - } - }, - "lastModifiedDate": "2013-12-20T04:36Z", - "publishedDate": "2013-12-07T20:55Z" + { + "source": "secalert@redhat.com", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html" + }, + { + "source": "secalert@redhat.com", + "url": "http://osvdb.org/100363" + }, + { + "source": "secalert@redhat.com", + "tags": [ + "Patch", + "Vendor Advisory" + ], + "url": "http://subversion.apache.org/security/CVE-2013-4558-advisory.txt" + }, + { + "source": "secalert@redhat.com", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033431" + }, + { + "source": "secalert@redhat.com", + "url": "https://github.com/apache/subversion/commit/2c77c43e4255555f3b79f761f0d141393a3856cc" + }, + { + "source": "secalert@redhat.com", + "url": "https://github.com/apache/subversion/commit/647e3f8365a74831bb915f63793b63e31fae062d" + } + ], + "sourceIdentifier": "secalert@redhat.com", + "vulnStatus": "Modified", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ], + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2018/8xxx/GSD-2018-8822.json b/2018/8xxx/GSD-2018-8822.json index 81cd968efdc..c34e405c85b 100644 --- a/2018/8xxx/GSD-2018-8822.json +++ b/2018/8xxx/GSD-2018-8822.json @@ -156,297 +156,347 @@ } }, "nvd.nist.gov": { - "configurations": { - "CVE_data_version": "4.0", - "nodes": [ + "cve": { + "configurations": [ { - "children": [], - "cpe_match": [ - { - "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "cpe_name": [], - "versionEndIncluding": "4.15.11", - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:4.16:rc:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, + "nodes": [ { - "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:4.16:rc1:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:4.16:rc2:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:4.16:rc3:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:4.16:rc4:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:4.16:rc5:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:4.16:rc6:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true + "cpeMatch": [ + { + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "matchCriteriaId": "9002FDD9-8A8C-4E06-8DE5-7CF6C79B117A", + "versionEndExcluding": "3.2.102", + "versionStartIncluding": "2.6.12", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "matchCriteriaId": "0786B96E-E04C-4D2B-B358-CCE006BAED46", + "versionEndExcluding": "3.16.57", + "versionStartIncluding": "3.3", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "matchCriteriaId": "F9906D89-2D98-4380-9A65-798B12332FC9", + "versionEndExcluding": "3.18.103", + "versionStartIncluding": "3.17", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "matchCriteriaId": "DC20C495-C297-4CEE-9034-4FE81754FE98", + "versionEndExcluding": "4.1.52", + "versionStartIncluding": "3.19", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "matchCriteriaId": "BB766B8A-0C15-4949-BC7E-C624A8FB122A", + "versionEndExcluding": "4.4.125", + "versionStartIncluding": "4.2", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "matchCriteriaId": "086C29F5-DF5E-43B2-8E7D-EBA453B571D8", + "versionEndExcluding": "4.9.91", + "versionStartIncluding": "4.5", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "matchCriteriaId": "9E6E5A35-1967-44F6-9D8F-83A08D60DB2F", + "versionEndExcluding": "4.14.31", + "versionStartIncluding": "4.10", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "matchCriteriaId": "A8ED8E8A-0A8C-4F47-9BFF-69DB613F2C35", + "versionEndExcluding": "4.15.14", + "versionStartIncluding": "4.15", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:linux:linux_kernel:4.16:rc:*:*:*:*:*:*", + "matchCriteriaId": "47F1FC1E-886E-4D29-89F6-ACE3BA4C6ABC", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:linux:linux_kernel:4.16:rc1:*:*:*:*:*:*", + "matchCriteriaId": "C7161042-96AB-4B27-85D1-284F7F975B07", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:linux:linux_kernel:4.16:rc2:*:*:*:*:*:*", + "matchCriteriaId": "023AC641-A30A-4814-8EEE-E8290134B8E0", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:linux:linux_kernel:4.16:rc3:*:*:*:*:*:*", + "matchCriteriaId": "9B70E4A9-D27F-4318-85DF-30CE6E86194B", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:linux:linux_kernel:4.16:rc4:*:*:*:*:*:*", + "matchCriteriaId": "5E280740-2FD3-459D-AF37-624DC6171F8D", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:linux:linux_kernel:4.16:rc5:*:*:*:*:*:*", + "matchCriteriaId": "CA2A106F-944D-42C5-BB4B-E81B97A57CDA", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:linux:linux_kernel:4.16:rc6:*:*:*:*:*:*", + "matchCriteriaId": "B14098E0-F40A-4C8E-B285-E96E6E604582", + "vulnerable": true + } + ], + "negate": false, + "operator": "OR" } - ], - "operator": "OR" + ] }, { - "children": [], - "cpe_match": [ - { - "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", - "cpe_name": [], - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", - "cpe_name": [], - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", - "cpe_name": [], - "vulnerable": true - }, + "nodes": [ { - "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true + "cpeMatch": [ + { + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", + "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", + "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", + "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", + "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", + "vulnerable": true + } + ], + "negate": false, + "operator": "OR" } - ], - "operator": "OR" + ] }, { - "children": [], - "cpe_match": [ - { - "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, + "nodes": [ { - "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true - }, - { - "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", - "cpe_name": [], - "vulnerable": true + "cpeMatch": [ + { + "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", + "vulnerable": true + }, + { + "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", + "vulnerable": true + } + ], + "negate": false, + "operator": "OR" } - ], - "operator": "OR" + ] } - ] - }, - "cve": { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-8822" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + ], + "descriptions": [ + { + "lang": "en", + "value": "Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code." + }, + { + "lang": "es", + "value": "Manipulaci\u00f3n incorrecta de longitud de b\u00fafer en la funci\u00f3n ncp_read_kernel en fs/ncpfs/ncplib_kernel.c en el kernel de Linux hasta la versi\u00f3n 4.15.11 y en drivers/staging/ncpfs/ncplib_kernel.c en el kernel de Linux 4.16-rc hasta 4.16-rc6 podr\u00eda ser explotada por servidores NCPFS maliciosos para cerrar inesperadamente el kernel o ejecutar c\u00f3digo." + } + ], + "id": "CVE-2018-8822", + "lastModified": "2024-03-28T16:08:31.410", + "metrics": { + "cvssMetricV2": [ { - "lang": "en", - "value": "Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code." + "acInsufInfo": false, + "baseSeverity": "HIGH", + "cvssData": { + "accessComplexity": "LOW", + "accessVector": "LOCAL", + "authentication": "NONE", + "availabilityImpact": "COMPLETE", + "baseScore": 7.2, + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", + "version": "2.0" + }, + "exploitabilityScore": 3.9, + "impactScore": 10.0, + "obtainAllPrivilege": false, + "obtainOtherPrivilege": false, + "obtainUserPrivilege": false, + "source": "nvd@nist.gov", + "type": "Primary", + "userInteractionRequired": false } - ] - }, - "problemtype": { - "problemtype_data": [ + ], + "cvssMetricV31": [ { - "description": [ - { - "lang": "en", - "value": "CWE-119" - } - ] + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9, + "source": "nvd@nist.gov", + "type": "Primary" } ] }, - "references": { - "reference_data": [ - { - "name": "https://www.mail-archive.com/netdev@vger.kernel.org/msg223373.html", - "refsource": "CONFIRM", - "tags": [ - "Patch" - ], - "url": "https://www.mail-archive.com/netdev@vger.kernel.org/msg223373.html" - }, - { - "name": "103476", - "refsource": "BID", - "tags": [ - "Broken Link", - "Third Party Advisory", - "VDB Entry" - ], - "url": "http://www.securityfocus.com/bid/103476" - }, - { - "name": "DSA-4188", - "refsource": "DEBIAN", - "tags": [ - "Third Party Advisory" - ], - "url": "https://www.debian.org/security/2018/dsa-4188" - }, - { - "name": "DSA-4187", - "refsource": "DEBIAN", - "tags": [ - "Third Party Advisory" - ], - "url": "https://www.debian.org/security/2018/dsa-4187" - }, - { - "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", - "refsource": "MLIST", - "tags": [ - "Mailing List", - "Third Party Advisory" - ], - "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" - }, - { - "name": "USN-3655-2", - "refsource": "UBUNTU", - "tags": [ - "Third Party Advisory" - ], - "url": "https://usn.ubuntu.com/3655-2/" - }, - { - "name": "USN-3654-2", - "refsource": "UBUNTU", - "tags": [ - "Third Party Advisory" - ], - "url": "https://usn.ubuntu.com/3654-2/" - }, - { - "name": "USN-3654-1", - "refsource": "UBUNTU", - "tags": [ - "Third Party Advisory" - ], - "url": "https://usn.ubuntu.com/3654-1/" - }, - { - "name": "USN-3653-2", - "refsource": "UBUNTU", - "tags": [ - "Third Party Advisory" - ], - "url": "https://usn.ubuntu.com/3653-2/" - }, - { - "name": "USN-3653-1", - "refsource": "UBUNTU", - "tags": [ - "Third Party Advisory" - ], - "url": "https://usn.ubuntu.com/3653-1/" - }, - { - "name": "USN-3657-1", - "refsource": "UBUNTU", - "tags": [ - "Third Party Advisory" - ], - "url": "https://usn.ubuntu.com/3657-1/" - }, - { - "name": "USN-3656-1", - "refsource": "UBUNTU", - "tags": [ - "Third Party Advisory" - ], - "url": "https://usn.ubuntu.com/3656-1/" - }, - { - "name": "USN-3655-1", - "refsource": "UBUNTU", - "tags": [ - "Third Party Advisory" - ], - "url": "https://usn.ubuntu.com/3655-1/" - }, - { - "name": "[oss-security] 20221227 Re: Details on this supposed Linux Kernel ksmbd RCE", - "refsource": "MLIST", - "tags": [ - "Mailing List", - "Third Party Advisory" - ], - "url": "http://www.openwall.com/lists/oss-security/2022/12/27/3" - } - ] - } - }, - "impact": { - "baseMetricV2": { - "acInsufInfo": false, - "cvssV2": { - "accessComplexity": "LOW", - "accessVector": "LOCAL", - "authentication": "NONE", - "availabilityImpact": "COMPLETE", - "baseScore": 7.2, - "confidentialityImpact": "COMPLETE", - "integrityImpact": "COMPLETE", - "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "version": "2.0" + "published": "2018-03-20T17:29:00.423", + "references": [ + { + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ], + "url": "http://www.openwall.com/lists/oss-security/2022/12/27/3" }, - "exploitabilityScore": 3.9, - "impactScore": 10.0, - "obtainAllPrivilege": false, - "obtainOtherPrivilege": false, - "obtainUserPrivilege": false, - "severity": "HIGH", - "userInteractionRequired": false - }, - "baseMetricV3": { - "cvssV3": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" + { + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ], + "url": "http://www.securityfocus.com/bid/103476" }, - "exploitabilityScore": 1.8, - "impactScore": 5.9 - } - }, - "lastModifiedDate": "2023-03-03T15:10Z", - "publishedDate": "2018-03-20T17:29Z" + { + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ], + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" + }, + { + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ], + "url": "https://usn.ubuntu.com/3653-1/" + }, + { + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ], + "url": "https://usn.ubuntu.com/3653-2/" + }, + { + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ], + "url": "https://usn.ubuntu.com/3654-1/" + }, + { + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ], + "url": "https://usn.ubuntu.com/3654-2/" + }, + { + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ], + "url": "https://usn.ubuntu.com/3655-1/" + }, + { + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ], + "url": "https://usn.ubuntu.com/3655-2/" + }, + { + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ], + "url": "https://usn.ubuntu.com/3656-1/" + }, + { + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ], + "url": "https://usn.ubuntu.com/3657-1/" + }, + { + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ], + "url": "https://www.debian.org/security/2018/dsa-4187" + }, + { + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ], + "url": "https://www.debian.org/security/2018/dsa-4188" + }, + { + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory" + ], + "url": "https://www.mail-archive.com/netdev%40vger.kernel.org/msg223373.html" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Analyzed", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ], + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2020/36xxx/GSD-2020-36771.json b/2020/36xxx/GSD-2020-36771.json index 4c1d345c7f3..1bfd3694f94 100644 --- a/2020/36xxx/GSD-2020-36771.json +++ b/2020/36xxx/GSD-2020-36771.json @@ -138,7 +138,7 @@ "descriptions": [ { "lang": "en", - "value": "CloudLinux\n CageFS 7.1.1-1 or below passes the authentication token as command line\n argument. In some configurations this allows local users to view it via\n the process list and gain code execution as another user.\n\n\n" + "value": "CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user." }, { "lang": "es", @@ -146,7 +146,7 @@ } ], "id": "CVE-2020-36771", - "lastModified": "2024-01-29T17:26:39.483", + "lastModified": "2024-03-28T19:15:46.773", "metrics": { "cvssMetricV31": [ { @@ -197,10 +197,14 @@ "Release Notes" ], "url": "https://blog.cloudlinux.com/cagefs-lve-wrappers-and-bsock-have-been-rolled-out-to-100" + }, + { + "source": "secalert@redhat.com", + "url": "https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01_CloudLinux_CageFS_Token_Disclosure" } ], "sourceIdentifier": "secalert@redhat.com", - "vulnStatus": "Analyzed", + "vulnStatus": "Modified", "weaknesses": [ { "description": [ diff --git a/2020/36xxx/GSD-2020-36772.json b/2020/36xxx/GSD-2020-36772.json index b17eb3d9589..5b899c372c9 100644 --- a/2020/36xxx/GSD-2020-36772.json +++ b/2020/36xxx/GSD-2020-36772.json @@ -138,7 +138,7 @@ "descriptions": [ { "lang": "en", - "value": "CloudLinux\n CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to\n the sendmail proxy command. This allows local users to read and write \narbitrary files outside the CageFS environment in a limited way.\n" + "value": "CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment." }, { "lang": "es", @@ -146,7 +146,7 @@ } ], "id": "CVE-2020-36772", - "lastModified": "2024-01-29T17:32:41.797", + "lastModified": "2024-03-28T19:15:46.887", "metrics": { "cvssMetricV31": [ { @@ -197,10 +197,14 @@ "Release Notes" ], "url": "https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100" + }, + { + "source": "secalert@redhat.com", + "url": "https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands" } ], "sourceIdentifier": "secalert@redhat.com", - "vulnStatus": "Analyzed", + "vulnStatus": "Modified", "weaknesses": [ { "description": [ diff --git a/2021/31xxx/GSD-2021-31156.json b/2021/31xxx/GSD-2021-31156.json index 97b5e7c7779..26205f855c5 100644 --- a/2021/31xxx/GSD-2021-31156.json +++ b/2021/31xxx/GSD-2021-31156.json @@ -37,6 +37,36 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data." + } + ], + "id": "CVE-2021-31156", + "lastModified": "2024-03-28T23:15:45.987", + "metrics": {}, + "published": "2024-03-28T23:15:45.987", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://gist.github.com/NitescuLucian/69cf22d17bf190325118304be04828e8" + }, + { + "source": "cve@mitre.org", + "url": "https://www.alliedtelesis.com/en/documents/software-release-notes-s115-v120" + }, + { + "source": "cve@mitre.org", + "url": "https://www.alliedtelesis.com/sites/default/files/documents/release-notes/ats115v120srna.pdf" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Received" + } } } } \ No newline at end of file diff --git a/2022/45xxx/GSD-2022-45850.json b/2022/45xxx/GSD-2022-45850.json index 99bf15731f1..5f5f80f26c7 100644 --- a/2022/45xxx/GSD-2022-45850.json +++ b/2022/45xxx/GSD-2022-45850.json @@ -37,6 +37,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9.\n\n" + } + ], + "id": "CVE-2022-45850", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:15:47.440", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/image-map-pro-wordpress/wordpress-image-map-pro-premium-plugin-5-5-0-cross-site-request-forgery-csrf-leading-to-stored-cross-site-scripting-xss?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2023/23xxx/GSD-2023-23649.json b/2023/23xxx/GSD-2023-23649.json index 6e6f10eab99..1950259f03b 100644 --- a/2023/23xxx/GSD-2023-23649.json +++ b/2023/23xxx/GSD-2023-23649.json @@ -37,6 +37,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1.\n\n" + } + ], + "id": "CVE-2023-23649", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:15:49.083", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/mainwp-links-manager-extension/wordpress-mainwp-links-manager-extension-plugin-2-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2023/25xxx/GSD-2023-25341.json b/2023/25xxx/GSD-2023-25341.json index 9be332a1f22..5d92d081762 100644 --- a/2023/25xxx/GSD-2023-25341.json +++ b/2023/25xxx/GSD-2023-25341.json @@ -37,6 +37,28 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests." + } + ], + "id": "CVE-2023-25341", + "lastModified": "2024-03-28T22:15:09.170", + "metrics": {}, + "published": "2024-03-28T22:15:09.170", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://www.runjak.codes/posts/2024-03-21-ladle-cve" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Received" + } } } } \ No newline at end of file diff --git a/2023/29xxx/GSD-2023-29162.json b/2023/29xxx/GSD-2023-29162.json index a2223017b41..add1831b5b9 100644 --- a/2023/29xxx/GSD-2023-29162.json +++ b/2023/29xxx/GSD-2023-29162.json @@ -112,11 +112,15 @@ "descriptions": [ { "lang": "en", - "value": "Improper buffer restrictions in some Intel(R) C++ Compiler Classic before version 2021.8 may allow authenticated user to potentially enable escalation of privilege via local access." + "value": "Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access.\n\n" + }, + { + "lang": "es", + "value": "Las restricciones inadecuadas del b\u00fafer en algunos compiladores Intel(R) C++ Classic anteriores a la versi\u00f3n 2021.8 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "id": "CVE-2023-29162", - "lastModified": "2024-02-14T15:01:51.137", + "lastModified": "2024-03-28T16:15:07.657", "metrics": { "cvssMetricV31": [ { @@ -149,19 +153,7 @@ } ], "sourceIdentifier": "secure@intel.com", - "vulnStatus": "Awaiting Analysis", - "weaknesses": [ - { - "description": [ - { - "lang": "en", - "value": "CWE-92" - } - ], - "source": "secure@intel.com", - "type": "Secondary" - } - ] + "vulnStatus": "Awaiting Analysis" } } } diff --git a/2023/33xxx/GSD-2023-33528.json b/2023/33xxx/GSD-2023-33528.json index 9c496091192..10392ddba49 100644 --- a/2023/33xxx/GSD-2023-33528.json +++ b/2023/33xxx/GSD-2023-33528.json @@ -37,6 +37,32 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "halo v1.6.0 is vulnerable to Cross Site Scripting (XSS)." + } + ], + "id": "CVE-2023-33528", + "lastModified": "2024-03-28T23:15:46.070", + "metrics": {}, + "published": "2024-03-28T23:15:46.070", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://gist.github.com/alert-moyan/be0bd087d85c1416829b8e9659e8b66c" + }, + { + "source": "cve@mitre.org", + "url": "https://github.com/halo-dev/halo/releases/tag/v1.6.0" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Received" + } } } } \ No newline at end of file diff --git a/2023/34xxx/GSD-2023-34370.json b/2023/34xxx/GSD-2023-34370.json index f74b6f063b9..4c78149ecb5 100644 --- a/2023/34xxx/GSD-2023-34370.json +++ b/2023/34xxx/GSD-2023-34370.json @@ -37,6 +37,67 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.\n\n" + } + ], + "id": "CVE-2023-34370", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", + "version": "3.1" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T06:15:07.717", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" + }, + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2023/35xxx/GSD-2023-35121.json b/2023/35xxx/GSD-2023-35121.json index 357b382ce1e..43397eb9925 100644 --- a/2023/35xxx/GSD-2023-35121.json +++ b/2023/35xxx/GSD-2023-35121.json @@ -112,11 +112,15 @@ "descriptions": [ { "lang": "en", - "value": "Improper access control in some Intel(R) oneAPI DPC++/C++ Compiler software before version 2023.2.1 may allow authenticated user to potentially enable escalation of privilege via local access." + "value": "Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access.\n\n" + }, + { + "lang": "es", + "value": "El control de acceso inadecuado en algunos software del compilador Intel(R) oneAPI DPC++/C++ anterior a la versi\u00f3n 2023.2.1 puede permitir que el usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "id": "CVE-2023-35121", - "lastModified": "2024-02-14T15:01:46.050", + "lastModified": "2024-03-28T15:15:45.453", "metrics": { "cvssMetricV31": [ { @@ -149,19 +153,7 @@ } ], "sourceIdentifier": "secure@intel.com", - "vulnStatus": "Awaiting Analysis", - "weaknesses": [ - { - "description": [ - { - "lang": "en", - "value": "CWE-284" - } - ], - "source": "secure@intel.com", - "type": "Secondary" - } - ] + "vulnStatus": "Awaiting Analysis" } } } diff --git a/2023/36xxx/GSD-2023-36679.json b/2023/36xxx/GSD-2023-36679.json index fae0062de6e..844c8bdf918 100644 --- a/2023/36xxx/GSD-2023-36679.json +++ b/2023/36xxx/GSD-2023-36679.json @@ -37,6 +37,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.\n\n" + } + ], + "id": "CVE-2023-36679", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", + "version": "3.1" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T06:15:09.280", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-plugin-2-6-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2023/39xxx/GSD-2023-39309.json b/2023/39xxx/GSD-2023-39309.json index d9d5278bd18..31f6925208b 100644 --- a/2023/39xxx/GSD-2023-39309.json +++ b/2023/39xxx/GSD-2023-39309.json @@ -37,6 +37,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.\n\n" + } + ], + "id": "CVE-2023-39309", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:15:49.827", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/fusion-builder/wordpress-avada-builder-plugin-3-11-1-authenticated-sql-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2023/39xxx/GSD-2023-39313.json b/2023/39xxx/GSD-2023-39313.json index 6ccf34ebbad..eb7b22dcc4f 100644 --- a/2023/39xxx/GSD-2023-39313.json +++ b/2023/39xxx/GSD-2023-39313.json @@ -37,6 +37,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.\n\n" + } + ], + "id": "CVE-2023-39313", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T06:15:09.597", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2023/40xxx/GSD-2023-40390.json b/2023/40xxx/GSD-2023-40390.json index e54a8ac01c8..15256275be0 100644 --- a/2023/40xxx/GSD-2023-40390.json +++ b/2023/40xxx/GSD-2023-40390.json @@ -37,6 +37,28 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data." + } + ], + "id": "CVE-2023-40390", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T16:15:07.773", + "references": [ + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214036" + } + ], + "sourceIdentifier": "product-security@apple.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/42xxx/GSD-2023-42892.json b/2023/42xxx/GSD-2023-42892.json index 913fa6afa2f..e682de26716 100644 --- a/2023/42xxx/GSD-2023-42892.json +++ b/2023/42xxx/GSD-2023-42892.json @@ -37,6 +37,36 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to elevate their privileges." + } + ], + "id": "CVE-2023-42892", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T16:15:07.843", + "references": [ + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214036" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214037" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214038" + } + ], + "sourceIdentifier": "product-security@apple.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/42xxx/GSD-2023-42893.json b/2023/42xxx/GSD-2023-42893.json index 4aee0857eaa..f8d4a5b3fd7 100644 --- a/2023/42xxx/GSD-2023-42893.json +++ b/2023/42xxx/GSD-2023-42893.json @@ -37,6 +37,52 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data." + } + ], + "id": "CVE-2023-42893", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T16:15:07.903", + "references": [ + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214034" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214035" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214036" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214037" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214038" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214040" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214041" + } + ], + "sourceIdentifier": "product-security@apple.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/42xxx/GSD-2023-42896.json b/2023/42xxx/GSD-2023-42896.json index 5064118d0a0..d21238b116e 100644 --- a/2023/42xxx/GSD-2023-42896.json +++ b/2023/42xxx/GSD-2023-42896.json @@ -37,6 +37,44 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system." + } + ], + "id": "CVE-2023-42896", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T16:15:07.970", + "references": [ + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214034" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214035" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214036" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214037" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214038" + } + ], + "sourceIdentifier": "product-security@apple.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/42xxx/GSD-2023-42913.json b/2023/42xxx/GSD-2023-42913.json index e9ca7baa2f2..ab5397c2a41 100644 --- a/2023/42xxx/GSD-2023-42913.json +++ b/2023/42xxx/GSD-2023-42913.json @@ -37,6 +37,28 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions." + } + ], + "id": "CVE-2023-42913", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T16:15:08.023", + "references": [ + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214036" + } + ], + "sourceIdentifier": "product-security@apple.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/42xxx/GSD-2023-42930.json b/2023/42xxx/GSD-2023-42930.json index 40f164f4473..6731e6f7faf 100644 --- a/2023/42xxx/GSD-2023-42930.json +++ b/2023/42xxx/GSD-2023-42930.json @@ -37,6 +37,36 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. An app may be able to modify protected parts of the file system." + } + ], + "id": "CVE-2023-42930", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T16:15:08.090", + "references": [ + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214036" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214037" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214038" + } + ], + "sourceIdentifier": "product-security@apple.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/42xxx/GSD-2023-42931.json b/2023/42xxx/GSD-2023-42931.json index ada25b83994..99a211d3052 100644 --- a/2023/42xxx/GSD-2023-42931.json +++ b/2023/42xxx/GSD-2023-42931.json @@ -37,6 +37,36 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication." + } + ], + "id": "CVE-2023-42931", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T16:15:08.153", + "references": [ + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214036" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214037" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214038" + } + ], + "sourceIdentifier": "product-security@apple.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/42xxx/GSD-2023-42936.json b/2023/42xxx/GSD-2023-42936.json index 57e3d396863..67a52f28251 100644 --- a/2023/42xxx/GSD-2023-42936.json +++ b/2023/42xxx/GSD-2023-42936.json @@ -37,6 +37,48 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data." + } + ], + "id": "CVE-2023-42936", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T16:15:08.200", + "references": [ + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214035" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214036" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214037" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214038" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214040" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214041" + } + ], + "sourceIdentifier": "product-security@apple.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/42xxx/GSD-2023-42947.json b/2023/42xxx/GSD-2023-42947.json index 2362156b5e9..33d60fe3d9e 100644 --- a/2023/42xxx/GSD-2023-42947.json +++ b/2023/42xxx/GSD-2023-42947.json @@ -37,6 +37,48 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox." + } + ], + "id": "CVE-2023-42947", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T16:15:08.250", + "references": [ + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214035" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214036" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214037" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214038" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214040" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214041" + } + ], + "sourceIdentifier": "product-security@apple.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/42xxx/GSD-2023-42950.json b/2023/42xxx/GSD-2023-42950.json index be695c39c9e..db52b6bd9b1 100644 --- a/2023/42xxx/GSD-2023-42950.json +++ b/2023/42xxx/GSD-2023-42950.json @@ -37,6 +37,44 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution." + } + ], + "id": "CVE-2023-42950", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T16:15:08.313", + "references": [ + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214035" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214036" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214039" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214040" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214041" + } + ], + "sourceIdentifier": "product-security@apple.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/42xxx/GSD-2023-42956.json b/2023/42xxx/GSD-2023-42956.json index ff5ad48a5e1..0f583708da9 100644 --- a/2023/42xxx/GSD-2023-42956.json +++ b/2023/42xxx/GSD-2023-42956.json @@ -37,6 +37,36 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service." + } + ], + "id": "CVE-2023-42956", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T16:15:08.377", + "references": [ + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214035" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214036" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214039" + } + ], + "sourceIdentifier": "product-security@apple.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/42xxx/GSD-2023-42962.json b/2023/42xxx/GSD-2023-42962.json index 6c4acdf20f6..ef2bc7f076c 100644 --- a/2023/42xxx/GSD-2023-42962.json +++ b/2023/42xxx/GSD-2023-42962.json @@ -37,6 +37,32 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. A remote attacker may be able to cause a denial-of-service." + } + ], + "id": "CVE-2023-42962", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T16:15:08.430", + "references": [ + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214034" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214035" + } + ], + "sourceIdentifier": "product-security@apple.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/42xxx/GSD-2023-42974.json b/2023/42xxx/GSD-2023-42974.json index 779092f8e61..e0ecd341a93 100644 --- a/2023/42xxx/GSD-2023-42974.json +++ b/2023/42xxx/GSD-2023-42974.json @@ -37,6 +37,44 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges." + } + ], + "id": "CVE-2023-42974", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T16:15:08.480", + "references": [ + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214034" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214035" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214036" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214037" + }, + { + "source": "product-security@apple.com", + "url": "https://support.apple.com/en-us/HT214038" + } + ], + "sourceIdentifier": "product-security@apple.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/45xxx/GSD-2023-45705.json b/2023/45xxx/GSD-2023-45705.json index f746feaadd6..6426c90c059 100644 --- a/2023/45xxx/GSD-2023-45705.json +++ b/2023/45xxx/GSD-2023-45705.json @@ -37,6 +37,51 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options.\n" + } + ], + "id": "CVE-2023-45705", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + }, + "exploitabilityScore": 0.9, + "impactScore": 2.5, + "source": "psirt@hcl.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:45.590", + "references": [ + { + "source": "psirt@hcl.com", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111972" + } + ], + "sourceIdentifier": "psirt@hcl.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/45xxx/GSD-2023-45706.json b/2023/45xxx/GSD-2023-45706.json index 0ab126f3a5c..23c9e4a9b22 100644 --- a/2023/45xxx/GSD-2023-45706.json +++ b/2023/45xxx/GSD-2023-45706.json @@ -37,6 +37,51 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration.\n" + } + ], + "id": "CVE-2023-45706", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 2.0, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + }, + "exploitabilityScore": 0.5, + "impactScore": 1.4, + "source": "psirt@hcl.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:45.797", + "references": [ + { + "source": "psirt@hcl.com", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111972" + } + ], + "sourceIdentifier": "psirt@hcl.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/45xxx/GSD-2023-45715.json b/2023/45xxx/GSD-2023-45715.json index 3c6f1266013..3dab9021f6b 100644 --- a/2023/45xxx/GSD-2023-45715.json +++ b/2023/45xxx/GSD-2023-45715.json @@ -37,6 +37,51 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "The console may experience a service interruption when processing file names with invalid characters.\n" + } + ], + "id": "CVE-2023-45715", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4, + "source": "psirt@hcl.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:45.983", + "references": [ + { + "source": "psirt@hcl.com", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111972" + } + ], + "sourceIdentifier": "psirt@hcl.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/45xxx/GSD-2023-45754.json b/2023/45xxx/GSD-2023-45754.json index f16d870b25d..824fcabecdf 100644 --- a/2023/45xxx/GSD-2023-45754.json +++ b/2023/45xxx/GSD-2023-45754.json @@ -117,86 +117,106 @@ } }, "nvd.nist.gov": { - "configurations": { - "CVE_data_version": "4.0", - "nodes": [ + "cve": { + "configurations": [ { - "children": [], - "cpe_match": [ + "nodes": [ { - "cpe23Uri": "cpe:2.3:a:i13websolution:easy_testimonial_slider_and_form:*:*:*:*:*:wordpress:*:*", - "cpe_name": [], - "versionEndIncluding": "1.0.18", - "vulnerable": true + "cpeMatch": [ + { + "criteria": "cpe:2.3:a:i13websolution:easy_testimonial_slider_and_form:*:*:*:*:*:wordpress:*:*", + "matchCriteriaId": "768F4917-EEC9-461D-B84D-21C9EFB92E55", + "versionEndIncluding": "1.0.18", + "vulnerable": true + } + ], + "negate": false, + "operator": "OR" } - ], - "operator": "OR" + ] } - ] - }, - "cve": { - "CVE_data_meta": { - "ASSIGNER": "audit@patchstack.com", - "ID": "CVE-2023-45754" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form allows Stored XSS.This issue affects Easy Testimonial Slider and Form: from n/a through 1.0.18.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento I Thirteen Web Solution Easy Testimonial Slider and Form en versiones <= 1.0.18." + } + ], + "id": "CVE-2023-45754", + "lastModified": "2024-03-28T09:15:07.903", + "metrics": { + "cvssMetricV31": [ { - "lang": "en", - "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <=\u00a01.0.18 versions." - } - ] - }, - "problemtype": { - "problemtype_data": [ + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7, + "source": "nvd@nist.gov", + "type": "Primary" + }, { - "description": [ - { - "lang": "en", - "value": "CWE-79" - } - ] + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7, + "source": "audit@patchstack.com", + "type": "Secondary" } ] }, - "references": { - "reference_data": [ - { - "name": "https://patchstack.com/database/vulnerability/easy-testimonial-rotator/wordpress-easy-testimonial-slider-and-form-plugin-1-0-18-cross-site-scripting-xss?_s_id=cve", - "refsource": "MISC", - "tags": [ - "Third Party Advisory" - ], - "url": "https://patchstack.com/database/vulnerability/easy-testimonial-rotator/wordpress-easy-testimonial-slider-and-form-plugin-1-0-18-cross-site-scripting-xss?_s_id=cve" - } - ] - } - }, - "impact": { - "baseMetricV3": { - "cvssV3": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 4.8, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", - "version": "3.1" - }, - "exploitabilityScore": 1.7, - "impactScore": 2.7 - } - }, - "lastModifiedDate": "2023-10-27T21:57Z", - "publishedDate": "2023-10-25T18:17Z" + "published": "2023-10-25T18:17:33.977", + "references": [ + { + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ], + "url": "https://patchstack.com/database/vulnerability/easy-testimonial-rotator/wordpress-easy-testimonial-slider-and-form-plugin-1-0-18-cross-site-scripting-xss?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Modified", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2023/47xxx/GSD-2023-47038.json b/2023/47xxx/GSD-2023-47038.json index 9e61fcb351e..e5e5872b251 100644 --- a/2023/47xxx/GSD-2023-47038.json +++ b/2023/47xxx/GSD-2023-47038.json @@ -287,7 +287,7 @@ } ], "id": "CVE-2023-47038", - "lastModified": "2024-02-05T07:15:08.413", + "lastModified": "2024-03-28T14:15:13.310", "metrics": { "cvssMetricV31": [ { @@ -359,6 +359,10 @@ { "source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/" + }, + { + "source": "secalert@redhat.com", + "url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property" } ], "sourceIdentifier": "secalert@redhat.com", diff --git a/2023/47xxx/GSD-2023-47039.json b/2023/47xxx/GSD-2023-47039.json index f67dad6703e..396d4c3232e 100644 --- a/2023/47xxx/GSD-2023-47039.json +++ b/2023/47xxx/GSD-2023-47039.json @@ -283,7 +283,7 @@ } ], "id": "CVE-2023-47039", - "lastModified": "2024-02-08T10:15:09.497", + "lastModified": "2024-03-28T14:15:13.467", "metrics": { "cvssMetricV31": [ { @@ -352,6 +352,10 @@ ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249525" }, + { + "source": "secalert@redhat.com", + "url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47039-Perl-for-Windows-binary-hijacking-vulnerability" + }, { "source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20240208-0005/" diff --git a/2023/50xxx/GSD-2023-50374.json b/2023/50xxx/GSD-2023-50374.json index c90bc4f89ec..bb8c4386121 100644 --- a/2023/50xxx/GSD-2023-50374.json +++ b/2023/50xxx/GSD-2023-50374.json @@ -37,6 +37,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP \u2013 Coming Soon & Maintenance.This issue affects CMP \u2013 Coming Soon & Maintenance: from n/a through 4.1.10.\n\n" + } + ], + "id": "CVE-2023-50374", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:15:50.873", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/cmp-coming-soon-maintenance/wordpress-cmp-coming-soon-maintenance-plugin-by-niteothemes-plugin-4-1-10-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2023/50xxx/GSD-2023-50969.json b/2023/50xxx/GSD-2023-50969.json index 73b58b3dc96..85e70e3f9b4 100644 --- a/2023/50xxx/GSD-2023-50969.json +++ b/2023/50xxx/GSD-2023-50969.json @@ -33,6 +33,32 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468." + } + ], + "id": "CVE-2023-50969", + "lastModified": "2024-03-28T23:15:46.137", + "metrics": {}, + "published": "2024-03-28T23:15:46.137", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://docs.imperva.com/bundle/v14.7-waf-administration-guide/page/9282.htm" + }, + { + "source": "cve@mitre.org", + "url": "https://www.hoyahaxa.com/2024/03/imperva-waf-bypass-cve-2023-50969.html" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Received" + } } } } \ No newline at end of file diff --git a/2023/52xxx/GSD-2023-52231.json b/2023/52xxx/GSD-2023-52231.json index 38facc1884b..2e40167da84 100644 --- a/2023/52xxx/GSD-2023-52231.json +++ b/2023/52xxx/GSD-2023-52231.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2.\n\n" + } + ], + "id": "CVE-2023-52231", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:15:52.120", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/booster-plus-for-woocommerce/wordpress-booster-plus-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2023/52xxx/GSD-2023-52234.json b/2023/52xxx/GSD-2023-52234.json index 33da051c17f..0d43b4c3047 100644 --- a/2023/52xxx/GSD-2023-52234.json +++ b/2023/52xxx/GSD-2023-52234.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2.\n\n" + } + ], + "id": "CVE-2023-52234", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:15:52.927", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ], + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + } } } } \ No newline at end of file diff --git a/2023/52xxx/GSD-2023-52628.json b/2023/52xxx/GSD-2023-52628.json index 0d0bba646e9..96648912d2f 100644 --- a/2023/52xxx/GSD-2023-52628.json +++ b/2023/52xxx/GSD-2023-52628.json @@ -33,6 +33,44 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nftables: exthdr: fix 4-byte stack OOB write\n\nIf priv->len is a multiple of 4, then dst[len / 4] can write past\nthe destination array which leads to stack corruption.\n\nThis construct is necessary to clean the remainder of the register\nin case ->len is NOT a multiple of the register size, so make it\nconditional just like nft_payload.c does.\n\nThe bug was added in 4.1 cycle and then copied/inherited when\ntcp/sctp and ip option support was added.\n\nBug reported by Zero Day Initiative project (ZDI-CAN-21950,\nZDI-CAN-21951, ZDI-CAN-21961)." + } + ], + "id": "CVE-2023-52628", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": {}, + "published": "2024-03-28T08:15:25.980", + "references": [ + { + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "url": "https://git.kernel.org/stable/c/1ad7b189cc1411048434e8595ffcbe7873b71082" + }, + { + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "url": "https://git.kernel.org/stable/c/a7d86a77c33ba1c357a7504341172cc1507f0698" + }, + { + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "url": "https://git.kernel.org/stable/c/c8f292322ff16b9a2272a67de396c09a50e09dce" + }, + { + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "url": "https://git.kernel.org/stable/c/d9ebfc0f21377690837ebbd119e679243e0099cc" + }, + { + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "url": "https://git.kernel.org/stable/c/fd94d9dadee58e09b49075240fe83423eb1dcd36" + } + ], + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2023/6xxx/GSD-2023-6371.json b/2023/6xxx/GSD-2023-6371.json index 3b16d96451f..aba36bae77e 100644 --- a/2023/6xxx/GSD-2023-6371.json +++ b/2023/6xxx/GSD-2023-6371.json @@ -37,6 +37,67 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims." + } + ], + "id": "CVE-2023-6371", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.3, + "impactScore": 5.8, + "source": "cve@gitlab.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T08:15:26.223", + "references": [ + { + "source": "cve@gitlab.com", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/433021" + }, + { + "source": "cve@gitlab.com", + "url": "https://hackerone.com/reports/2257080" + } + ], + "sourceIdentifier": "cve@gitlab.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ], + "source": "cve@gitlab.com", + "type": "Secondary" + } + ] + } } } } \ No newline at end of file diff --git a/2023/6xxx/GSD-2023-6437.json b/2023/6xxx/GSD-2023-6437.json index 7ddfd6599e1..f8761a381f2 100644 --- a/2023/6xxx/GSD-2023-6437.json +++ b/2023/6xxx/GSD-2023-6437.json @@ -37,6 +37,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Turk Telekom TP-Link allows OS Command Injection.This issue affects TP-Link: through 2024.03.28.\n\n" + } + ], + "id": "CVE-2023-6437", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9, + "source": "iletisim@usom.gov.tr", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T14:15:13.600", + "references": [ + { + "source": "iletisim@usom.gov.tr", + "url": "https://www.usom.gov.tr/bildirim/tr-24-0244" + } + ], + "sourceIdentifier": "iletisim@usom.gov.tr", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ], + "source": "iletisim@usom.gov.tr", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/0xxx/GSD-2024-0259.json b/2024/0xxx/GSD-2024-0259.json index 4dd942f0e10..eaf6ee43fe4 100644 --- a/2024/0xxx/GSD-2024-0259.json +++ b/2024/0xxx/GSD-2024-0259.json @@ -33,6 +33,67 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.\n\n" + } + ], + "id": "CVE-2024-0259", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9, + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:46.180", + "references": [ + { + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", + "url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm" + }, + { + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", + "url": "https://www.fortra.com/security/advisory/fi-2024-005" + } + ], + "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ], + "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", + "type": "Secondary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/0xxx/GSD-2024-0672.json b/2024/0xxx/GSD-2024-0672.json index efbe3939be3..b4ebe8d75dc 100644 --- a/2024/0xxx/GSD-2024-0672.json +++ b/2024/0xxx/GSD-2024-0672.json @@ -33,6 +33,28 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "id": "CVE-2024-0672", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": {}, + "published": "2024-03-28T05:15:49.693", + "references": [ + { + "source": "contact@wpscan.com", + "url": "https://wpscan.com/vulnerability/eceb6585-5969-4aa6-9908-b6bfb578190a/" + } + ], + "sourceIdentifier": "contact@wpscan.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2024/0xxx/GSD-2024-0673.json b/2024/0xxx/GSD-2024-0673.json index 79ea2d6f499..68f8dc7696d 100644 --- a/2024/0xxx/GSD-2024-0673.json +++ b/2024/0xxx/GSD-2024-0673.json @@ -33,6 +33,28 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed" + } + ], + "id": "CVE-2024-0673", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": {}, + "published": "2024-03-28T05:15:49.820", + "references": [ + { + "source": "contact@wpscan.com", + "url": "https://wpscan.com/vulnerability/d80e725d-356a-4997-a352-33565e291fc8/" + } + ], + "sourceIdentifier": "contact@wpscan.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2024/0xxx/GSD-2024-0677.json b/2024/0xxx/GSD-2024-0677.json index dffefd85de3..aad7f55f0a1 100644 --- a/2024/0xxx/GSD-2024-0677.json +++ b/2024/0xxx/GSD-2024-0677.json @@ -33,6 +33,28 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks." + } + ], + "id": "CVE-2024-0677", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": {}, + "published": "2024-03-28T05:15:49.870", + "references": [ + { + "source": "contact@wpscan.com", + "url": "https://wpscan.com/vulnerability/0f7757c9-69fa-49db-90b0-40f0ff29bee7/" + } + ], + "sourceIdentifier": "contact@wpscan.com", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2024/1xxx/GSD-2024-1770.json b/2024/1xxx/GSD-2024-1770.json index c276b006df2..68fad52f240 100644 --- a/2024/1xxx/GSD-2024-1770.json +++ b/2024/1xxx/GSD-2024-1770.json @@ -43,7 +43,7 @@ } ], "id": "CVE-2024-1770", - "lastModified": "2024-03-28T02:15:09.573", + "lastModified": "2024-03-28T12:42:56.150", "metrics": { "cvssMetricV31": [ { @@ -80,7 +80,7 @@ } ], "sourceIdentifier": "security@wordfence.com", - "vulnStatus": "Received" + "vulnStatus": "Awaiting Analysis" } } } diff --git a/2024/22xxx/GSD-2024-22138.json b/2024/22xxx/GSD-2024-22138.json index 8fb4cd96379..bdef7d09b6c 100644 --- a/2024/22xxx/GSD-2024-22138.json +++ b/2024/22xxx/GSD-2024-22138.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47.\n\n" + } + ], + "id": "CVE-2024-22138", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:15:53.863", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/seraphinite-accelerator/wordpress-seraphinite-accelerator-plugin-2-20-44-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/23xxx/GSD-2024-23500.json b/2024/23xxx/GSD-2024-23500.json index 5417cb53364..74da92cfcee 100644 --- a/2024/23xxx/GSD-2024-23500.json +++ b/2024/23xxx/GSD-2024-23500.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.19.\n\n" + } + ], + "id": "CVE-2024-23500", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T06:15:10.097", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/kadence-blocks/wordpress-kadence-blocks-plugin-3-2-19-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/23xxx/GSD-2024-23727.json b/2024/23xxx/GSD-2024-23727.json index faf4fee11ce..5ec0b3111b3 100644 --- a/2024/23xxx/GSD-2024-23727.json +++ b/2024/23xxx/GSD-2024-23727.json @@ -33,6 +33,28 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component." + } + ], + "id": "CVE-2024-23727", + "lastModified": "2024-03-28T21:16:01.413", + "metrics": {}, + "published": "2024-03-28T21:16:01.413", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/actuator/yi/blob/main/com.kamivision.yismart.V1.0.0_20231219.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Received" + } } } } \ No newline at end of file diff --git a/2024/24xxx/GSD-2024-24399.json b/2024/24xxx/GSD-2024-24399.json index 5dc0b9341e4..58a28501b8b 100644 --- a/2024/24xxx/GSD-2024-24399.json +++ b/2024/24xxx/GSD-2024-24399.json @@ -109,7 +109,7 @@ } ], "id": "CVE-2024-24399", - "lastModified": "2024-01-29T15:57:59.413", + "lastModified": "2024-03-28T23:15:46.200", "metrics": { "cvssMetricV31": [ { @@ -136,16 +136,24 @@ }, "published": "2024-01-25T21:15:09.563", "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/capture0x/leptoncms" + }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "https://github.com/capture0x/leptoncms/blob/main/README.md" + }, + { + "source": "cve@mitre.org", + "url": "https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html" } ], "sourceIdentifier": "cve@mitre.org", - "vulnStatus": "Analyzed", + "vulnStatus": "Modified", "weaknesses": [ { "description": [ diff --git a/2024/24xxx/GSD-2024-24407.json b/2024/24xxx/GSD-2024-24407.json index abee6e27a5f..b458ae20920 100644 --- a/2024/24xxx/GSD-2024-24407.json +++ b/2024/24xxx/GSD-2024-24407.json @@ -33,6 +33,32 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component." + } + ], + "id": "CVE-2024-24407", + "lastModified": "2024-03-28T23:15:46.283", + "metrics": {}, + "published": "2024-03-28T23:15:46.283", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/modian-un/CVE/blob/main/Barangay%20Population%20Monitoring%20System.md" + }, + { + "source": "cve@mitre.org", + "url": "https://github.com/modian-un/CVE/blob/main/Best%20courier%20management%20system.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Received" + } } } } \ No newline at end of file diff --git a/2024/24xxx/GSD-2024-24681.json b/2024/24xxx/GSD-2024-24681.json index 140b1525072..e770d3f80b9 100644 --- a/2024/24xxx/GSD-2024-24681.json +++ b/2024/24xxx/GSD-2024-24681.json @@ -84,17 +84,25 @@ "descriptions": [ { "lang": "en", - "value": "Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents." + "value": "An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). There is a single hardcoded key (used to encrypt provisioning documents) across customers' installations." + }, + { + "lang": "es", + "value": "Clave AES insegura en la herramienta de cifrado de configuraci\u00f3n de Yealink inferior a la versi\u00f3n 1.2. Se filtr\u00f3 una \u00fanica clave AES codificada en todo el proveedor en la herramienta de configuraci\u00f3n utilizada para cifrar los documentos de aprovisionamiento, lo que comprometi\u00f3 la confidencialidad de los documentos de aprovisionamiento." } ], "id": "CVE-2024-24681", - "lastModified": "2024-02-26T13:42:22.567", + "lastModified": "2024-03-28T08:15:26.453", "metrics": {}, "published": "2024-02-23T23:15:09.687", "references": [ { "source": "cve@mitre.org", - "url": "https://www.reddit.com/r/VOIP/comments/ys9mel/what_are_some_of_the_good_white_label_voip/" + "url": "https://github.com/gitaware/CVE/tree/main/CVE-2024-24681" + }, + { + "source": "cve@mitre.org", + "url": "https://seclists.org/fulldisclosure/2024/Feb/22" } ], "sourceIdentifier": "cve@mitre.org", diff --git a/2024/25xxx/GSD-2024-25506.json b/2024/25xxx/GSD-2024-25506.json index c2bf06b38ab..08583cfb2fe 100644 --- a/2024/25xxx/GSD-2024-25506.json +++ b/2024/25xxx/GSD-2024-25506.json @@ -33,6 +33,28 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie." + } + ], + "id": "CVE-2024-25506", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T20:15:07.773", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://medium.com/%40proflamyt/cve-2024-25506-425ba3212fb6" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2024/25xxx/GSD-2024-25599.json b/2024/25xxx/GSD-2024-25599.json index 18c7615e8e0..400d6e52df5 100644 --- a/2024/25xxx/GSD-2024-25599.json +++ b/2024/25xxx/GSD-2024-25599.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Castos Seriously Simple Podcasting allows Reflected XSS.This issue affects Seriously Simple Podcasting: from n/a through 3.0.2.\n\n" + } + ], + "id": "CVE-2024-25599", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:15:54.823", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/seriously-simple-podcasting/wordpress-seriously-simple-podcasting-plugin-3-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/25xxx/GSD-2024-25923.json b/2024/25xxx/GSD-2024-25923.json index ead67bb3b11..774e4508a11 100644 --- a/2024/25xxx/GSD-2024-25923.json +++ b/2024/25xxx/GSD-2024-25923.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.2.7.0.\n\n" + } + ], + "id": "CVE-2024-25923", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:15:55.590", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-plugin-6-2-7-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/25xxx/GSD-2024-25924.json b/2024/25xxx/GSD-2024-25924.json index a046a520f3a..1b9440042eb 100644 --- a/2024/25xxx/GSD-2024-25924.json +++ b/2024/25xxx/GSD-2024-25924.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3.\n\n" + } + ], + "id": "CVE-2024-25924", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:15:56.460", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/testimonial-widgets/wordpress-wp-testimonials-plugin-1-4-3-admin-sql-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/25xxx/GSD-2024-25946.json b/2024/25xxx/GSD-2024-25946.json index 2d6e746db07..d169085099f 100644 --- a/2024/25xxx/GSD-2024-25946.json +++ b/2024/25xxx/GSD-2024-25946.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity." + } + ], + "id": "CVE-2024-25946", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9, + "source": "security_alert@emc.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T19:15:47.010", + "references": [ + { + "source": "security_alert@emc.com", + "url": "https://www.dell.com/support/kbdoc/en-us/000223609/dsa-2024-108-dell-powermaxos-5978-dell-powermax-os-10-0-1-5-dell-powermax-os-10-1-0-2-dell-unisphere-360-unisphere-powermax-unisphere-powermax-vapp-dell-solutions-enabler-vapp-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities" + } + ], + "sourceIdentifier": "security_alert@emc.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ], + "source": "security_alert@emc.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/25xxx/GSD-2024-25952.json b/2024/25xxx/GSD-2024-25952.json index 840d85e049e..015fcd2cfd2 100644 --- a/2024/25xxx/GSD-2024-25952.json +++ b/2024/25xxx/GSD-2024-25952.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering." + } + ], + "id": "CVE-2024-25952", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.0, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.2, + "source": "security_alert@emc.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T19:15:47.200", + "references": [ + { + "source": "security_alert@emc.com", + "url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities" + } + ], + "sourceIdentifier": "security_alert@emc.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-61" + } + ], + "source": "security_alert@emc.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/25xxx/GSD-2024-25953.json b/2024/25xxx/GSD-2024-25953.json index f17bd8736bd..ff4d22e6699 100644 --- a/2024/25xxx/GSD-2024-25953.json +++ b/2024/25xxx/GSD-2024-25953.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering." + } + ], + "id": "CVE-2024-25953", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.0, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.2, + "source": "security_alert@emc.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T19:15:47.393", + "references": [ + { + "source": "security_alert@emc.com", + "url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities" + } + ], + "sourceIdentifier": "security_alert@emc.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-61" + } + ], + "source": "security_alert@emc.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/25xxx/GSD-2024-25954.json b/2024/25xxx/GSD-2024-25954.json index f192b442f7e..042bb0423de 100644 --- a/2024/25xxx/GSD-2024-25954.json +++ b/2024/25xxx/GSD-2024-25954.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service." + } + ], + "id": "CVE-2024-25954", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4, + "source": "security_alert@emc.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T19:15:47.587", + "references": [ + { + "source": "security_alert@emc.com", + "url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities" + } + ], + "sourceIdentifier": "security_alert@emc.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-613" + } + ], + "source": "security_alert@emc.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/25xxx/GSD-2024-25955.json b/2024/25xxx/GSD-2024-25955.json index b5d0353da19..8b3bc89e943 100644 --- a/2024/25xxx/GSD-2024-25955.json +++ b/2024/25xxx/GSD-2024-25955.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity." + } + ], + "id": "CVE-2024-25955", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9, + "source": "security_alert@emc.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T19:15:47.790", + "references": [ + { + "source": "security_alert@emc.com", + "url": "https://www.dell.com/support/kbdoc/en-us/000223609/dsa-2024-108-dell-powermaxos-5978-dell-powermax-os-10-0-1-5-dell-powermax-os-10-1-0-2-dell-unisphere-360-unisphere-powermax-unisphere-powermax-vapp-dell-solutions-enabler-vapp-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities" + } + ], + "sourceIdentifier": "security_alert@emc.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ], + "source": "security_alert@emc.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/25xxx/GSD-2024-25959.json b/2024/25xxx/GSD-2024-25959.json index 49b51f4dd4c..2944f1db001 100644 --- a/2024/25xxx/GSD-2024-25959.json +++ b/2024/25xxx/GSD-2024-25959.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges." + } + ], + "id": "CVE-2024-25959", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.0, + "impactScore": 5.3, + "source": "security_alert@emc.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T18:15:07.767", + "references": [ + { + "source": "security_alert@emc.com", + "url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities" + } + ], + "sourceIdentifier": "security_alert@emc.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ], + "source": "security_alert@emc.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/25xxx/GSD-2024-25960.json b/2024/25xxx/GSD-2024-25960.json index b7f06e18147..1fefdae7ef3 100644 --- a/2024/25xxx/GSD-2024-25960.json +++ b/2024/25xxx/GSD-2024-25960.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges." + } + ], + "id": "CVE-2024-25960", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9, + "source": "security_alert@emc.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T19:15:47.970", + "references": [ + { + "source": "security_alert@emc.com", + "url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities" + } + ], + "sourceIdentifier": "security_alert@emc.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ], + "source": "security_alert@emc.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/25xxx/GSD-2024-25961.json b/2024/25xxx/GSD-2024-25961.json index b84310f7383..9d9fe09ed03 100644 --- a/2024/25xxx/GSD-2024-25961.json +++ b/2024/25xxx/GSD-2024-25961.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges." + } + ], + "id": "CVE-2024-25961", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.0, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.2, + "source": "security_alert@emc.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T18:15:08.013", + "references": [ + { + "source": "security_alert@emc.com", + "url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities" + } + ], + "sourceIdentifier": "security_alert@emc.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ], + "source": "security_alert@emc.com", + "type": "Secondary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/25xxx/GSD-2024-25963.json b/2024/25xxx/GSD-2024-25963.json index f1e558b258c..fdeb5715832 100644 --- a/2024/25xxx/GSD-2024-25963.json +++ b/2024/25xxx/GSD-2024-25963.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure." + } + ], + "id": "CVE-2024-25963", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6, + "source": "security_alert@emc.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T19:15:48.173", + "references": [ + { + "source": "security_alert@emc.com", + "url": "https://www.dell.com/support/kbdoc/en-us/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities" + } + ], + "sourceIdentifier": "security_alert@emc.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ], + "source": "security_alert@emc.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/25xxx/GSD-2024-25971.json b/2024/25xxx/GSD-2024-25971.json index f204adc1a8a..44e969a8d43 100644 --- a/2024/25xxx/GSD-2024-25971.json +++ b/2024/25xxx/GSD-2024-25971.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service." + } + ], + "id": "CVE-2024-25971", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.2, + "source": "security_alert@emc.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T19:15:48.373", + "references": [ + { + "source": "security_alert@emc.com", + "url": "https://www.dell.com/support/kbdoc/en-us/000223556/dsa-2024-132-security-update-dell-power-protect-data-manager-for-multiple-security-vulnerabilities" + } + ], + "sourceIdentifier": "security_alert@emc.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ], + "source": "security_alert@emc.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/27xxx/GSD-2024-27318.json b/2024/27xxx/GSD-2024-27318.json index db13037b199..e503adf3ee9 100644 --- a/2024/27xxx/GSD-2024-27318.json +++ b/2024/27xxx/GSD-2024-27318.json @@ -117,10 +117,14 @@ { "lang": "en", "value": "Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.\n" + }, + { + "lang": "es", + "value": "Las versiones del paquete onnx anteriores a la 1.15.0 inclusive son vulnerables a Directory Traversal ya que el campo external_data del tensor proto puede tener una ruta al archivo que est\u00e1 fuera del directorio actual del modelo o del directorio proporcionado por el usuario. La vulnerabilidad se produce como una omisi\u00f3n del parche agregado para CVE-2022-25882." } ], "id": "CVE-2024-27318", - "lastModified": "2024-02-23T19:31:25.817", + "lastModified": "2024-03-29T03:15:45.217", "metrics": { "cvssMetricV31": [ { @@ -151,6 +155,10 @@ "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "url": "https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20" }, + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/" + }, { "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "url": "https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479" diff --git a/2024/27xxx/GSD-2024-27319.json b/2024/27xxx/GSD-2024-27319.json index a4aab5c39b8..7d233996722 100644 --- a/2024/27xxx/GSD-2024-27319.json +++ b/2024/27xxx/GSD-2024-27319.json @@ -112,10 +112,14 @@ { "lang": "en", "value": "Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.\n" + }, + { + "lang": "es", + "value": "Las versiones del paquete onnx anteriores a la 1.15.0 inclusive son vulnerables a la lectura fuera de los l\u00edmites, ya que las funciones ONNX_ASSERT y ONNX_ASSERTM tienen una copia desactivada por una cadena." } ], "id": "CVE-2024-27319", - "lastModified": "2024-02-23T19:31:25.817", + "lastModified": "2024-03-29T03:15:45.323", "metrics": { "cvssMetricV31": [ { @@ -145,6 +149,10 @@ { "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "url": "https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287" + }, + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/" } ], "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", diff --git a/2024/27xxx/GSD-2024-27719.json b/2024/27xxx/GSD-2024-27719.json index b1175fda976..5b9ea3a64a6 100644 --- a/2024/27xxx/GSD-2024-27719.json +++ b/2024/27xxx/GSD-2024-27719.json @@ -33,6 +33,32 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ function." + } + ], + "id": "CVE-2024-27719", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T19:15:48.570", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://www.sourcecodester.com/php/17175/faq-management-system-using-php-and-mysql-source-code.html" + }, + { + "source": "cve@mitre.org", + "url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2024-002" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2024/27xxx/GSD-2024-27775.json b/2024/27xxx/GSD-2024-27775.json index 4d0cdb67a08..1f894af1ec5 100644 --- a/2024/27xxx/GSD-2024-27775.json +++ b/2024/27xxx/GSD-2024-27775.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "\nSysAid before version 23.2.14 b18 -\u00a0CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash\n\n" + } + ], + "id": "CVE-2024-27775", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9, + "source": "cna@cyber.gov.il", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T13:15:47.340", + "references": [ + { + "source": "cna@cyber.gov.il", + "url": "https://www.gov.il/en/Departments/faq/cve_advisories" + } + ], + "sourceIdentifier": "cna@cyber.gov.il", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ], + "source": "cna@cyber.gov.il", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/27xxx/GSD-2024-27999.json b/2024/27xxx/GSD-2024-27999.json index a0c279cfdd0..61b2f443edd 100644 --- a/2024/27xxx/GSD-2024-27999.json +++ b/2024/27xxx/GSD-2024-27999.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digamber Pradhan Preview E-mails for WooCommerce allows Reflected XSS.This issue affects Preview E-mails for WooCommerce: from n/a through 2.2.1.\n\n" + } + ], + "id": "CVE-2024-27999", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:15:57.430", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/woo-preview-emails/wordpress-preview-e-mails-for-woocommerce-plugin-2-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/28xxx/GSD-2024-28001.json b/2024/28xxx/GSD-2024-28001.json index 8f1992fdb27..d9296a9b0fe 100644 --- a/2024/28xxx/GSD-2024-28001.json +++ b/2024/28xxx/GSD-2024-28001.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Favicon Rotator allows Reflected XSS.This issue affects Favicon Rotator: from n/a through 1.2.10.\n\n" + } + ], + "id": "CVE-2024-28001", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:15:58.100", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/favicon-rotator/wordpress-favicon-rotator-plugin-1-2-10-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/28xxx/GSD-2024-28002.json b/2024/28xxx/GSD-2024-28002.json index df46d3e7adf..676d91f0c94 100644 --- a/2024/28xxx/GSD-2024-28002.json +++ b/2024/28xxx/GSD-2024-28002.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Cornerstone allows Reflected XSS.This issue affects Cornerstone: from n/a through 0.8.0.\n\n" + } + ], + "id": "CVE-2024-28002", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:15:58.923", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/cornerstone/wordpress-cornerstone-plugin-0-8-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/28xxx/GSD-2024-28003.json b/2024/28xxx/GSD-2024-28003.json index c159dd263e5..ef2fd411d76 100644 --- a/2024/28xxx/GSD-2024-28003.json +++ b/2024/28xxx/GSD-2024-28003.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3.\n\n" + } + ], + "id": "CVE-2024-28003", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T06:15:10.843", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/megamenu/wordpress-max-mega-menu-plugin-3-3-broken-access-control-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/28xxx/GSD-2024-28004.json b/2024/28xxx/GSD-2024-28004.json index d8ce9187596..0d46e314103 100644 --- a/2024/28xxx/GSD-2024-28004.json +++ b/2024/28xxx/GSD-2024-28004.json @@ -33,6 +33,63 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248.\n\n" + } + ], + "id": "CVE-2024-28004", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T06:15:11.690", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/colibri-page-builder/wordpress-colibri-page-builder-plugin-1-0-248-broken-access-control-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/28xxx/GSD-2024-28090.json b/2024/28xxx/GSD-2024-28090.json index ae003d3a6a6..3549a18c473 100644 --- a/2024/28xxx/GSD-2024-28090.json +++ b/2024/28xxx/GSD-2024-28090.json @@ -33,6 +33,28 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp." + } + ], + "id": "CVE-2024-28090", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T20:15:07.833", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/actuator/cve/blob/main/Technicolor/CVE-2024-28090" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2024/28xxx/GSD-2024-28091.json b/2024/28xxx/GSD-2024-28091.json index e1072a6b72b..cd0d7370510 100644 --- a/2024/28xxx/GSD-2024-28091.json +++ b/2024/28xxx/GSD-2024-28091.json @@ -33,6 +33,28 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed_services_add.asp (the victim must click an X for a deletion)." + } + ], + "id": "CVE-2024-28091", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T20:15:07.893", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/actuator/cve/blob/main/Technicolor/CVE-2024-28091" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2024/28xxx/GSD-2024-28109.json b/2024/28xxx/GSD-2024-28109.json index 86d2000b0ed..60a6e5e18a2 100644 --- a/2024/28xxx/GSD-2024-28109.json +++ b/2024/28xxx/GSD-2024-28109.json @@ -33,6 +33,79 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2." + } + ], + "id": "CVE-2024-28109", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2, + "source": "security-advisories@github.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T14:15:13.863", + "references": [ + { + "source": "security-advisories@github.com", + "url": "https://github.com/veraPDF/veraPDF-library/commit/614ffa477a2cf0819e4b0df1ab133610e0da25fb" + }, + { + "source": "security-advisories@github.com", + "url": "https://github.com/veraPDF/veraPDF-library/commit/9386ecbe1a1d1fb9e886d19df28851ed07890d9f" + }, + { + "source": "security-advisories@github.com", + "url": "https://github.com/veraPDF/veraPDF-library/commit/d5314cbdf4e058e0716f80dbdad2dbd8d96e6bfe" + }, + { + "source": "security-advisories@github.com", + "url": "https://github.com/veraPDF/veraPDF-library/issues/1415" + }, + { + "source": "security-advisories@github.com", + "url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-qxqf-2mfx-x8jw" + } + ], + "sourceIdentifier": "security-advisories@github.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-91" + } + ], + "source": "security-advisories@github.com", + "type": "Secondary" + } + ] + } } } } \ No newline at end of file diff --git a/2024/28xxx/GSD-2024-28456.json b/2024/28xxx/GSD-2024-28456.json index fdaf19682bd..9a6c44b5a34 100644 --- a/2024/28xxx/GSD-2024-28456.json +++ b/2024/28xxx/GSD-2024-28456.json @@ -33,6 +33,36 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form." + } + ], + "id": "CVE-2024-28456", + "lastModified": "2024-03-28T23:15:46.340", + "metrics": {}, + "published": "2024-03-28T23:15:46.340", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://drive.google.com/file/d/1J3-mKlXpHYqOwlUyffRT-ibWa0joB3xC/view?usp=sharing" + }, + { + "source": "cve@mitre.org", + "url": "https://pastebin.com/CYMDR4ss" + }, + { + "source": "cve@mitre.org", + "url": "https://www.campcodes.com/projects/php/online-marriage-registration-system/" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Received" + } } } } \ No newline at end of file diff --git a/2024/28xxx/GSD-2024-28713.json b/2024/28xxx/GSD-2024-28713.json index 371368cc596..91914f5fecf 100644 --- a/2024/28xxx/GSD-2024-28713.json +++ b/2024/28xxx/GSD-2024-28713.json @@ -33,6 +33,56 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature." + } + ], + "id": "CVE-2024-28713", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T19:15:48.630", + "references": [ + { + "source": "cve@mitre.org", + "url": "http://mblog.com" + }, + { + "source": "cve@mitre.org", + "url": "https://gitee.com/mtons/mblog" + }, + { + "source": "cve@mitre.org", + "url": "https://github.com/JiangXiaoBaiJia/cve/blob/main/%E5%9B%BE%E7%89%871.png" + }, + { + "source": "cve@mitre.org", + "url": "https://github.com/JiangXiaoBaiJia/cve/blob/main/%E5%9B%BE%E7%89%872.png" + }, + { + "source": "cve@mitre.org", + "url": "https://github.com/JiangXiaoBaiJia/cve/blob/main/%E5%9B%BE%E7%89%873.png" + }, + { + "source": "cve@mitre.org", + "url": "https://github.com/JiangXiaoBaiJia/cve/blob/main/%E5%9B%BE%E7%89%874.png" + }, + { + "source": "cve@mitre.org", + "url": "https://github.com/JiangXiaoBaiJia/cve/blob/main/%E5%9B%BE%E7%89%875.png" + }, + { + "source": "cve@mitre.org", + "url": "https://github.com/JiangXiaoBaiJia/cve/blob/main/Mblog%20blog%20system%20has%20SSTI%20template%20injection%20vulnerability.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } } } } \ No newline at end of file diff --git a/2024/28xxx/GSD-2024-28714.json b/2024/28xxx/GSD-2024-28714.json index 05bedccb14b..379ec8322f8 100644 --- a/2024/28xxx/GSD-2024-28714.json +++ b/2024/28xxx/GSD-2024-28714.json @@ -33,6 +33,40 @@ } ] } + }, + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter." + } + ], + "id": "CVE-2024-28714", + "lastModified": "2024-03-28T23:15:46.410", + "metrics": {}, + "published": "2024-03-28T23:15:46.410", + "references": [ + { + "source": "cve@mitre.org", + "url": "http://crmebjava.com" + }, + { + "source": "cve@mitre.org", + "url": "https://gitee.com/ZhongBangKeJi/crmeb_java" + }, + { + "source": "cve@mitre.org", + "url": "https://github.com/JiangXiaoBaiJia/cve2/blob/main/1.md" + }, + { + "source": "cve@mitre.org", + "url": "https://github.com/JiangXiaoBaiJia/cve2/blob/main/a.png" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Received" + } } } } \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29090.json b/2024/29xxx/GSD-2024-29090.json new file mode 100644 index 00000000000..f933f084c9a --- /dev/null +++ b/2024/29xxx/GSD-2024-29090.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.\n\n" + } + ], + "id": "CVE-2024-29090", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.0, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T06:15:12.447", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-2-1-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29100.json b/2024/29xxx/GSD-2024-29100.json new file mode 100644 index 00000000000..e26990ffde5 --- /dev/null +++ b/2024/29xxx/GSD-2024-29100.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.\n\n" + } + ], + "id": "CVE-2024-29100", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T06:15:13.223", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-2-1-4-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29200.json b/2024/29xxx/GSD-2024-29200.json new file mode 100644 index 00000000000..246667522e9 --- /dev/null +++ b/2024/29xxx/GSD-2024-29200.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0." + } + ], + "id": "CVE-2024-29200", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.0, + "source": "security-advisories@github.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T14:15:14.100", + "references": [ + { + "source": "security-advisories@github.com", + "url": "https://github.com/kimai/kimai/security/advisories/GHSA-cj3c-5xpm-cx94" + } + ], + "sourceIdentifier": "security-advisories@github.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-1220" + } + ], + "source": "security-advisories@github.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29227.json b/2024/29xxx/GSD-2024-29227.json new file mode 100644 index 00000000000..13c07df1237 --- /dev/null +++ b/2024/29xxx/GSD-2024-29227.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors." + } + ], + "id": "CVE-2024-29227", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:15:59.770", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "security@synology.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29228.json b/2024/29xxx/GSD-2024-29228.json new file mode 100644 index 00000000000..48a678d5922 --- /dev/null +++ b/2024/29xxx/GSD-2024-29228.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors." + } + ], + "id": "CVE-2024-29228", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:00.733", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ], + "source": "security@synology.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29229.json b/2024/29xxx/GSD-2024-29229.json new file mode 100644 index 00000000000..9b89ea1aa03 --- /dev/null +++ b/2024/29xxx/GSD-2024-29229.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors." + } + ], + "id": "CVE-2024-29229", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:02.680", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ], + "source": "security@synology.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29230.json b/2024/29xxx/GSD-2024-29230.json new file mode 100644 index 00000000000..bdf155eb664 --- /dev/null +++ b/2024/29xxx/GSD-2024-29230.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors." + } + ], + "id": "CVE-2024-29230", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:03.380", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "security@synology.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29231.json b/2024/29xxx/GSD-2024-29231.json new file mode 100644 index 00000000000..da94ee96dde --- /dev/null +++ b/2024/29xxx/GSD-2024-29231.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors." + } + ], + "id": "CVE-2024-29231", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:04.170", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-129" + } + ], + "source": "security@synology.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29232.json b/2024/29xxx/GSD-2024-29232.json new file mode 100644 index 00000000000..e85f08d93f2 --- /dev/null +++ b/2024/29xxx/GSD-2024-29232.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors." + } + ], + "id": "CVE-2024-29232", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:05.133", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "security@synology.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29233.json b/2024/29xxx/GSD-2024-29233.json new file mode 100644 index 00000000000..47d877ff86a --- /dev/null +++ b/2024/29xxx/GSD-2024-29233.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors." + } + ], + "id": "CVE-2024-29233", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:06.060", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "security@synology.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29234.json b/2024/29xxx/GSD-2024-29234.json new file mode 100644 index 00000000000..e648a467ae3 --- /dev/null +++ b/2024/29xxx/GSD-2024-29234.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors." + } + ], + "id": "CVE-2024-29234", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:06.830", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "security@synology.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29235.json b/2024/29xxx/GSD-2024-29235.json new file mode 100644 index 00000000000..dfa85eed891 --- /dev/null +++ b/2024/29xxx/GSD-2024-29235.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors." + } + ], + "id": "CVE-2024-29235", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:07.657", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "security@synology.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29236.json b/2024/29xxx/GSD-2024-29236.json new file mode 100644 index 00000000000..d19678ef268 --- /dev/null +++ b/2024/29xxx/GSD-2024-29236.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors." + } + ], + "id": "CVE-2024-29236", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:08.340", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "security@synology.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29237.json b/2024/29xxx/GSD-2024-29237.json new file mode 100644 index 00000000000..c3a93168e51 --- /dev/null +++ b/2024/29xxx/GSD-2024-29237.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors." + } + ], + "id": "CVE-2024-29237", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:09.077", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "security@synology.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29238.json b/2024/29xxx/GSD-2024-29238.json new file mode 100644 index 00000000000..1658584765e --- /dev/null +++ b/2024/29xxx/GSD-2024-29238.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors." + } + ], + "id": "CVE-2024-29238", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:09.570", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "security@synology.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29239.json b/2024/29xxx/GSD-2024-29239.json new file mode 100644 index 00000000000..1567db2bb36 --- /dev/null +++ b/2024/29xxx/GSD-2024-29239.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors." + } + ], + "id": "CVE-2024-29239", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:10.293", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "security@synology.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29240.json b/2024/29xxx/GSD-2024-29240.json new file mode 100644 index 00000000000..0115e3fcdf3 --- /dev/null +++ b/2024/29xxx/GSD-2024-29240.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors." + } + ], + "id": "CVE-2024-29240", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:11.083", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ], + "source": "security@synology.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29241.json b/2024/29xxx/GSD-2024-29241.json new file mode 100644 index 00000000000..439f96b4075 --- /dev/null +++ b/2024/29xxx/GSD-2024-29241.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors." + } + ], + "id": "CVE-2024-29241", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0, + "source": "security@synology.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:12.177", + "references": [ + { + "source": "security@synology.com", + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_04" + } + ], + "sourceIdentifier": "security@synology.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ], + "source": "security@synology.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29316.json b/2024/29xxx/GSD-2024-29316.json new file mode 100644 index 00000000000..9d26f2d0d13 --- /dev/null +++ b/2024/29xxx/GSD-2024-29316.json @@ -0,0 +1,30 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "NodeBB 3.6.7 is vulnerable to Incorrect Access Control." + } + ], + "id": "CVE-2024-29316", + "lastModified": "2024-03-28T23:15:46.470", + "metrics": {}, + "published": "2024-03-28T23:15:46.470", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://medium.com/%40krityamkarma858041/broken-access-control-nodebb-v3-6-7-eebc59c24deb" + }, + { + "source": "cve@mitre.org", + "url": "https://nodebb.org/bounty/" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Received" + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29489.json b/2024/29xxx/GSD-2024-29489.json new file mode 100644 index 00000000000..81fe3a0d437 --- /dev/null +++ b/2024/29xxx/GSD-2024-29489.json @@ -0,0 +1,38 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type." + } + ], + "id": "CVE-2024-29489", + "lastModified": "2024-03-28T23:15:46.527", + "metrics": {}, + "published": "2024-03-28T23:15:46.527", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://gist.github.com/gandalf4a/9826a897ae1e3c8d1c7e71a1ec71d415" + }, + { + "source": "cve@mitre.org", + "url": "https://github.com/jerryscript-project/jerryscript/commit/cefd391772529c8a9531d7b3c244d78d38be47c6" + }, + { + "source": "cve@mitre.org", + "url": "https://github.com/jerryscript-project/jerryscript/issues/5101" + }, + { + "source": "cve@mitre.org", + "url": "https://github.com/jerryscript-project/jerryscript/pull/5129" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Received" + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29882.json b/2024/29xxx/GSD-2024-29882.json new file mode 100644 index 00000000000..d12dc06447c --- /dev/null +++ b/2024/29xxx/GSD-2024-29882.json @@ -0,0 +1,65 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-?callback=` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121." + } + ], + "id": "CVE-2024-29882", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7, + "source": "security-advisories@github.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T14:15:14.337", + "references": [ + { + "source": "security-advisories@github.com", + "url": "https://github.com/ossrs/srs/commit/244ce7bc013a0b805274a65132a2980680ba6b9d" + }, + { + "source": "security-advisories@github.com", + "url": "https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7" + } + ], + "sourceIdentifier": "security-advisories@github.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ], + "source": "security-advisories@github.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29896.json b/2024/29xxx/GSD-2024-29896.json new file mode 100644 index 00000000000..89d28b8b80e --- /dev/null +++ b/2024/29xxx/GSD-2024-29896.json @@ -0,0 +1,65 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be \"allow-listing\" malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0." + } + ], + "id": "CVE-2024-29896", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6, + "source": "security-advisories@github.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T13:15:47.717", + "references": [ + { + "source": "security-advisories@github.com", + "url": "https://github.com/KindSpells/astro-shield/commit/41b84576d37fa486a57005ea297658d0bc38566d" + }, + { + "source": "security-advisories@github.com", + "url": "https://github.com/KindSpells/astro-shield/security/advisories/GHSA-w387-5qqw-7g8m" + } + ], + "sourceIdentifier": "security-advisories@github.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ], + "source": "security-advisories@github.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29897.json b/2024/29xxx/GSD-2024-29897.json new file mode 100644 index 00000000000..bb256379dc7 --- /dev/null +++ b/2024/29xxx/GSD-2024-29897.json @@ -0,0 +1,73 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937." + } + ], + "id": "CVE-2024-29897", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6, + "source": "security-advisories@github.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T14:15:14.557", + "references": [ + { + "source": "security-advisories@github.com", + "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq" + }, + { + "source": "security-advisories@github.com", + "url": "https://github.com/miraheze/mw-config/commit/fb3e68bcef459e9cf2a415241b28042a6c9727e8" + }, + { + "source": "security-advisories@github.com", + "url": "https://issue-tracker.miraheze.org/F3093343" + }, + { + "source": "security-advisories@github.com", + "url": "https://issue-tracker.miraheze.org/T11999" + } + ], + "sourceIdentifier": "security-advisories@github.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ], + "source": "security-advisories@github.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/29xxx/GSD-2024-29898.json b/2024/29xxx/GSD-2024-29898.json new file mode 100644 index 00000000000..ad8e55fdec5 --- /dev/null +++ b/2024/29xxx/GSD-2024-29898.json @@ -0,0 +1,69 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c." + } + ], + "id": "CVE-2024-29898", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6, + "source": "security-advisories@github.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T14:15:14.783", + "references": [ + { + "source": "security-advisories@github.com", + "url": "https://github.com/miraheze/CreateWiki/commit/8f8442ed5299510ea3e58416004b9334134c149c" + }, + { + "source": "security-advisories@github.com", + "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-4rcf-3cj2-46mq" + }, + { + "source": "security-advisories@github.com", + "url": "https://github.com/miraheze/CreateWiki/security/advisories/GHSA-5rcv-cf88-gv8v" + } + ], + "sourceIdentifier": "security-advisories@github.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ], + "source": "security-advisories@github.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/2xxx/GSD-2024-2091.json b/2024/2xxx/GSD-2024-2091.json index 681f1afd7f7..6bfaa2e6999 100644 --- a/2024/2xxx/GSD-2024-2091.json +++ b/2024/2xxx/GSD-2024-2091.json @@ -43,7 +43,7 @@ } ], "id": "CVE-2024-2091", - "lastModified": "2024-03-28T03:15:07.887", + "lastModified": "2024-03-28T12:42:56.150", "metrics": { "cvssMetricV31": [ { @@ -84,7 +84,7 @@ } ], "sourceIdentifier": "security@wordfence.com", - "vulnStatus": "Received" + "vulnStatus": "Awaiting Analysis" } } } diff --git a/2024/2xxx/GSD-2024-2110.json b/2024/2xxx/GSD-2024-2110.json index 164d8af8500..38755606bfe 100644 --- a/2024/2xxx/GSD-2024-2110.json +++ b/2024/2xxx/GSD-2024-2110.json @@ -43,7 +43,7 @@ } ], "id": "CVE-2024-2110", - "lastModified": "2024-03-28T02:15:09.990", + "lastModified": "2024-03-28T12:42:56.150", "metrics": { "cvssMetricV31": [ { @@ -80,7 +80,7 @@ } ], "sourceIdentifier": "security@wordfence.com", - "vulnStatus": "Received" + "vulnStatus": "Awaiting Analysis" } } } diff --git a/2024/2xxx/GSD-2024-2111.json b/2024/2xxx/GSD-2024-2111.json index b9aaa1f1e89..a30873482e7 100644 --- a/2024/2xxx/GSD-2024-2111.json +++ b/2024/2xxx/GSD-2024-2111.json @@ -43,7 +43,7 @@ } ], "id": "CVE-2024-2111", - "lastModified": "2024-03-28T02:15:10.397", + "lastModified": "2024-03-28T12:42:56.150", "metrics": { "cvssMetricV31": [ { @@ -80,7 +80,7 @@ } ], "sourceIdentifier": "security@wordfence.com", - "vulnStatus": "Received" + "vulnStatus": "Awaiting Analysis" } } } diff --git a/2024/2xxx/GSD-2024-2818.json b/2024/2xxx/GSD-2024-2818.json new file mode 100644 index 00000000000..6f5b415603c --- /dev/null +++ b/2024/2xxx/GSD-2024-2818.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels." + } + ], + "id": "CVE-2024-2818", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4, + "source": "cve@gitlab.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T08:15:26.590", + "references": [ + { + "source": "cve@gitlab.com", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/434803" + } + ], + "sourceIdentifier": "cve@gitlab.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ], + "source": "cve@gitlab.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/2xxx/GSD-2024-2883.json b/2024/2xxx/GSD-2024-2883.json index e52a44dea6d..94a1e6e1d1c 100644 --- a/2024/2xxx/GSD-2024-2883.json +++ b/2024/2xxx/GSD-2024-2883.json @@ -13,7 +13,7 @@ } ], "id": "CVE-2024-2883", - "lastModified": "2024-03-27T12:29:30.307", + "lastModified": "2024-03-29T04:15:08.743", "metrics": {}, "published": "2024-03-26T21:15:53.173", "references": [ @@ -24,6 +24,18 @@ { "source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/327807820" + }, + { + "source": "chrome-cve-admin@google.com", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/" + }, + { + "source": "chrome-cve-admin@google.com", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/" + }, + { + "source": "chrome-cve-admin@google.com", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/" } ], "sourceIdentifier": "chrome-cve-admin@google.com", diff --git a/2024/2xxx/GSD-2024-2885.json b/2024/2xxx/GSD-2024-2885.json index 9bced3eac44..09fb384bc20 100644 --- a/2024/2xxx/GSD-2024-2885.json +++ b/2024/2xxx/GSD-2024-2885.json @@ -13,7 +13,7 @@ } ], "id": "CVE-2024-2885", - "lastModified": "2024-03-27T12:29:30.307", + "lastModified": "2024-03-29T04:15:09.077", "metrics": {}, "published": "2024-03-26T21:15:53.220", "references": [ @@ -24,6 +24,18 @@ { "source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/328958020" + }, + { + "source": "chrome-cve-admin@google.com", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/" + }, + { + "source": "chrome-cve-admin@google.com", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/" + }, + { + "source": "chrome-cve-admin@google.com", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/" } ], "sourceIdentifier": "chrome-cve-admin@google.com", diff --git a/2024/2xxx/GSD-2024-2886.json b/2024/2xxx/GSD-2024-2886.json index a52e609254f..b2754ff3fdc 100644 --- a/2024/2xxx/GSD-2024-2886.json +++ b/2024/2xxx/GSD-2024-2886.json @@ -13,7 +13,7 @@ } ], "id": "CVE-2024-2886", - "lastModified": "2024-03-27T12:29:30.307", + "lastModified": "2024-03-29T04:15:09.233", "metrics": {}, "published": "2024-03-26T21:15:53.260", "references": [ @@ -24,6 +24,18 @@ { "source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/330575496" + }, + { + "source": "chrome-cve-admin@google.com", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/" + }, + { + "source": "chrome-cve-admin@google.com", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/" + }, + { + "source": "chrome-cve-admin@google.com", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/" } ], "sourceIdentifier": "chrome-cve-admin@google.com", diff --git a/2024/2xxx/GSD-2024-2887.json b/2024/2xxx/GSD-2024-2887.json index 2c13eb8e4ba..cf19952cbce 100644 --- a/2024/2xxx/GSD-2024-2887.json +++ b/2024/2xxx/GSD-2024-2887.json @@ -13,7 +13,7 @@ } ], "id": "CVE-2024-2887", - "lastModified": "2024-03-27T12:29:30.307", + "lastModified": "2024-03-29T04:15:09.423", "metrics": {}, "published": "2024-03-26T21:15:53.300", "references": [ @@ -24,6 +24,18 @@ { "source": "chrome-cve-admin@google.com", "url": "https://issues.chromium.org/issues/330588502" + }, + { + "source": "chrome-cve-admin@google.com", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/" + }, + { + "source": "chrome-cve-admin@google.com", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/" + }, + { + "source": "chrome-cve-admin@google.com", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/" } ], "sourceIdentifier": "chrome-cve-admin@google.com", diff --git a/2024/2xxx/GSD-2024-2890.json b/2024/2xxx/GSD-2024-2890.json new file mode 100644 index 00000000000..767652db171 --- /dev/null +++ b/2024/2xxx/GSD-2024-2890.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.\n\n" + } + ], + "id": "CVE-2024-2890", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T07:16:13.303", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/tumult-hype-animations/wordpress-tumult-hype-animations-plugin-1-9-12-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/2xxx/GSD-2024-2947.json b/2024/2xxx/GSD-2024-2947.json new file mode 100644 index 00000000000..39e42c55b51 --- /dev/null +++ b/2024/2xxx/GSD-2024-2947.json @@ -0,0 +1,65 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer." + } + ], + "id": "CVE-2024-2947", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9, + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T19:15:48.693", + "references": [ + { + "source": "secalert@redhat.com", + "url": "https://access.redhat.com/security/cve/CVE-2024-2947" + }, + { + "source": "secalert@redhat.com", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271614" + } + ], + "sourceIdentifier": "secalert@redhat.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ], + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30200.json b/2024/30xxx/GSD-2024-30200.json new file mode 100644 index 00000000000..99aa36cf251 --- /dev/null +++ b/2024/30xxx/GSD-2024-30200.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR allows Reflected XSS.This issue affects BEAR: from n/a through 1.1.4.2.\n\n" + } + ], + "id": "CVE-2024-30200", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T06:15:13.960", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30221.json b/2024/30xxx/GSD-2024-30221.json new file mode 100644 index 00000000000..f6db291240c --- /dev/null +++ b/2024/30xxx/GSD-2024-30221.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1.\n\n" + } + ], + "id": "CVE-2024-30221", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T06:15:14.783", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-1-1-php-object-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30222.json b/2024/30xxx/GSD-2024-30222.json new file mode 100644 index 00000000000..51b3ada0f0d --- /dev/null +++ b/2024/30xxx/GSD-2024-30222.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.\n\n" + } + ], + "id": "CVE-2024-30222", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 1.8, + "impactScore": 6.0, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:49.920", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-26-php-object-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30223.json b/2024/30xxx/GSD-2024-30223.json new file mode 100644 index 00000000000..b7543c59928 --- /dev/null +++ b/2024/30xxx/GSD-2024-30223.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.\n\n" + } + ], + "id": "CVE-2024-30223", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 2.2, + "impactScore": 6.0, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:50.140", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-26-unauthenticated-php-object-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30224.json b/2024/30xxx/GSD-2024-30224.json new file mode 100644 index 00000000000..aecc2160e19 --- /dev/null +++ b/2024/30xxx/GSD-2024-30224.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.\n\n" + } + ], + "id": "CVE-2024-30224", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:50.323", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-2-unauthenticated-php-object-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30225.json b/2024/30xxx/GSD-2024-30225.json new file mode 100644 index 00000000000..3c869e59235 --- /dev/null +++ b/2024/30xxx/GSD-2024-30225.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10.\n\n" + } + ], + "id": "CVE-2024-30225", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:50.533", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/wp-migrate-db-pro/wordpress-wp-migrate-plugin-2-6-10-unauthenticated-php-object-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30226.json b/2024/30xxx/GSD-2024-30226.json new file mode 100644 index 00000000000..b92a3a39643 --- /dev/null +++ b/2024/30xxx/GSD-2024-30226.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3.\n\n" + } + ], + "id": "CVE-2024-30226", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 2.2, + "impactScore": 6.0, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:50.733", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/betterdocs/wordpress-betterdocs-plugin-3-3-3-unauthenticated-php-object-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30227.json b/2024/30xxx/GSD-2024-30227.json new file mode 100644 index 00000000000..f6c349383a4 --- /dev/null +++ b/2024/30xxx/GSD-2024-30227.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4.\n\n" + } + ], + "id": "CVE-2024-30227", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 2.2, + "impactScore": 6.0, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:50.923", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/cf-geoplugin/wordpress-geo-controller-plugin-8-6-4-php-object-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30228.json b/2024/30xxx/GSD-2024-30228.json new file mode 100644 index 00000000000..1cec7db2267 --- /dev/null +++ b/2024/30xxx/GSD-2024-30228.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.\n\n" + } + ], + "id": "CVE-2024-30228", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:51.113", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/hercules-core/wordpress-hercules-core-plugin-6-4-subscriber-php-object-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30229.json b/2024/30xxx/GSD-2024-30229.json new file mode 100644 index 00000000000..c4339062b7f --- /dev/null +++ b/2024/30xxx/GSD-2024-30229.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.4.2.\n\n" + } + ], + "id": "CVE-2024-30229", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 1.3, + "impactScore": 6.0, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:51.310", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/give/wordpress-give-plugin-3-4-2-php-object-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ], + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30230.json b/2024/30xxx/GSD-2024-30230.json new file mode 100644 index 00000000000..b0a76b0ec62 --- /dev/null +++ b/2024/30xxx/GSD-2024-30230.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce: from n/a through 1.3.7.\n\n" + } + ], + "id": "CVE-2024-30230", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.8, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:51.500", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/pdf-invoices-and-packing-slips-for-woocommerce/wordpress-pdf-invoices-and-packing-slips-for-woocommerce-plugin-1-3-7-php-object-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30236.json b/2024/30xxx/GSD-2024-30236.json new file mode 100644 index 00000000000..8cd9f017e11 --- /dev/null +++ b/2024/30xxx/GSD-2024-30236.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.\n\n" + } + ], + "id": "CVE-2024-30236", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:51.687", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-3-4-sql-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30237.json b/2024/30xxx/GSD-2024-30237.json new file mode 100644 index 00000000000..cd5d6a4c8d1 --- /dev/null +++ b/2024/30xxx/GSD-2024-30237.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Supsystic Slider by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.10.\n\n" + } + ], + "id": "CVE-2024-30237", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:51.880", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-10-sql-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30239.json b/2024/30xxx/GSD-2024-30239.json new file mode 100644 index 00000000000..24af61c027b --- /dev/null +++ b/2024/30xxx/GSD-2024-30239.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6.\n\n" + } + ], + "id": "CVE-2024-30239", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:52.077", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/zoho-campaigns/wordpress-zoho-campaigns-plugin-2-0-6-sql-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30240.json b/2024/30xxx/GSD-2024-30240.json new file mode 100644 index 00000000000..6056ea23f08 --- /dev/null +++ b/2024/30xxx/GSD-2024-30240.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7.\n\n" + } + ], + "id": "CVE-2024-30240", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:52.273", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/calendarista/wordpress-calendarista-plugin-15-5-7-sql-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30241.json b/2024/30xxx/GSD-2024-30241.json new file mode 100644 index 00000000000..530bd3b84e2 --- /dev/null +++ b/2024/30xxx/GSD-2024-30241.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.\n\n" + } + ], + "id": "CVE-2024-30241", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:52.460", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-memberships-groups-and-communities-plugin-5-7-1-contributor-sql-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30242.json b/2024/30xxx/GSD-2024-30242.json new file mode 100644 index 00000000000..77f4c09f56e --- /dev/null +++ b/2024/30xxx/GSD-2024-30242.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions Contact Form to Any API.This issue affects Contact Form to Any API: from n/a through 1.1.8.\n\n" + } + ], + "id": "CVE-2024-30242", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:52.653", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/contact-form-to-any-api/wordpress-contact-form-to-any-api-plugin-1-1-8-subscriber-sql-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30243.json b/2024/30xxx/GSD-2024-30243.json new file mode 100644 index 00000000000..4770eaeffe3 --- /dev/null +++ b/2024/30xxx/GSD-2024-30243.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5.\n\n" + } + ], + "id": "CVE-2024-30243", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:52.847", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-4-5-contributor-sql-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30244.json b/2024/30xxx/GSD-2024-30244.json new file mode 100644 index 00000000000..3a918c079ae --- /dev/null +++ b/2024/30xxx/GSD-2024-30244.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.\n\n" + } + ], + "id": "CVE-2024-30244", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:53.037", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-0-27-sql-injection-via-shortcode-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30245.json b/2024/30xxx/GSD-2024-30245.json new file mode 100644 index 00000000000..d51cab3af7a --- /dev/null +++ b/2024/30xxx/GSD-2024-30245.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DecaLog.This issue affects DecaLog: from n/a through 3.9.0.\n\n" + } + ], + "id": "CVE-2024-30245", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T05:15:53.237", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/decalog/wordpress-decalog-plugin-3-9-0-sql-injection-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30421.json b/2024/30xxx/GSD-2024-30421.json new file mode 100644 index 00000000000..c4499a43e4d --- /dev/null +++ b/2024/30xxx/GSD-2024-30421.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1.\n\n" + } + ], + "id": "CVE-2024-30421", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T09:15:08.077", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/events-manager/wordpress-events-manager-plugin-6-4-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30422.json b/2024/30xxx/GSD-2024-30422.json new file mode 100644 index 00000000000..d2f4b0aab5b --- /dev/null +++ b/2024/30xxx/GSD-2024-30422.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1.\n\n" + } + ], + "id": "CVE-2024-30422", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7, + "source": "audit@patchstack.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T09:15:08.290", + "references": [ + { + "source": "audit@patchstack.com", + "url": "https://patchstack.com/database/vulnerability/addon-elements-for-elementor-page-builder/wordpress-elementor-addon-elements-plugin-1-13-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "sourceIdentifier": "audit@patchstack.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ], + "source": "audit@patchstack.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30583.json b/2024/30xxx/GSD-2024-30583.json new file mode 100644 index 00000000000..a8a4774b93f --- /dev/null +++ b/2024/30xxx/GSD-2024-30583.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function." + } + ], + "id": "CVE-2024-30583", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T14:15:14.997", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromAddressNat_mitInterface.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30584.json b/2024/30xxx/GSD-2024-30584.json new file mode 100644 index 00000000000..777c996b349 --- /dev/null +++ b/2024/30xxx/GSD-2024-30584.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function." + } + ], + "id": "CVE-2024-30584", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T14:15:15.047", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWifiBasicSet_security.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30585.json b/2024/30xxx/GSD-2024-30585.json new file mode 100644 index 00000000000..1c196c93e57 --- /dev/null +++ b/2024/30xxx/GSD-2024-30585.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function." + } + ], + "id": "CVE-2024-30585", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T14:15:15.090", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_deviceId.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30586.json b/2024/30xxx/GSD-2024-30586.json new file mode 100644 index 00000000000..2c497968732 --- /dev/null +++ b/2024/30xxx/GSD-2024-30586.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function." + } + ], + "id": "CVE-2024-30586", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T14:15:15.137", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWifiBasicSet_security_5g.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30587.json b/2024/30xxx/GSD-2024-30587.json new file mode 100644 index 00000000000..5817f4033c4 --- /dev/null +++ b/2024/30xxx/GSD-2024-30587.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function." + } + ], + "id": "CVE-2024-30587", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T14:15:15.183", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_urls.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30588.json b/2024/30xxx/GSD-2024-30588.json new file mode 100644 index 00000000000..3b359a706d3 --- /dev/null +++ b/2024/30xxx/GSD-2024-30588.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function." + } + ], + "id": "CVE-2024-30588", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T14:15:15.233", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/setSchedWifi_start.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30589.json b/2024/30xxx/GSD-2024-30589.json new file mode 100644 index 00000000000..a6f08ab1998 --- /dev/null +++ b/2024/30xxx/GSD-2024-30589.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function." + } + ], + "id": "CVE-2024-30589", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T14:15:15.293", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromAddressNat_entrys.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30590.json b/2024/30xxx/GSD-2024-30590.json new file mode 100644 index 00000000000..d5d522aaae4 --- /dev/null +++ b/2024/30xxx/GSD-2024-30590.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function." + } + ], + "id": "CVE-2024-30590", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T14:15:15.347", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/setSchedWifi_end.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30591.json b/2024/30xxx/GSD-2024-30591.json new file mode 100644 index 00000000000..ae9a55ef979 --- /dev/null +++ b/2024/30xxx/GSD-2024-30591.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function." + } + ], + "id": "CVE-2024-30591", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T14:15:15.390", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/saveParentControlInfo_time.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30592.json b/2024/30xxx/GSD-2024-30592.json new file mode 100644 index 00000000000..2b74bd3213d --- /dev/null +++ b/2024/30xxx/GSD-2024-30592.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function." + } + ], + "id": "CVE-2024-30592", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T14:15:15.437", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/fromAddressNat_page.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30593.json b/2024/30xxx/GSD-2024-30593.json new file mode 100644 index 00000000000..25c1c5711f1 --- /dev/null +++ b/2024/30xxx/GSD-2024-30593.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function." + } + ], + "id": "CVE-2024-30593", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T13:15:47.950", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetDeviceName_devName.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30594.json b/2024/30xxx/GSD-2024-30594.json new file mode 100644 index 00000000000..7c397dfde32 --- /dev/null +++ b/2024/30xxx/GSD-2024-30594.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function." + } + ], + "id": "CVE-2024-30594", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T13:15:48.007", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/addWifiMacFilter_deviceMac.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30595.json b/2024/30xxx/GSD-2024-30595.json new file mode 100644 index 00000000000..5e3cfd61da3 --- /dev/null +++ b/2024/30xxx/GSD-2024-30595.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function." + } + ], + "id": "CVE-2024-30595", + "lastModified": "2024-03-28T12:42:56.150", + "metrics": {}, + "published": "2024-03-28T12:15:53.593", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/addWifiMacFilter_deviceId.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30596.json b/2024/30xxx/GSD-2024-30596.json new file mode 100644 index 00000000000..dafa1581095 --- /dev/null +++ b/2024/30xxx/GSD-2024-30596.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function." + } + ], + "id": "CVE-2024-30596", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T13:15:48.063", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetDeviceName_deviceId.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30597.json b/2024/30xxx/GSD-2024-30597.json new file mode 100644 index 00000000000..ce48e4277be --- /dev/null +++ b/2024/30xxx/GSD-2024-30597.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function." + } + ], + "id": "CVE-2024-30597", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T15:15:46.407", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formWifiBasicSet_security.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30598.json b/2024/30xxx/GSD-2024-30598.json new file mode 100644 index 00000000000..191a2276eb2 --- /dev/null +++ b/2024/30xxx/GSD-2024-30598.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function." + } + ], + "id": "CVE-2024-30598", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T15:15:46.467", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/formWifiBasicSet_security_5g.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30599.json b/2024/30xxx/GSD-2024-30599.json new file mode 100644 index 00000000000..4f9cc4dba13 --- /dev/null +++ b/2024/30xxx/GSD-2024-30599.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function." + } + ], + "id": "CVE-2024-30599", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T15:15:46.527", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/addWifiMacFilter_deviceMac.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30600.json b/2024/30xxx/GSD-2024-30600.json new file mode 100644 index 00000000000..f98f48aaa76 --- /dev/null +++ b/2024/30xxx/GSD-2024-30600.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function." + } + ], + "id": "CVE-2024-30600", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T15:15:46.603", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_end.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30601.json b/2024/30xxx/GSD-2024-30601.json new file mode 100644 index 00000000000..108fe2f67b1 --- /dev/null +++ b/2024/30xxx/GSD-2024-30601.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function." + } + ], + "id": "CVE-2024-30601", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T15:15:46.660", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_time.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30602.json b/2024/30xxx/GSD-2024-30602.json new file mode 100644 index 00000000000..bb2dc4b40c0 --- /dev/null +++ b/2024/30xxx/GSD-2024-30602.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function." + } + ], + "id": "CVE-2024-30602", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T15:15:46.723", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_start.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30603.json b/2024/30xxx/GSD-2024-30603.json new file mode 100644 index 00000000000..3f62e865231 --- /dev/null +++ b/2024/30xxx/GSD-2024-30603.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function." + } + ], + "id": "CVE-2024-30603", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T15:15:46.787", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_urls.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30604.json b/2024/30xxx/GSD-2024-30604.json new file mode 100644 index 00000000000..54a7a5d975d --- /dev/null +++ b/2024/30xxx/GSD-2024-30604.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 parameter of the fromDhcpListClient function." + } + ], + "id": "CVE-2024-30604", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T15:15:46.850", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_list1.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30606.json b/2024/30xxx/GSD-2024-30606.json new file mode 100644 index 00000000000..11e5178aa07 --- /dev/null +++ b/2024/30xxx/GSD-2024-30606.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function." + } + ], + "id": "CVE-2024-30606", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T14:15:15.480", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_page.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30607.json b/2024/30xxx/GSD-2024-30607.json new file mode 100644 index 00000000000..16adc7258e9 --- /dev/null +++ b/2024/30xxx/GSD-2024-30607.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function." + } + ], + "id": "CVE-2024-30607", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T14:15:15.530", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/saveParentControlInfo_deviceId.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/30xxx/GSD-2024-30612.json b/2024/30xxx/GSD-2024-30612.json new file mode 100644 index 00000000000..2022a0d4177 --- /dev/null +++ b/2024/30xxx/GSD-2024-30612.json @@ -0,0 +1,26 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function." + } + ], + "id": "CVE-2024-30612", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": {}, + "published": "2024-03-28T15:15:46.907", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetClientState.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/31xxx/GSD-2024-31061.json b/2024/31xxx/GSD-2024-31061.json new file mode 100644 index 00000000000..8b6d29b3be5 --- /dev/null +++ b/2024/31xxx/GSD-2024-31061.json @@ -0,0 +1,34 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field." + } + ], + "id": "CVE-2024-31061", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T19:15:48.887", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/sahildari/cve/blob/master/CVE-2024-31061.md" + }, + { + "source": "cve@mitre.org", + "url": "https://owasp.org/www-community/attacks/xss/" + }, + { + "source": "cve@mitre.org", + "url": "https://portswigger.net/web-security/cross-site-scripting/stored" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/31xxx/GSD-2024-31062.json b/2024/31xxx/GSD-2024-31062.json new file mode 100644 index 00000000000..1f580160935 --- /dev/null +++ b/2024/31xxx/GSD-2024-31062.json @@ -0,0 +1,34 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field." + } + ], + "id": "CVE-2024-31062", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T19:15:48.947", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/sahildari/cve/blob/master/CVE-2024-31062.md" + }, + { + "source": "cve@mitre.org", + "url": "https://owasp.org/www-community/attacks/xss/" + }, + { + "source": "cve@mitre.org", + "url": "https://portswigger.net/web-security/cross-site-scripting/stored" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/31xxx/GSD-2024-31063.json b/2024/31xxx/GSD-2024-31063.json new file mode 100644 index 00000000000..0d952848d3f --- /dev/null +++ b/2024/31xxx/GSD-2024-31063.json @@ -0,0 +1,34 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field." + } + ], + "id": "CVE-2024-31063", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T19:15:49.000", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/sahildari/cve/blob/master/CVE-2024-31063.md" + }, + { + "source": "cve@mitre.org", + "url": "https://owasp.org/www-community/attacks/xss/" + }, + { + "source": "cve@mitre.org", + "url": "https://portswigger.net/web-security/cross-site-scripting/stored" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/31xxx/GSD-2024-31064.json b/2024/31xxx/GSD-2024-31064.json new file mode 100644 index 00000000000..25dfd472bf9 --- /dev/null +++ b/2024/31xxx/GSD-2024-31064.json @@ -0,0 +1,38 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field." + } + ], + "id": "CVE-2024-31064", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T19:15:49.057", + "references": [ + { + "source": "cve@mitre.org", + "url": "http://insurance.com" + }, + { + "source": "cve@mitre.org", + "url": "http://sourcecodester.com" + }, + { + "source": "cve@mitre.org", + "url": "https://drive.google.com/file/d/1yTIeXAPs3PJcQwj9gxhvs92zTdBwKGVB/view?usp=sharing" + }, + { + "source": "cve@mitre.org", + "url": "https://github.com/sahildari/cve/blob/master/CVE-2024-31064.md" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/31xxx/GSD-2024-31065.json b/2024/31xxx/GSD-2024-31065.json new file mode 100644 index 00000000000..4e9465f5f5b --- /dev/null +++ b/2024/31xxx/GSD-2024-31065.json @@ -0,0 +1,34 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field." + } + ], + "id": "CVE-2024-31065", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": {}, + "published": "2024-03-28T19:15:49.110", + "references": [ + { + "source": "cve@mitre.org", + "url": "https://github.com/sahildari/cve/blob/master/CVE-2024-31065.md" + }, + { + "source": "cve@mitre.org", + "url": "https://owasp.org/www-community/attacks/xss/" + }, + { + "source": "cve@mitre.org", + "url": "https://portswigger.net/web-security/cross-site-scripting/stored" + } + ], + "sourceIdentifier": "cve@mitre.org", + "vulnStatus": "Awaiting Analysis" + } + } + } +} \ No newline at end of file diff --git a/2024/31xxx/GSD-2024-31134.json b/2024/31xxx/GSD-2024-31134.json new file mode 100644 index 00000000000..093fdfd2718 --- /dev/null +++ b/2024/31xxx/GSD-2024-31134.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled" + } + ], + "id": "CVE-2024-31134", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6, + "source": "cve@jetbrains.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:46.973", + "references": [ + { + "source": "cve@jetbrains.com", + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ], + "sourceIdentifier": "cve@jetbrains.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ], + "source": "cve@jetbrains.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/31xxx/GSD-2024-31135.json b/2024/31xxx/GSD-2024-31135.json new file mode 100644 index 00000000000..5a710febdf6 --- /dev/null +++ b/2024/31xxx/GSD-2024-31135.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2024.03 open redirect was possible on the login page" + } + ], + "id": "CVE-2024-31135", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7, + "source": "cve@jetbrains.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:47.200", + "references": [ + { + "source": "cve@jetbrains.com", + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ], + "sourceIdentifier": "cve@jetbrains.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ], + "source": "cve@jetbrains.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/31xxx/GSD-2024-31136.json b/2024/31xxx/GSD-2024-31136.json new file mode 100644 index 00000000000..ef58816faa5 --- /dev/null +++ b/2024/31xxx/GSD-2024-31136.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter" + } + ], + "id": "CVE-2024-31136", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.2, + "source": "cve@jetbrains.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:47.413", + "references": [ + { + "source": "cve@jetbrains.com", + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ], + "sourceIdentifier": "cve@jetbrains.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-1288" + } + ], + "source": "cve@jetbrains.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/31xxx/GSD-2024-31137.json b/2024/31xxx/GSD-2024-31137.json new file mode 100644 index 00000000000..4a6ffcb6567 --- /dev/null +++ b/2024/31xxx/GSD-2024-31137.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration" + } + ], + "id": "CVE-2024-31137", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2, + "source": "cve@jetbrains.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:47.640", + "references": [ + { + "source": "cve@jetbrains.com", + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ], + "sourceIdentifier": "cve@jetbrains.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ], + "source": "cve@jetbrains.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/31xxx/GSD-2024-31138.json b/2024/31xxx/GSD-2024-31138.json new file mode 100644 index 00000000000..c4ee44e2daa --- /dev/null +++ b/2024/31xxx/GSD-2024-31138.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings" + } + ], + "id": "CVE-2024-31138", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5, + "source": "cve@jetbrains.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:47.853", + "references": [ + { + "source": "cve@jetbrains.com", + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ], + "sourceIdentifier": "cve@jetbrains.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ], + "source": "cve@jetbrains.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/31xxx/GSD-2024-31139.json b/2024/31xxx/GSD-2024-31139.json new file mode 100644 index 00000000000..f9f4e197b54 --- /dev/null +++ b/2024/31xxx/GSD-2024-31139.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector" + } + ], + "id": "CVE-2024-31139", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H", + "version": "3.1" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.2, + "source": "cve@jetbrains.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:48.060", + "references": [ + { + "source": "cve@jetbrains.com", + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ], + "sourceIdentifier": "cve@jetbrains.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ], + "source": "cve@jetbrains.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/31xxx/GSD-2024-31140.json b/2024/31xxx/GSD-2024-31140.json new file mode 100644 index 00000000000..a811121f6b2 --- /dev/null +++ b/2024/31xxx/GSD-2024-31140.json @@ -0,0 +1,61 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools" + } + ], + "id": "CVE-2024-31140", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", + "version": "3.1" + }, + "exploitabilityScore": 2.3, + "impactScore": 1.4, + "source": "cve@jetbrains.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:48.273", + "references": [ + { + "source": "cve@jetbrains.com", + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ], + "sourceIdentifier": "cve@jetbrains.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-1288" + } + ], + "source": "cve@jetbrains.com", + "type": "Secondary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/3xxx/GSD-2024-3015.json b/2024/3xxx/GSD-2024-3015.json index eee997e761d..2d0ae740531 100644 --- a/2024/3xxx/GSD-2024-3015.json +++ b/2024/3xxx/GSD-2024-3015.json @@ -9,7 +9,7 @@ } ], "id": "CVE-2024-3015", - "lastModified": "2024-03-28T02:15:10.813", + "lastModified": "2024-03-28T12:42:56.150", "metrics": { "cvssMetricV2": [ { @@ -79,7 +79,7 @@ } ], "sourceIdentifier": "cna@vuldb.com", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ diff --git a/2024/3xxx/GSD-2024-3019.json b/2024/3xxx/GSD-2024-3019.json new file mode 100644 index 00000000000..c86e568f620 --- /dev/null +++ b/2024/3xxx/GSD-2024-3019.json @@ -0,0 +1,65 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer." + } + ], + "id": "CVE-2024-3019", + "lastModified": "2024-03-28T20:53:20.813", + "metrics": { + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9, + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T19:15:49.160", + "references": [ + { + "source": "secalert@redhat.com", + "url": "https://access.redhat.com/security/cve/CVE-2024-3019" + }, + { + "source": "secalert@redhat.com", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271898" + } + ], + "sourceIdentifier": "secalert@redhat.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ], + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/3xxx/GSD-2024-3024.json b/2024/3xxx/GSD-2024-3024.json index f8c7d14bae4..7349fb1645f 100644 --- a/2024/3xxx/GSD-2024-3024.json +++ b/2024/3xxx/GSD-2024-3024.json @@ -9,7 +9,7 @@ } ], "id": "CVE-2024-3024", - "lastModified": "2024-03-28T02:15:11.337", + "lastModified": "2024-03-28T12:42:56.150", "metrics": { "cvssMetricV2": [ { @@ -83,7 +83,7 @@ } ], "sourceIdentifier": "cna@vuldb.com", - "vulnStatus": "Received", + "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ diff --git a/2024/3xxx/GSD-2024-3039.json b/2024/3xxx/GSD-2024-3039.json new file mode 100644 index 00000000000..b1342505719 --- /dev/null +++ b/2024/3xxx/GSD-2024-3039.json @@ -0,0 +1,98 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "id": "CVE-2024-3039", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV2": [ + { + "acInsufInfo": false, + "baseSeverity": "MEDIUM", + "cvssData": { + "accessComplexity": "LOW", + "accessVector": "NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5, + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "version": "2.0" + }, + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "obtainAllPrivilege": false, + "obtainOtherPrivilege": false, + "obtainUserPrivilege": false, + "source": "cna@vuldb.com", + "type": "Secondary", + "userInteractionRequired": false + } + ], + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4, + "source": "cna@vuldb.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:48.473", + "references": [ + { + "source": "cna@vuldb.com", + "url": "https://spoofer.cn/bladex_sqli/" + }, + { + "source": "cna@vuldb.com", + "url": "https://vuldb.com/?ctiid.258426" + }, + { + "source": "cna@vuldb.com", + "url": "https://vuldb.com/?id.258426" + }, + { + "source": "cna@vuldb.com", + "url": "https://vuldb.com/?submit.301469" + } + ], + "sourceIdentifier": "cna@vuldb.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "cna@vuldb.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/3xxx/GSD-2024-3040.json b/2024/3xxx/GSD-2024-3040.json new file mode 100644 index 00000000000..a9ba15418fd --- /dev/null +++ b/2024/3xxx/GSD-2024-3040.json @@ -0,0 +1,98 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of the argument CRLId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258429 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "id": "CVE-2024-3040", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV2": [ + { + "acInsufInfo": false, + "baseSeverity": "MEDIUM", + "cvssData": { + "accessComplexity": "LOW", + "accessVector": "NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5, + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "version": "2.0" + }, + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "obtainAllPrivilege": false, + "obtainOtherPrivilege": false, + "obtainUserPrivilege": false, + "source": "cna@vuldb.com", + "type": "Secondary", + "userInteractionRequired": false + } + ], + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4, + "source": "cna@vuldb.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:48.773", + "references": [ + { + "source": "cna@vuldb.com", + "url": "https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-list_crl_conf.md" + }, + { + "source": "cna@vuldb.com", + "url": "https://vuldb.com/?ctiid.258429" + }, + { + "source": "cna@vuldb.com", + "url": "https://vuldb.com/?id.258429" + }, + { + "source": "cna@vuldb.com", + "url": "https://vuldb.com/?submit.302340" + } + ], + "sourceIdentifier": "cna@vuldb.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "cna@vuldb.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/3xxx/GSD-2024-3041.json b/2024/3xxx/GSD-2024-3041.json new file mode 100644 index 00000000000..84674e3a68d --- /dev/null +++ b/2024/3xxx/GSD-2024-3041.json @@ -0,0 +1,98 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "id": "CVE-2024-3041", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV2": [ + { + "acInsufInfo": false, + "baseSeverity": "MEDIUM", + "cvssData": { + "accessComplexity": "LOW", + "accessVector": "NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5, + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "version": "2.0" + }, + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "obtainAllPrivilege": false, + "obtainOtherPrivilege": false, + "obtainUserPrivilege": false, + "source": "cna@vuldb.com", + "type": "Secondary", + "userInteractionRequired": false + } + ], + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4, + "source": "cna@vuldb.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:49.027", + "references": [ + { + "source": "cna@vuldb.com", + "url": "https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-listloginfo.md" + }, + { + "source": "cna@vuldb.com", + "url": "https://vuldb.com/?ctiid.258430" + }, + { + "source": "cna@vuldb.com", + "url": "https://vuldb.com/?id.258430" + }, + { + "source": "cna@vuldb.com", + "url": "https://vuldb.com/?submit.302342" + } + ], + "sourceIdentifier": "cna@vuldb.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "cna@vuldb.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/2024/3xxx/GSD-2024-3042.json b/2024/3xxx/GSD-2024-3042.json new file mode 100644 index 00000000000..7afcc2af386 --- /dev/null +++ b/2024/3xxx/GSD-2024-3042.json @@ -0,0 +1,98 @@ +{ + "namespaces": { + "nvd.nist.gov": { + "cve": { + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Simple Subscription Website 1.0 and classified as critical. This issue affects some unknown processing of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258431." + } + ], + "id": "CVE-2024-3042", + "lastModified": "2024-03-28T16:07:30.893", + "metrics": { + "cvssMetricV2": [ + { + "acInsufInfo": false, + "baseSeverity": "MEDIUM", + "cvssData": { + "accessComplexity": "LOW", + "accessVector": "NETWORK", + "authentication": "SINGLE", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5, + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "version": "2.0" + }, + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "obtainAllPrivilege": false, + "obtainOtherPrivilege": false, + "obtainUserPrivilege": false, + "source": "cna@vuldb.com", + "type": "Secondary", + "userInteractionRequired": false + } + ], + "cvssMetricV31": [ + { + "cvssData": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4, + "source": "cna@vuldb.com", + "type": "Secondary" + } + ] + }, + "published": "2024-03-28T15:15:49.287", + "references": [ + { + "source": "cna@vuldb.com", + "url": "https://github.com/maxmvp666/planCve/blob/main/Simple%20Subscription%20Website%20with%20Admin%20System%20manage_user.php%20has%20Sqlinjection.pdf" + }, + { + "source": "cna@vuldb.com", + "url": "https://vuldb.com/?ctiid.258431" + }, + { + "source": "cna@vuldb.com", + "url": "https://vuldb.com/?id.258431" + }, + { + "source": "cna@vuldb.com", + "url": "https://vuldb.com/?submit.306119" + } + ], + "sourceIdentifier": "cna@vuldb.com", + "vulnStatus": "Awaiting Analysis", + "weaknesses": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ], + "source": "cna@vuldb.com", + "type": "Primary" + } + ] + } + } + } +} \ No newline at end of file diff --git a/nvd_updated_time.txt b/nvd_updated_time.txt index 0847f37ca27..096d30547e0 100644 --- a/nvd_updated_time.txt +++ b/nvd_updated_time.txt @@ -1 +1 @@ -2024-03-28T05:00:04.000 +2024-03-29T05:00:04.000