Skip to content

Commit 70b56ac

Browse files
author
cvelistV5 Github Action
committed
15 changes (5 new | 10 updated):
 - 5 new CVEs: CVE-2024-13074, CVE-2024-55631, CVE-2024-55632, CVE-2024-55917, CVE-2024-55955 - 10 updated CVEs: CVE-2024-56220, CVE-2024-56223, CVE-2024-56224, CVE-2024-56226, CVE-2024-56228, CVE-2024-56229, CVE-2024-56231, CVE-2024-56232, CVE-2024-56233, CVE-2024-56234
1 parent 58ce0fe commit 70b56ac

17 files changed

+1075
-70
lines changed

cves/2024/13xxx/CVE-2024-13074.json

Lines changed: 155 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,155 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.1",
4+
"cveMetadata": {
5+
"cveId": "CVE-2024-13074",
6+
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "VulDB",
9+
"dateReserved": "2024-12-31T08:57:34.040Z",
10+
"datePublished": "2024-12-31T16:24:59.551Z",
11+
"dateUpdated": "2024-12-31T16:24:59.551Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"providerMetadata": {
16+
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
17+
"shortName": "VulDB",
18+
"dateUpdated": "2024-12-31T16:24:59.551Z"
19+
},
20+
"title": "PHPGurukul Land Record System index.php cross site scripting",
21+
"problemTypes": [
22+
{
23+
"descriptions": [
24+
{
25+
"type": "CWE",
26+
"cweId": "CWE-79",
27+
"lang": "en",
28+
"description": "Cross Site Scripting"
29+
}
30+
]
31+
},
32+
{
33+
"descriptions": [
34+
{
35+
"type": "CWE",
36+
"cweId": "CWE-94",
37+
"lang": "en",
38+
"description": "Code Injection"
39+
}
40+
]
41+
}
42+
],
43+
"affected": [
44+
{
45+
"vendor": "PHPGurukul",
46+
"product": "Land Record System",
47+
"versions": [
48+
{
49+
"version": "1.0",
50+
"status": "affected"
51+
}
52+
]
53+
}
54+
],
55+
"descriptions": [
56+
{
57+
"lang": "en",
58+
"value": "A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
59+
},
60+
{
61+
"lang": "de",
62+
"value": "Es wurde eine Schwachstelle in PHPGurukul Land Record System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /index.php. Durch Beeinflussen des Arguments searchdata mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung."
63+
}
64+
],
65+
"metrics": [
66+
{
67+
"cvssV4_0": {
68+
"version": "4.0",
69+
"baseScore": 5.3,
70+
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
71+
"baseSeverity": "MEDIUM"
72+
}
73+
},
74+
{
75+
"cvssV3_1": {
76+
"version": "3.1",
77+
"baseScore": 3.5,
78+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
79+
"baseSeverity": "LOW"
80+
}
81+
},
82+
{
83+
"cvssV3_0": {
84+
"version": "3.0",
85+
"baseScore": 3.5,
86+
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
87+
"baseSeverity": "LOW"
88+
}
89+
},
90+
{
91+
"cvssV2_0": {
92+
"version": "2.0",
93+
"baseScore": 4,
94+
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
95+
}
96+
}
97+
],
98+
"timeline": [
99+
{
100+
"time": "2024-12-31T00:00:00.000Z",
101+
"lang": "en",
102+
"value": "Advisory disclosed"
103+
},
104+
{
105+
"time": "2024-12-31T01:00:00.000Z",
106+
"lang": "en",
107+
"value": "VulDB entry created"
108+
},
109+
{
110+
"time": "2024-12-31T10:03:16.000Z",
111+
"lang": "en",
112+
"value": "VulDB entry last update"
113+
}
114+
],
115+
"credits": [
116+
{
117+
"lang": "en",
118+
"value": "Havook (VulDB User)",
119+
"type": "reporter"
120+
}
121+
],
122+
"references": [
123+
{
124+
"url": "https://vuldb.com/?id.289827",
125+
"name": "VDB-289827 | PHPGurukul Land Record System index.php cross site scripting",
126+
"tags": [
127+
"vdb-entry",
128+
"technical-description"
129+
]
130+
},
131+
{
132+
"url": "https://vuldb.com/?ctiid.289827",
133+
"name": "VDB-289827 | CTI Indicators (IOB, IOC, TTP, IOA)",
134+
"tags": [
135+
"signature",
136+
"permissions-required"
137+
]
138+
},
139+
{
140+
"url": "https://vuldb.com/?submit.472181",
141+
"name": "Submit #472181 | phpgurukul Land Record System 1.0 Cross Site Scripting",
142+
"tags": [
143+
"third-party-advisory"
144+
]
145+
},
146+
{
147+
"url": "https://phpgurukul.com/",
148+
"tags": [
149+
"product"
150+
]
151+
}
152+
]
153+
}
154+
}
155+
}

cves/2024/55xxx/CVE-2024-55631.json

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.1",
4+
"cveMetadata": {
5+
"cveId": "CVE-2024-55631",
6+
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "trendmicro",
9+
"dateReserved": "2024-12-09T19:34:03.498Z",
10+
"datePublished": "2024-12-31T16:15:20.397Z",
11+
"dateUpdated": "2024-12-31T16:15:20.397Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"affected": [
16+
{
17+
"vendor": "Trend Micro, Inc.",
18+
"product": "Trend Micro Apex One",
19+
"versions": [
20+
{
21+
"version": "2019 (14.0)",
22+
"status": "affected",
23+
"versionType": "semver",
24+
"lessThan": "14.0.0.13140"
25+
}
26+
],
27+
"cpes": [
28+
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.13121:p3:*:*:*:*:*:*"
29+
]
30+
},
31+
{
32+
"vendor": "Trend Micro, Inc.",
33+
"product": "Trend Micro Apex One as a Service",
34+
"versions": [
35+
{
36+
"version": "SaaS",
37+
"status": "affected",
38+
"versionType": "semver",
39+
"lessThan": "14.0.14203"
40+
}
41+
],
42+
"cpes": [
43+
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.14026:ga:*:*:*:*:*:*"
44+
]
45+
}
46+
],
47+
"descriptions": [
48+
{
49+
"lang": "en",
50+
"value": "An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
51+
}
52+
],
53+
"providerMetadata": {
54+
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
55+
"shortName": "trendmicro",
56+
"dateUpdated": "2024-12-31T16:15:20.397Z"
57+
},
58+
"references": [
59+
{
60+
"url": "https://success.trendmicro.com/en-US/solution/KA-0018217"
61+
}
62+
],
63+
"metrics": [
64+
{
65+
"format": "CVSS",
66+
"scenarios": [
67+
{
68+
"lang": "en",
69+
"value": "GENERAL"
70+
}
71+
],
72+
"cvssV3_1": {
73+
"version": "3.1",
74+
"attackVector": "LOCAL",
75+
"attackComplexity": "LOW",
76+
"privilegesRequired": "LOW",
77+
"userInteraction": "NONE",
78+
"scope": "UNCHANGED",
79+
"confidentialityImpact": "HIGH",
80+
"integrityImpact": "HIGH",
81+
"availabilityImpact": "HIGH",
82+
"baseSeverity": "HIGH",
83+
"baseScore": 7.8,
84+
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
85+
}
86+
}
87+
],
88+
"problemTypes": [
89+
{
90+
"descriptions": [
91+
{
92+
"description": "CWE-269: Improper Privilege Management",
93+
"lang": "en-US",
94+
"type": "CWE",
95+
"cweId": "CWE-269"
96+
}
97+
]
98+
}
99+
]
100+
}
101+
}
102+
}

cves/2024/55xxx/CVE-2024-55632.json

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.1",
4+
"cveMetadata": {
5+
"cveId": "CVE-2024-55632",
6+
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "trendmicro",
9+
"dateReserved": "2024-12-09T19:34:03.498Z",
10+
"datePublished": "2024-12-31T16:16:01.207Z",
11+
"dateUpdated": "2024-12-31T16:16:01.207Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"affected": [
16+
{
17+
"vendor": "Trend Micro, Inc.",
18+
"product": "Trend Micro Apex One",
19+
"versions": [
20+
{
21+
"version": "2019 (14.0)",
22+
"status": "affected",
23+
"versionType": "semver",
24+
"lessThan": "14.0.0.13140"
25+
}
26+
],
27+
"cpes": [
28+
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.13121:p3:*:*:*:*:*:*"
29+
]
30+
},
31+
{
32+
"vendor": "Trend Micro, Inc.",
33+
"product": "Trend Micro Apex One as a Service",
34+
"versions": [
35+
{
36+
"version": "SaaS",
37+
"status": "affected",
38+
"versionType": "semver",
39+
"lessThan": "14.0.14203"
40+
}
41+
],
42+
"cpes": [
43+
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.14026:ga:*:*:*:*:*:*"
44+
]
45+
}
46+
],
47+
"descriptions": [
48+
{
49+
"lang": "en",
50+
"value": "A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
51+
}
52+
],
53+
"providerMetadata": {
54+
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
55+
"shortName": "trendmicro",
56+
"dateUpdated": "2024-12-31T16:16:01.207Z"
57+
},
58+
"references": [
59+
{
60+
"url": "https://success.trendmicro.com/en-US/solution/KA-0018217"
61+
}
62+
],
63+
"metrics": [
64+
{
65+
"format": "CVSS",
66+
"scenarios": [
67+
{
68+
"lang": "en",
69+
"value": "GENERAL"
70+
}
71+
],
72+
"cvssV3_1": {
73+
"version": "3.1",
74+
"attackVector": "LOCAL",
75+
"attackComplexity": "LOW",
76+
"privilegesRequired": "LOW",
77+
"userInteraction": "NONE",
78+
"scope": "UNCHANGED",
79+
"confidentialityImpact": "HIGH",
80+
"integrityImpact": "HIGH",
81+
"availabilityImpact": "HIGH",
82+
"baseSeverity": "HIGH",
83+
"baseScore": 7.8,
84+
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
85+
}
86+
}
87+
],
88+
"problemTypes": [
89+
{
90+
"descriptions": [
91+
{
92+
"description": "CWE-269: Improper Privilege Management",
93+
"lang": "en-US",
94+
"type": "CWE",
95+
"cweId": "CWE-269"
96+
}
97+
]
98+
}
99+
]
100+
}
101+
}
102+
}

0 commit comments

Comments
 (0)