From 5a1eddcf608040377623c6a7b04936c0529766b8 Mon Sep 17 00:00:00 2001 From: cvelistV5 Github Action Date: Fri, 1 Mar 2024 22:38:26 +0000 Subject: [PATCH] 5 changes (5 new | 0 updated): - 5 new CVEs: CVE-2024-24511, CVE-2024-24512, CVE-2024-25434, CVE-2024-25436, CVE-2024-25438 - 0 updated CVEs: --- cves/2024/24xxx/CVE-2024-24511.json | 59 ++++++++++++++++++++++++++ cves/2024/24xxx/CVE-2024-24512.json | 59 ++++++++++++++++++++++++++ cves/2024/25xxx/CVE-2024-25434.json | 59 ++++++++++++++++++++++++++ cves/2024/25xxx/CVE-2024-25436.json | 59 ++++++++++++++++++++++++++ cves/2024/25xxx/CVE-2024-25438.json | 59 ++++++++++++++++++++++++++ cves/delta.json | 38 ++++++++++++----- cves/deltaLog.json | 64 +++++++++++++++++------------ 7 files changed, 361 insertions(+), 36 deletions(-) create mode 100644 cves/2024/24xxx/CVE-2024-24511.json create mode 100644 cves/2024/24xxx/CVE-2024-24512.json create mode 100644 cves/2024/25xxx/CVE-2024-25434.json create mode 100644 cves/2024/25xxx/CVE-2024-25436.json create mode 100644 cves/2024/25xxx/CVE-2024-25438.json diff --git a/cves/2024/24xxx/CVE-2024-24511.json b/cves/2024/24xxx/CVE-2024-24511.json new file mode 100644 index 000000000000..e10bf5a9422c --- /dev/null +++ b/cves/2024/24xxx/CVE-2024-24511.json @@ -0,0 +1,59 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.0", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-24511", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2024-03-01T22:32:45.451646", + "dateReserved": "2024-01-25T00:00:00", + "datePublished": "2024-03-01T00:00:00" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2024-03-01T22:32:45.451646" + }, + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1IhU9tNhc6enKL1Dgq9--R05biJBjodKv/view?usp=sharing" + }, + { + "url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24511%20-%3E%20Stored%20XSS%20in%20input%20Title%20of%20the%20Component" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2024/24xxx/CVE-2024-24512.json b/cves/2024/24xxx/CVE-2024-24512.json new file mode 100644 index 000000000000..1d00df2e3a60 --- /dev/null +++ b/cves/2024/24xxx/CVE-2024-24512.json @@ -0,0 +1,59 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.0", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-24512", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2024-03-01T22:32:49.161997", + "dateReserved": "2024-01-25T00:00:00", + "datePublished": "2024-03-01T00:00:00" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2024-03-01T22:32:49.161997" + }, + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1jRsltje5PRkgigcY5qLWB3GhF0e9j6aF/view?usp=sharing" + }, + { + "url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24512%20-%3E%20Stored%20XSS%20in%20input%20SubTitle%20of%20the%20Component" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2024/25xxx/CVE-2024-25434.json b/cves/2024/25xxx/CVE-2024-25434.json new file mode 100644 index 000000000000..9ec5b968dcc8 --- /dev/null +++ b/cves/2024/25xxx/CVE-2024-25434.json @@ -0,0 +1,59 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.0", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-25434", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2024-03-01T22:32:54.127038", + "dateReserved": "2024-02-07T00:00:00", + "datePublished": "2024-03-01T00:00:00" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2024-03-01T22:32:54.127038" + }, + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1MFuAyZukdJeA7HKz8o8pOKLJMjURTZCt/view?usp=sharing" + }, + { + "url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25434%20-%3E%20Stored%20XSS%20in%20input%20public%20name%20of%20the%20Component" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2024/25xxx/CVE-2024-25436.json b/cves/2024/25xxx/CVE-2024-25436.json new file mode 100644 index 000000000000..9691e97774f6 --- /dev/null +++ b/cves/2024/25xxx/CVE-2024-25436.json @@ -0,0 +1,59 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.0", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-25436", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2024-03-01T22:33:06.319614", + "dateReserved": "2024-02-07T00:00:00", + "datePublished": "2024-03-01T00:00:00" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2024-03-01T22:33:06.319614" + }, + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1nSC8OlxsEnOajZ2JYuwoKFZqyB764WkL/view?usp=drivesdk" + }, + { + "url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissions" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2024/25xxx/CVE-2024-25438.json b/cves/2024/25xxx/CVE-2024-25438.json new file mode 100644 index 000000000000..5a585fc8feed --- /dev/null +++ b/cves/2024/25xxx/CVE-2024-25438.json @@ -0,0 +1,59 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.0", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-25438", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2024-03-01T22:33:10.862245", + "dateReserved": "2024-02-07T00:00:00", + "datePublished": "2024-03-01T00:00:00" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2024-03-01T22:33:10.862245" + }, + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1-9yUkbsQ-blYpTsdZoXfu3ALBA5wQCbG/view?usp=sharing" + }, + { + "url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissions" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index bafeb632bcf6..406803b50077 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,18 +1,36 @@ { - "fetchTime": "2024-03-01T22:26:46.297Z", - "numberOfChanges": 2, + "fetchTime": "2024-03-01T22:38:23.770Z", + "numberOfChanges": 5, "new": [ { - "cveId": "CVE-2024-27354", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-27354", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/27xxx/CVE-2024-27354.json", - "dateUpdated": "2024-03-01T22:23:41.023440" + "cveId": "CVE-2024-24511", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-24511", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/24xxx/CVE-2024-24511.json", + "dateUpdated": "2024-03-01T22:32:45.451646" }, { - "cveId": "CVE-2024-27355", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-27355", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/27xxx/CVE-2024-27355.json", - "dateUpdated": "2024-03-01T22:23:44.727870" + "cveId": "CVE-2024-24512", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-24512", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/24xxx/CVE-2024-24512.json", + "dateUpdated": "2024-03-01T22:32:49.161997" + }, + { + "cveId": "CVE-2024-25434", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-25434", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/25xxx/CVE-2024-25434.json", + "dateUpdated": "2024-03-01T22:32:54.127038" + }, + { + "cveId": "CVE-2024-25436", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-25436", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/25xxx/CVE-2024-25436.json", + "dateUpdated": "2024-03-01T22:33:06.319614" + }, + { + "cveId": "CVE-2024-25438", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-25438", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/25xxx/CVE-2024-25438.json", + "dateUpdated": "2024-03-01T22:33:10.862245" } ], "updated": [], diff --git a/cves/deltaLog.json b/cves/deltaLog.json index 3a9e1e24945a..3351ff0e88bf 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,42 @@ [ + { + "fetchTime": "2024-03-01T22:38:23.770Z", + "numberOfChanges": 5, + "new": [ + { + "cveId": "CVE-2024-24511", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-24511", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/24xxx/CVE-2024-24511.json", + "dateUpdated": "2024-03-01T22:32:45.451646" + }, + { + "cveId": "CVE-2024-24512", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-24512", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/24xxx/CVE-2024-24512.json", + "dateUpdated": "2024-03-01T22:32:49.161997" + }, + { + "cveId": "CVE-2024-25434", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-25434", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/25xxx/CVE-2024-25434.json", + "dateUpdated": "2024-03-01T22:32:54.127038" + }, + { + "cveId": "CVE-2024-25436", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-25436", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/25xxx/CVE-2024-25436.json", + "dateUpdated": "2024-03-01T22:33:06.319614" + }, + { + "cveId": "CVE-2024-25438", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-25438", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/25xxx/CVE-2024-25438.json", + "dateUpdated": "2024-03-01T22:33:10.862245" + } + ], + "updated": [], + "error": [] + }, { "fetchTime": "2024-03-01T22:26:46.297Z", "numberOfChanges": 2, @@ -47445,31 +47483,5 @@ } ], "error": [] - }, - { - "fetchTime": "2024-01-31T22:35:13.746Z", - "numberOfChanges": 3, - "new": [ - { - "cveId": "CVE-2024-24571", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-24571", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/24xxx/CVE-2024-24571.json", - "dateUpdated": "2024-01-31T22:32:51.646Z" - }, - { - "cveId": "CVE-2024-24572", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-24572", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/24xxx/CVE-2024-24572.json", - "dateUpdated": "2024-01-31T22:33:08.498Z" - }, - { - "cveId": "CVE-2024-24573", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-24573", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/24xxx/CVE-2024-24573.json", - "dateUpdated": "2024-01-31T22:33:11.697Z" - } - ], - "updated": [], - "error": [] } ] \ No newline at end of file