From 00fa74ec920ff83453e0b0724e52e6340188b77c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 12 Jun 2024 14:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/1xxx/CVE-2024-1576.json | 76 ++++++++++++++++++++++++++++-- 2024/1xxx/CVE-2024-1577.json | 85 ++++++++++++++++++++++++++++++++-- 2024/1xxx/CVE-2024-1659.json | 76 ++++++++++++++++++++++++++++-- 2024/23xxx/CVE-2024-23445.json | 78 +++++++++++++++++++++++++++++-- 2024/36xxx/CVE-2024-36699.json | 71 +++++++++++++++++++++++++--- 2024/5xxx/CVE-2024-5891.json | 79 +++++++++++++++++++++++++++++-- 2024/5xxx/CVE-2024-5902.json | 18 +++++++ 2024/5xxx/CVE-2024-5903.json | 18 +++++++ 8 files changed, 475 insertions(+), 26 deletions(-) create mode 100644 2024/5xxx/CVE-2024-5902.json create mode 100644 2024/5xxx/CVE-2024-5903.json diff --git a/2024/1xxx/CVE-2024-1576.json b/2024/1xxx/CVE-2024-1576.json index 10ebecfff6a..adc6fbf31d8 100644 --- a/2024/1xxx/CVE-2024-1576.json +++ b/2024/1xxx/CVE-2024-1576.json @@ -1,18 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cvd@cert.pl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password.\u00a0This issue affects MegaBIP software versions through 5.09." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jan Syski", + "product": { + "product_data": [ + { + "product_name": "MegaBIP", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "5.09" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.pl/en/posts/2024/06/CVE-2024-1576/", + "refsource": "MISC", + "name": "https://cert.pl/en/posts/2024/06/CVE-2024-1576/" + }, + { + "url": "https://cert.pl/posts/2024/06/CVE-2024-1576/", + "refsource": "MISC", + "name": "https://cert.pl/posts/2024/06/CVE-2024-1576/" + }, + { + "url": "https://megabip.pl/", + "refsource": "MISC", + "name": "https://megabip.pl/" + }, + { + "url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej", + "refsource": "MISC", + "name": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1577.json b/2024/1xxx/CVE-2024-1577.json index 9bfff5abc35..af98612538c 100644 --- a/2024/1xxx/CVE-2024-1577.json +++ b/2024/1xxx/CVE-2024-1577.json @@ -1,18 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1577", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cvd@cert.pl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving\u00a0crafted by the attacker PHP code to one of the website files.\u00a0This issue affects all versions of MegaBIP software." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jan Syski", + "product": { + "product_data": [ + { + "product_name": "MegaBIP", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "*", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.pl/en/posts/2024/06/CVE-2024-1576/", + "refsource": "MISC", + "name": "https://cert.pl/en/posts/2024/06/CVE-2024-1576/" + }, + { + "url": "https://cert.pl/posts/2024/06/CVE-2024-1576/", + "refsource": "MISC", + "name": "https://cert.pl/posts/2024/06/CVE-2024-1576/" + }, + { + "url": "https://megabip.pl/", + "refsource": "MISC", + "name": "https://megabip.pl/" + }, + { + "url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej", + "refsource": "MISC", + "name": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1659.json b/2024/1xxx/CVE-2024-1659.json index 0f3a0253e28..f7b7fe38ce2 100644 --- a/2024/1xxx/CVE-2024-1659.json +++ b/2024/1xxx/CVE-2024-1659.json @@ -1,18 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1659", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cvd@cert.pl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication.\u00a0This issue affects MegaBIP software versions through 5.10." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jan Syski", + "product": { + "product_data": [ + { + "product_name": "MegaBIP", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "5.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.pl/en/posts/2024/06/CVE-2024-1576/", + "refsource": "MISC", + "name": "https://cert.pl/en/posts/2024/06/CVE-2024-1576/" + }, + { + "url": "https://cert.pl/posts/2024/06/CVE-2024-1576/", + "refsource": "MISC", + "name": "https://cert.pl/posts/2024/06/CVE-2024-1576/" + }, + { + "url": "https://megabip.pl/", + "refsource": "MISC", + "name": "https://megabip.pl/" + }, + { + "url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej", + "refsource": "MISC", + "name": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/23xxx/CVE-2024-23445.json b/2024/23xxx/CVE-2024-23445.json index e7b24851e7a..4e9022e4dfe 100644 --- a/2024/23xxx/CVE-2024-23445.json +++ b/2024/23xxx/CVE-2024-23445.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23445", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@elastic.co", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body \u00a0restricts search for a given index using the query\u00a0or the field_security\u00a0parameter, and the same cross-cluster API key also grants replication for the same index, the search restrictions are not enforced during cross cluster search operations and search results may include documents and terms that should not be returned.\n\nThis issue only affects the API key based security model for remote clusters https://www.elastic.co/guide/en/elasticsearch/reference/8.14/remote-clusters.html#remote-clusters-security-models \u00a0that was previously a beta feature and is released as GA with 8.14.0" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Elasticsearch", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.10.0", + "version_value": "8.14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-13/360898", + "refsource": "MISC", + "name": "https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-13/360898" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/36xxx/CVE-2024-36699.json b/2024/36xxx/CVE-2024-36699.json index 486ebaf51da..c3aa7c65df0 100644 --- a/2024/36xxx/CVE-2024-36699.json +++ b/2024/36xxx/CVE-2024-36699.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36699", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36699", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GNU Debugger v8.2 to v14.2 was discovered to contain a buffer overflow via the component gdb.selected_inferior().read_memory at utils.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/N1nEmAn/wp/", + "refsource": "MISC", + "name": "https://github.com/N1nEmAn/wp/" + }, + { + "url": "https://sourceware.orga/pipermail/gdb-patches/2024-April/2080", + "refsource": "MISC", + "name": "https://sourceware.orga/pipermail/gdb-patches/2024-April/2080" + }, + { + "url": "https://github.com/N1nEmAn/wp/19.html", + "refsource": "MISC", + "name": "https://github.com/N1nEmAn/wp/19.html" + }, + { + "refsource": "MISC", + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=06e967dbc9b75a4a3c1b15b54360cf1abbf9c2bd", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=06e967dbc9b75a4a3c1b15b54360cf1abbf9c2bd" } ] } diff --git a/2024/5xxx/CVE-2024-5891.json b/2024/5xxx/CVE-2024-5891.json index 13ca22d7eba..1a1035df8fa 100644 --- a/2024/5xxx/CVE-2024-5891.json +++ b/2024/5xxx/CVE-2024-5891.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5891", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, in configurations where endpoints rely only on authentication, a user may authenticate to applications they otherwise have no access to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Weak Authentication", + "cweId": "CWE-1390" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Quay 3", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-5891", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-5891" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283879", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2283879" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/5xxx/CVE-2024-5902.json b/2024/5xxx/CVE-2024-5902.json new file mode 100644 index 00000000000..531d783f9d7 --- /dev/null +++ b/2024/5xxx/CVE-2024-5902.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5902", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5903.json b/2024/5xxx/CVE-2024-5903.json new file mode 100644 index 00000000000..abee69062c8 --- /dev/null +++ b/2024/5xxx/CVE-2024-5903.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5903", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file