From 09ce809602be9bbbb1569d39a1daf77bc39db18d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 24 Jun 2024 23:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/50xxx/CVE-2023-50029.json | 56 +++++++++++++-- 2024/22xxx/CVE-2024-22168.json | 125 +++++++++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34988.json | 56 +++++++++++++-- 2024/34xxx/CVE-2024-34991.json | 56 +++++++++++++-- 2024/34xxx/CVE-2024-34992.json | 56 +++++++++++++-- 2024/36xxx/CVE-2024-36681.json | 56 +++++++++++++-- 2024/36xxx/CVE-2024-36682.json | 56 +++++++++++++-- 2024/36xxx/CVE-2024-36683.json | 56 +++++++++++++-- 8 files changed, 470 insertions(+), 47 deletions(-) diff --git a/2023/50xxx/CVE-2023-50029.json b/2023/50xxx/CVE-2023-50029.json index 6f68b953cb8..6920cffcf2f 100644 --- a/2023/50xxx/CVE-2023-50029.json +++ b/2023/50xxx/CVE-2023-50029.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50029", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50029", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHP Injection vulnerability in the module \"M4 PDF Extensions\" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate() method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/06/20/m4pdf.html", + "url": "https://security.friendsofpresta.org/modules/2024/06/20/m4pdf.html" } ] } diff --git a/2024/22xxx/CVE-2024-22168.json b/2024/22xxx/CVE-2024-22168.json index 2d4f1bd6614..edde8329e1d 100644 --- a/2024/22xxx/CVE-2024-22168.json +++ b/2024/22xxx/CVE-2024-22168.json @@ -1,18 +1,133 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22168", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@wdc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user\u2019s browser session to carry out malicious activities.The web apps for these devices have been automatically updated to resolve this vulnerability and improve the security of your devices and data." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Western Digital", + "product": { + "product_data": [ + { + "product_name": "My Cloud Home web app", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.28.0-102" + } + ] + } + }, + { + "product_name": "WD Cloud web app", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.28.0-102" + } + ] + } + }, + { + "product_name": "My Cloud web app", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.28.0-102" + } + ] + } + } + ] + } + }, + { + "vendor_name": "SanDisk", + "product": { + "product_data": [ + { + "product_name": "ibi web app", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.28.0-102" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.westerndigital.com/support/product-security/wdc-24003-western-digital-my-cloud-os-5-my-cloud-home-sandisk-ibi-and-wd-cloud-web-app-update", + "refsource": "MISC", + "name": "https://www.westerndigital.com/support/product-security/wdc-24003-western-digital-my-cloud-os-5-my-cloud-home-sandisk-ibi-and-wd-cloud-web-app-update" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

The web apps for these devices have been automatically updated to resolve this vulnerability and improve the security of your devices and data.

" + } + ], + "value": "The web apps for these devices have been automatically updated to resolve this vulnerability and improve the security of your devices and data." + } + ], + "credits": [ + { + "lang": "en", + "value": "Western Digital would like to thank Jay Mehta for reporting this issue" + } + ] } \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34988.json b/2024/34xxx/CVE-2024-34988.json index c56776362b6..78d9c1fdcce 100644 --- a/2024/34xxx/CVE-2024-34988.json +++ b/2024/34xxx/CVE-2024-34988.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-34988", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-34988", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in the module \"Complete for Create a Quote in Frontend + Backend Pro\" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods `AskforaquotemodulcustomernewquoteModuleFrontController::run()`, `AskforaquotemoduladdproductnewquoteModuleFrontController::run()`, `AskforaquotemodulCouponcodeModuleFrontController::run()`, `AskforaquotemodulgetshippingcostModuleFrontController::run()`, `AskforaquotemodulgetstateModuleFrontController::run().`" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/06/20/askforaquotemodul.html", + "url": "https://security.friendsofpresta.org/modules/2024/06/20/askforaquotemodul.html" } ] } diff --git a/2024/34xxx/CVE-2024-34991.json b/2024/34xxx/CVE-2024-34991.json index 071536cd3be..31f8502e170 100644 --- a/2024/34xxx/CVE-2024-34991.json +++ b/2024/34xxx/CVE-2024-34991.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-34991", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-34991", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the module \"Axepta\" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. without restriction due to a lack of permissions control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/06/20/axepta.html", + "url": "https://security.friendsofpresta.org/modules/2024/06/20/axepta.html" } ] } diff --git a/2024/34xxx/CVE-2024-34992.json b/2024/34xxx/CVE-2024-34992.json index 7e39ce74221..8bc6f11441e 100644 --- a/2024/34xxx/CVE-2024-34992.json +++ b/2024/34xxx/CVE-2024-34992.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-34992", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-34992", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in the module \"Help Desk - Customer Support Management System\" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets()'" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/06/20/helpdesk.html", + "url": "https://security.friendsofpresta.org/modules/2024/06/20/helpdesk.html" } ] } diff --git a/2024/36xxx/CVE-2024-36681.json b/2024/36xxx/CVE-2024-36681.json index 283d3019b4b..3886015d74f 100644 --- a/2024/36xxx/CVE-2024-36681.json +++ b/2024/36xxx/CVE-2024-36681.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36681", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36681", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in the module \"Isotope\" (pk_isotope) <=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via `pk_isotope::saveData` and `pk_isotope::removeData` methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/06/20/pk_isotope.html", + "url": "https://security.friendsofpresta.org/modules/2024/06/20/pk_isotope.html" } ] } diff --git a/2024/36xxx/CVE-2024-36682.json b/2024/36xxx/CVE-2024-36682.json index 85b615e0b4b..218d7bd067f 100644 --- a/2024/36xxx/CVE-2024-36682.json +++ b/2024/36xxx/CVE-2024-36682.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36682", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36682", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the module \"Theme settings\" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead to leak of personal information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/06/20/pk_themesettings.html", + "url": "https://security.friendsofpresta.org/modules/2024/06/20/pk_themesettings.html" } ] } diff --git a/2024/36xxx/CVE-2024-36683.json b/2024/36xxx/CVE-2024-36683.json index afb487e659a..427ee1ff142 100644 --- a/2024/36xxx/CVE-2024-36683.json +++ b/2024/36xxx/CVE-2024-36683.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36683", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36683", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in the module \"Products Alert\" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/06/20/productsalert.html", + "url": "https://security.friendsofpresta.org/modules/2024/06/20/productsalert.html" } ] }