diff --git a/2023/33xxx/CVE-2023-33951.json b/2023/33xxx/CVE-2023-33951.json index ccbce446a87..09026848f53 100644 --- a/2023/33xxx/CVE-2023-33951.json +++ b/2023/33xxx/CVE-2023-33951.json @@ -132,6 +132,41 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.75.1.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.75.1.rt14.360.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -192,6 +227,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1404" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4823", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4823" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4831", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4831" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-33951", "refsource": "MISC", diff --git a/2023/33xxx/CVE-2023-33952.json b/2023/33xxx/CVE-2023-33952.json index d269ea996bf..e110dd32d79 100644 --- a/2023/33xxx/CVE-2023-33952.json +++ b/2023/33xxx/CVE-2023-33952.json @@ -132,6 +132,41 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.75.1.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.75.1.rt14.360.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -192,6 +227,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1404" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4823", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4823" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4831", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4831" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-33952", "refsource": "MISC", diff --git a/2023/5xxx/CVE-2023-5633.json b/2023/5xxx/CVE-2023-5633.json index dfa3ea2b3b5..6fdb412c4f4 100644 --- a/2023/5xxx/CVE-2023-5633.json +++ b/2023/5xxx/CVE-2023-5633.json @@ -132,6 +132,41 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.75.1.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.75.1.rt14.360.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -192,6 +227,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1404" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4823", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4823" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4831", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4831" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5633", "refsource": "MISC", diff --git a/2024/1xxx/CVE-2024-1151.json b/2024/1xxx/CVE-2024-1151.json index 92422841cc8..c392a4746c6 100644 --- a/2024/1xxx/CVE-2024-1151.json +++ b/2024/1xxx/CVE-2024-1151.json @@ -35,6 +35,41 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.75.1.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-284.75.1.rt14.360.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -113,6 +148,16 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:4823", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4823" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4831", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4831" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-1151", "refsource": "MISC", @@ -123,6 +168,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2262241" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/", "refsource": "MISC", @@ -137,11 +187,6 @@ "url": "https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/", "refsource": "MISC", "name": "https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/" - }, - { - "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", - "refsource": "MISC", - "name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ] }, diff --git a/2024/22xxx/CVE-2024-22443.json b/2024/22xxx/CVE-2024-22443.json index 296247ede71..55668dbfa47 100644 --- a/2024/22xxx/CVE-2024-22443.json +++ b/2024/22xxx/CVE-2024-22443.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22443", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "HPE Aruba Networking EdgeConnect SD-WAN Orchestrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "EdgeConnect SD-WAN Orchestrator 9.4.x: Orchestrator 9.4.1 (all builds) and below", + "version_value": "<=9.4.1" + }, + { + "version_affected": "<=", + "version_name": "EdgeConnect SD-WAN Orchestrator 9.3.x: Orchestrator 9.3.2 (all builds) and below", + "version_value": "<=9.3.2" + }, + { + "version_affected": "<=", + "version_name": "EdgeConnect SD-WAN Orchestrator 9.2.x: Orchestrator 9.2.9 (all builds) and below", + "version_value": "<=9.2.9" + }, + { + "version_affected": "<=", + "version_name": "EdgeConnect SD-WAN Orchestrator 9.1.x: Orchestrator 9.1.9 (all builds) and below", + "version_value": "<=9.1.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US", + "refsource": "MISC", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Jensen (@dozernz)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22444.json b/2024/22xxx/CVE-2024-22444.json index 157c5c4b913..050bcf4bbb5 100644 --- a/2024/22xxx/CVE-2024-22444.json +++ b/2024/22xxx/CVE-2024-22444.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22444", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victims browser in the context of the affected interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise", + "product": { + "product_data": [ + { + "product_name": "HPE Aruba Networking EdgeConnect SD-WAN Orchestrator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "EdgeConnect SD-WAN Orchestrator 9.4.x: Orchestrator 9.4.1 (all builds) and below", + "version_value": "<=9.4.1" + }, + { + "version_affected": "<=", + "version_name": "EdgeConnect SD-WAN Orchestrator 9.3.x: Orchestrator 9.3.2 (all builds) and below", + "version_value": "<=9.3.2" + }, + { + "version_affected": "<=", + "version_name": "EdgeConnect SD-WAN Orchestrator 9.2.x: Orchestrator 9.2.9 (all builds) and below", + "version_value": "<=9.2.9" + }, + { + "version_affected": "<=", + "version_name": "EdgeConnect SD-WAN Orchestrator 9.1.x: Orchestrator 9.1.9 (all builds) and below", + "version_value": "<=9.1.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US", + "refsource": "MISC", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Jensen (@dozernz)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/31xxx/CVE-2024-31970.json b/2024/31xxx/CVE-2024-31970.json index 82a1c0b1685..e8dd10c7dbc 100644 --- a/2024/31xxx/CVE-2024-31970.json +++ b/2024/31xxx/CVE-2024-31970.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-31970", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-31970", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/actuator/cve/blob/main/AdTran/SRG-834-5", + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/AdTran/SRG-834-5" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31970", + "url": "https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31970" } ] } diff --git a/2024/31xxx/CVE-2024-31971.json b/2024/31xxx/CVE-2024-31971.json index fa8f8fef2f5..a96db0a07bc 100644 --- a/2024/31xxx/CVE-2024-31971.json +++ b/2024/31xxx/CVE-2024-31971.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-31971", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-31971", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/actuator/cve/blob/main/AdTran/NetVanta-3120-XSS", + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/AdTran/NetVanta-3120-XSS" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31971", + "url": "https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31971" } ] } diff --git a/2024/31xxx/CVE-2024-31977.json b/2024/31xxx/CVE-2024-31977.json index a007b17433d..6ba002c4f0c 100644 --- a/2024/31xxx/CVE-2024-31977.json +++ b/2024/31xxx/CVE-2024-31977.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-31977", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-31977", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.5.5.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/actuator/cve/tree/main/AdTran/834-5", + "refsource": "MISC", + "name": "https://github.com/actuator/cve/tree/main/AdTran/834-5" + }, + { + "url": "https://drive.proton.me/urls/GXDM5T5NSG#RHa0yVWSKyoz", + "refsource": "MISC", + "name": "https://drive.proton.me/urls/GXDM5T5NSG#RHa0yVWSKyoz" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31977", + "url": "https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31977" } ] } diff --git a/2024/33xxx/CVE-2024-33694.json b/2024/33xxx/CVE-2024-33694.json index 0990642d285..011fcf51ef5 100644 --- a/2024/33xxx/CVE-2024-33694.json +++ b/2024/33xxx/CVE-2024-33694.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5.\n\n" + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5." } ] }, @@ -40,9 +40,24 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.5" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.6", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.5", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } } ] } @@ -68,6 +83,19 @@ "source": { "discovery": "EXTERNAL" }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.6 or a higher version." + } + ], + "value": "Update to\u00a01.6 or a higher version." + } + ], "credits": [ { "lang": "en", diff --git a/2024/36xxx/CVE-2024-36541.json b/2024/36xxx/CVE-2024-36541.json index 0656db164b8..ea8d54ffdf5 100644 --- a/2024/36xxx/CVE-2024-36541.json +++ b/2024/36xxx/CVE-2024-36541.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36541", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36541", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://gist.github.com/HouqiyuA/f972d1c152f3b8127af01206f7c2af0d", + "url": "https://gist.github.com/HouqiyuA/f972d1c152f3b8127af01206f7c2af0d" } ] } diff --git a/2024/37xxx/CVE-2024-37951.json b/2024/37xxx/CVE-2024-37951.json index 6a3832f769b..dfed4bcc5c4 100644 --- a/2024/37xxx/CVE-2024-37951.json +++ b/2024/37xxx/CVE-2024-37951.json @@ -40,9 +40,24 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.2.38" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.2.39", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.2.38", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } } ] } @@ -68,6 +83,19 @@ "source": { "discovery": "EXTERNAL" }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.2.39 or a higher version." + } + ], + "value": "Update to\u00a01.2.39 or a higher version." + } + ], "credits": [ { "lang": "en", diff --git a/2024/37xxx/CVE-2024-37958.json b/2024/37xxx/CVE-2024-37958.json index 9e36cdf4bf5..bbc7b079fee 100644 --- a/2024/37xxx/CVE-2024-37958.json +++ b/2024/37xxx/CVE-2024-37958.json @@ -40,9 +40,24 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.1.4" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.1.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.1.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } } ] } @@ -68,6 +83,19 @@ "source": { "discovery": "EXTERNAL" }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.1.5 or a higher version." + } + ], + "value": "Update to\u00a01.1.5 or a higher version." + } + ], "credits": [ { "lang": "en", diff --git a/2024/39xxx/CVE-2024-39345.json b/2024/39xxx/CVE-2024-39345.json index 9632aac4489..9f19eafefe7 100644 --- a/2024/39xxx/CVE-2024-39345.json +++ b/2024/39xxx/CVE-2024-39345.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-39345", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-39345", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/actuator/cve/blob/main/AdTran/TBA", + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/AdTran/TBA" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-39345", + "url": "https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-39345" } ] } diff --git a/2024/40xxx/CVE-2024-40422.json b/2024/40xxx/CVE-2024-40422.json index 349ed781f56..1868432aa8d 100644 --- a/2024/40xxx/CVE-2024-40422.json +++ b/2024/40xxx/CVE-2024-40422.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40422", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40422", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/stitionai/devika", + "refsource": "MISC", + "name": "https://github.com/stitionai/devika" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/stitionai/devika/pull/619", + "url": "https://github.com/stitionai/devika/pull/619" + }, + { + "refsource": "MISC", + "name": "https://github.com/alpernae/CVE-2024-40422", + "url": "https://github.com/alpernae/CVE-2024-40422" } ] } diff --git a/2024/40xxx/CVE-2024-40575.json b/2024/40xxx/CVE-2024-40575.json index a74496613e1..04e72605c00 100644 --- a/2024/40xxx/CVE-2024-40575.json +++ b/2024/40xxx/CVE-2024-40575.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40575", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40575", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://opengauss.org", + "url": "https://opengauss.org" + }, + { + "refsource": "CONFIRM", + "name": "https://gist.github.com/RuiHuaLiu2023/92059b0fa6c625e3d39001c5a9b2dc71", + "url": "https://gist.github.com/RuiHuaLiu2023/92059b0fa6c625e3d39001c5a9b2dc71" } ] } diff --git a/2024/41xxx/CVE-2024-41941.json b/2024/41xxx/CVE-2024-41941.json new file mode 100644 index 00000000000..33f2a2e024f --- /dev/null +++ b/2024/41xxx/CVE-2024-41941.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-41941", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7068.json b/2024/7xxx/CVE-2024-7068.json index 0da2bd26d54..b71b6ab1311 100644 --- a/2024/7xxx/CVE-2024-7068.json +++ b/2024/7xxx/CVE-2024-7068.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7068", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. This affects an unknown part of the file /Script/admin/core/update_sub_category. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272349 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in SourceCodester Insurance Management System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /Script/admin/core/update_sub_category. Dank der Manipulation des Arguments name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Insurance Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.272349", + "refsource": "MISC", + "name": "https://vuldb.com/?id.272349" + }, + { + "url": "https://vuldb.com/?ctiid.272349", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.272349" + }, + { + "url": "https://vuldb.com/?submit.378874", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.378874" + }, + { + "url": "https://github.com/rtsjx-cve/cve/blob/main/xss2.md", + "refsource": "MISC", + "name": "https://github.com/rtsjx-cve/cve/blob/main/xss2.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "rtsjx (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/7xxx/CVE-2024-7069.json b/2024/7xxx/CVE-2024-7069.json index d52327b6001..304895a329f 100644 --- a/2024/7xxx/CVE-2024-7069.json +++ b/2024/7xxx/CVE-2024-7069.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7069", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects some unknown processing of the file /employee_gatepass/classes/Master.php?f=delete_department. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272351." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /employee_gatepass/classes/Master.php?f=delete_department. Mit der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Employee and Visitor Gate Pass Logging System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.272351", + "refsource": "MISC", + "name": "https://vuldb.com/?id.272351" + }, + { + "url": "https://vuldb.com/?ctiid.272351", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.272351" + }, + { + "url": "https://vuldb.com/?submit.378881", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.378881" + }, + { + "url": "https://github.com/pineapple65/cve/blob/main/sql.md", + "refsource": "MISC", + "name": "https://github.com/pineapple65/cve/blob/main/sql.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "pineapple65 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/7xxx/CVE-2024-7079.json b/2024/7xxx/CVE-2024-7079.json index 9da7b174c52..a4f9d42c316 100644 --- a/2024/7xxx/CVE-2024-7079.json +++ b/2024/7xxx/CVE-2024-7079.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7079", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat OpenShift Container Platform 3.11", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-7079", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-7079" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299678", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2299678" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Thibault Guittet (Red Hat)." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L", + "version": "3.1" } ] }