diff --git a/2021/37xxx/CVE-2021-37577.json b/2021/37xxx/CVE-2021-37577.json index c012aa33f2b..07ac52f0b85 100644 --- a/2021/37xxx/CVE-2021-37577.json +++ b/2021/37xxx/CVE-2021-37577.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37577", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37577", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key with the same X coordinate as the offered public key and by reflection of the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. This is a related issue to CVE-2020-26558." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bluetooth.com", + "refsource": "MISC", + "name": "https://bluetooth.com" + }, + { + "refsource": "MISC", + "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/", + "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/passkey-impersonation/", + "url": "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/passkey-impersonation/" } ] } diff --git a/2023/46xxx/CVE-2023-46919.json b/2023/46xxx/CVE-2023-46919.json index d234ea06684..7b079ed22b5 100644 --- a/2023/46xxx/CVE-2023-46919.json +++ b/2023/46xxx/CVE-2023-46919.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K encryption key. The threat is from a man-in-the-middle attacker who can intercept and potentially modify data during transmission." + "value": "Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it decrypt the TLS secret." } ] }, diff --git a/2024/25xxx/CVE-2024-25632.json b/2024/25xxx/CVE-2024-25632.json index 59616f26108..36df2263a08 100644 --- a/2024/25xxx/CVE-2024-25632.json +++ b/2024/25xxx/CVE-2024-25632.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25632", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The vulnerability allows a regular user to become administrator of a team where they are a member, under a reasonable configuration. Additionally, in eLabFTW versions subsequent to v5.0.0, the vulnerability may allow an initially unauthenticated user to gain administrative privileges over an arbitrary team. The vulnerability does not affect system administrator status. Users should upgrade to version 5.1.0. System administrators are advised to turn off local user registration, saml_team_create and not allow administrators to import users into teams, unless strictly required." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266: Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-842: Placement of User into Incorrect Group", + "cweId": "CWE-842" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "elabftw", + "product": { + "product_data": [ + { + "product_name": "elabftw", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 4.6.0, < 5.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/elabftw/elabftw/security/advisories/GHSA-6m7p-gh9f-5mgg", + "refsource": "MISC", + "name": "https://github.com/elabftw/elabftw/security/advisories/GHSA-6m7p-gh9f-5mgg" + } + ] + }, + "source": { + "advisory": "GHSA-6m7p-gh9f-5mgg", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/25xxx/CVE-2024-25658.json b/2024/25xxx/CVE-2024-25658.json index d5d639a3965..888b20c1e4b 100644 --- a/2024/25xxx/CVE-2024-25658.json +++ b/2024/25xxx/CVE-2024-25658.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25658", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25658", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP users' usernames and passwords in cleartext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25658", + "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25658" } ] } diff --git a/2024/25xxx/CVE-2024-25661.json b/2024/25xxx/CVE-2024-25661.json index ced1505074f..ee3f7056375 100644 --- a/2024/25xxx/CVE-2024-25661.json +++ b/2024/25xxx/CVE-2024-25661.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25661", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25661", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25661", + "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25661" } ] } diff --git a/2024/41xxx/CVE-2024-41673.json b/2024/41xxx/CVE-2024-41673.json index 688dfa8e2c9..e855de41e8e 100644 --- a/2024/41xxx/CVE-2024-41673.json +++ b/2024/41xxx/CVE-2024-41673.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41673", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "decidim", + "product": { + "product_data": [ + { + "product_name": "decidim", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.27.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8", + "refsource": "MISC", + "name": "https://github.com/decidim/decidim/security/advisories/GHSA-cc4g-m3g7-xmw8" + }, + { + "url": "https://github.com/decidim/decidim/commit/8a18c8b1ee85a1b35ee0d8d5893f218695d15637", + "refsource": "MISC", + "name": "https://github.com/decidim/decidim/commit/8a18c8b1ee85a1b35ee0d8d5893f218695d15637" + } + ] + }, + "source": { + "advisory": "GHSA-cc4g-m3g7-xmw8", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/44xxx/CVE-2024-44610.json b/2024/44xxx/CVE-2024-44610.json index 720ab18c8b8..19dcdea9858 100644 --- a/2024/44xxx/CVE-2024-44610.json +++ b/2024/44xxx/CVE-2024-44610.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-44610", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-44610", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cve.mahi.be/peak_pcan_dr/", + "url": "https://cve.mahi.be/peak_pcan_dr/" + }, + { + "refsource": "MISC", + "name": "https://github.com/BertoldVdb/PcanExploit", + "url": "https://github.com/BertoldVdb/PcanExploit" } ] } diff --git a/2024/45xxx/CVE-2024-45408.json b/2024/45xxx/CVE-2024-45408.json index 9ecac774d7f..2b2af604317 100644 --- a/2024/45xxx/CVE-2024-45408.json +++ b/2024/45xxx/CVE-2024-45408.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45408", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0. System administrators can disable anonymous access in the System configuration panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "elabftw", + "product": { + "product_data": [ + { + "product_name": "elabftw", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 4.4.0, < 5.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5", + "refsource": "MISC", + "name": "https://github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5" + } + ] + }, + "source": { + "advisory": "GHSA-2c83-6j74-w8r5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/45xxx/CVE-2024-45967.json b/2024/45xxx/CVE-2024-45967.json index 2ba2ea5f3e4..20875fa3965 100644 --- a/2024/45xxx/CVE-2024-45967.json +++ b/2024/45xxx/CVE-2024-45967.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-45967", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-45967", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yingning620/test123/blob/main/Pagekit%20CMS/Pagekit%20CMS%20v1.0.18%20%E5%AD%98%E5%82%A8%E5%9E%8BXSS.md", + "refsource": "MISC", + "name": "https://github.com/yingning620/test123/blob/main/Pagekit%20CMS/Pagekit%20CMS%20v1.0.18%20%E5%AD%98%E5%82%A8%E5%9E%8BXSS.md" } ] } diff --git a/2024/9xxx/CVE-2024-9411.json b/2024/9xxx/CVE-2024-9411.json new file mode 100644 index 00000000000..5f668fa6650 --- /dev/null +++ b/2024/9xxx/CVE-2024-9411.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9411", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file