From 1b8056e4ab3d1d77fefa05bb4846bf2803d8d790 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 17 Sep 2024 20:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/41xxx/CVE-2023-41747.json | 2 +- 2024/3xxx/CVE-2024-3727.json | 6 +- 2024/45xxx/CVE-2024-45398.json | 89 ++++++++++++++++++++++++-- 2024/45xxx/CVE-2024-45604.json | 81 ++++++++++++++++++++++-- 2024/45xxx/CVE-2024-45605.json | 86 +++++++++++++++++++++++-- 2024/45xxx/CVE-2024-45606.json | 86 +++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8949.json | 105 +++++++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8956.json | 112 +++++++++++++++++++++++++++++++++ 2024/8xxx/CVE-2024-8957.json | 18 ++++++ 2024/8xxx/CVE-2024-8958.json | 18 ++++++ 10 files changed, 579 insertions(+), 24 deletions(-) create mode 100644 2024/8xxx/CVE-2024-8956.json create mode 100644 2024/8xxx/CVE-2024-8957.json create mode 100644 2024/8xxx/CVE-2024-8958.json diff --git a/2023/41xxx/CVE-2023-41747.json b/2023/41xxx/CVE-2023-41747.json index 0be3e37c531..441238948a3 100644 --- a/2023/41xxx/CVE-2023-41747.json +++ b/2023/41xxx/CVE-2023-41747.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Sensitive information disclosure due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203." + "value": "Sensitive information disclosure due to unauthenticated path traversal. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203." } ] }, diff --git a/2024/3xxx/CVE-2024-3727.json b/2024/3xxx/CVE-2024-3727.json index 0fc3af38883..60b7aa7ee74 100644 --- a/2024/3xxx/CVE-2024-3727.json +++ b/2024/3xxx/CVE-2024-3727.json @@ -521,7 +521,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "4:4.9.4-5.1.rhaos4.16.el9", + "version": "4:4.9.4-5.1.rhaos4.16.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -549,7 +549,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.29.5-7.rhaos4.16.git7db4ada.el8", + "version": "0:1.29.5-7.rhaos4.16.git7db4ada.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -898,7 +898,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } }, { diff --git a/2024/45xxx/CVE-2024-45398.json b/2024/45xxx/CVE-2024-45398.json index 631937a4ec7..67edac0820c 100644 --- a/2024/45xxx/CVE-2024-45398.json +++ b/2024/45xxx/CVE-2024-45398.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434: Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "contao", + "product": { + "product_data": [ + { + "product_name": "contao", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">=4.0.0, < 4.13.49" + }, + { + "version_affected": "=", + "version_value": ">= 5.0.0, < 5.3.15" + }, + { + "version_affected": "=", + "version_value": ">= 5.4.0, < 5.4.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5", + "refsource": "MISC", + "name": "https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5" + }, + { + "url": "https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads", + "refsource": "MISC", + "name": "https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads" + } + ] + }, + "source": { + "advisory": "GHSA-vm6r-j788-hjh5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/45xxx/CVE-2024-45604.json b/2024/45xxx/CVE-2024-45604.json index 75bc5903925..d5f30c80662 100644 --- a/2024/45xxx/CVE-2024-45604.json +++ b/2024/45xxx/CVE-2024-45604.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "contao", + "product": { + "product_data": [ + { + "product_name": "contao", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.13.49" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/contao/contao/security/advisories/GHSA-4p75-5p53-65m9", + "refsource": "MISC", + "name": "https://github.com/contao/contao/security/advisories/GHSA-4p75-5p53-65m9" + }, + { + "url": "https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget", + "refsource": "MISC", + "name": "https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget" + } + ] + }, + "source": { + "advisory": "GHSA-4p75-5p53-65m9", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/45xxx/CVE-2024-45605.json b/2024/45xxx/CVE-2024-45605.json index e171e8384a7..bbba72fab4f 100644 --- a/2024/45xxx/CVE-2024-45605.json +++ b/2024/45xxx/CVE-2024-45605.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639: Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "getsentry", + "product": { + "product_data": [ + { + "product_name": "sentry", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">=23.9.0, < 24.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j", + "refsource": "MISC", + "name": "https://github.com/getsentry/sentry/security/advisories/GHSA-54m3-95j9-v89j" + }, + { + "url": "https://github.com/getsentry/sentry/pull/77093", + "refsource": "MISC", + "name": "https://github.com/getsentry/sentry/pull/77093" + }, + { + "url": "https://github.com/getsentry/self-hosted", + "refsource": "MISC", + "name": "https://github.com/getsentry/self-hosted" + } + ] + }, + "source": { + "advisory": "GHSA-54m3-95j9-v89j", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/45xxx/CVE-2024-45606.json b/2024/45xxx/CVE-2024-45606.json index 2cc38172b22..8d8a918c66c 100644 --- a/2024/45xxx/CVE-2024-45606.json +++ b/2024/45xxx/CVE-2024-45606.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we have identified no instances where alerts have been muted by unauthorized parties. A patch was issued to ensure authorization checks are properly scoped on requests to mute alert rules. Authenticated users who do not have the necessary permissions are no longer able to mute alerts. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version **24.9.0** or higher. The rule mute feature was generally available as of 23.6.0 but users with early access may have had the feature as of 23.4.0. Affected users are advised to upgrade to version 24.9.0. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639: Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "getsentry", + "product": { + "product_data": [ + { + "product_name": "sentry", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">=23.4.0, < 24.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-v345-w9f2-mpm5", + "refsource": "MISC", + "name": "https://github.com/getsentry/sentry/security/advisories/GHSA-v345-w9f2-mpm5" + }, + { + "url": "https://github.com/getsentry/sentry/pull/77016", + "refsource": "MISC", + "name": "https://github.com/getsentry/sentry/pull/77016" + }, + { + "url": "https://github.com/getsentry/self-hosted", + "refsource": "MISC", + "name": "https://github.com/getsentry/self-hosted" + } + ] + }, + "source": { + "advisory": "GHSA-v345-w9f2-mpm5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8949.json b/2024/8xxx/CVE-2024-8949.json index 64e92d8bfdc..2da79429749 100644 --- a/2024/8xxx/CVE-2024-8949.json +++ b/2024/8xxx/CVE-2024-8949.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8949", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. The manipulation of the argument cart_id/id leads to improper ownership management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in SourceCodester Online Eyewear Shop 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /classes/Master.php der Komponente Cart Content Handler. Mittels Manipulieren des Arguments cart_id/id mit unbekannten Daten kann eine improper ownership management-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Ownership Management", + "cweId": "CWE-282" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Online Eyewear Shop", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.277767", + "refsource": "MISC", + "name": "https://vuldb.com/?id.277767" + }, + { + "url": "https://vuldb.com/?ctiid.277767", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.277767" + }, + { + "url": "https://vuldb.com/?submit.409459", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.409459" + }, + { + "url": "https://github.com/gurudattch/CVEs/edit/main/Sourcecodester-Online-Eyewear-shop-webiste-Broken-access-control.md", + "refsource": "MISC", + "name": "https://github.com/gurudattch/CVEs/edit/main/Sourcecodester-Online-Eyewear-shop-webiste-Broken-access-control.md" + }, + { + "url": "https://www.sourcecodester.com/", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "guru (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/8xxx/CVE-2024-8956.json b/2024/8xxx/CVE-2024-8956.json new file mode 100644 index 00000000000..f3e482b8c46 --- /dev/null +++ b/2024/8xxx/CVE-2024-8956.json @@ -0,0 +1,112 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-8956", + "ASSIGNER": "disclosure@vulncheck.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PTZOptics", + "product": { + "product_data": [ + { + "product_name": "PT30X-SDI", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "6.3.40" + } + ] + } + }, + { + "product_name": "PT30X-NDI", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "6.3.40" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://ptzoptics.com/firmware-changelog/", + "refsource": "MISC", + "name": "https://ptzoptics.com/firmware-changelog/" + }, + { + "url": "https://vulncheck.com/advisories/ptzoptics-command-injection", + "refsource": "MISC", + "name": "https://vulncheck.com/advisories/ptzoptics-command-injection" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Konstantin Lazarev of GreyNoise" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8957.json b/2024/8xxx/CVE-2024-8957.json new file mode 100644 index 00000000000..75186681260 --- /dev/null +++ b/2024/8xxx/CVE-2024-8957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8958.json b/2024/8xxx/CVE-2024-8958.json new file mode 100644 index 00000000000..179fe194a49 --- /dev/null +++ b/2024/8xxx/CVE-2024-8958.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8958", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file