From 1d7456e498fb1af75bcf95c6be14ca55cc1fdc6b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 25 Jan 2024 18:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/47xxx/CVE-2023-47995.json | 5 ++ 2023/5xxx/CVE-2023-5178.json | 105 +++++++++++++++++++++++++++++++++ 2023/5xxx/CVE-2023-5824.json | 26 ++++++++ 2023/5xxx/CVE-2023-5981.json | 52 ++++++++++++++++ 2024/0xxx/CVE-2024-0880.json | 95 +++++++++++++++++++++++++++-- 2024/0xxx/CVE-2024-0896.json | 18 ++++++ 2024/0xxx/CVE-2024-0897.json | 18 ++++++ 2024/0xxx/CVE-2024-0898.json | 18 ++++++ 2024/22xxx/CVE-2024-22388.json | 18 ++++++ 2024/23xxx/CVE-2024-23806.json | 18 ++++++ 10 files changed, 369 insertions(+), 4 deletions(-) create mode 100644 2024/0xxx/CVE-2024-0896.json create mode 100644 2024/0xxx/CVE-2024-0897.json create mode 100644 2024/0xxx/CVE-2024-0898.json create mode 100644 2024/22xxx/CVE-2024-22388.json create mode 100644 2024/23xxx/CVE-2024-23806.json diff --git a/2023/47xxx/CVE-2023-47995.json b/2023/47xxx/CVE-2023-47995.json index 1aa75416b0e..06e43b3fc8f 100644 --- a/2023/47xxx/CVE-2023-47995.json +++ b/2023/47xxx/CVE-2023-47995.json @@ -56,6 +56,11 @@ "url": "https://freeimage.sourceforge.io/", "refsource": "MISC", "name": "https://freeimage.sourceforge.io/" + }, + { + "refsource": "MISC", + "name": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47995", + "url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47995" } ] } diff --git a/2023/5xxx/CVE-2023-5178.json b/2023/5xxx/CVE-2023-5178.json index 06c853bd145..10cb201fa26 100644 --- a/2023/5xxx/CVE-2023-5178.json +++ b/2023/5xxx/CVE-2023-5178.json @@ -193,6 +193,20 @@ "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.87.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } } ] } @@ -201,6 +215,20 @@ "product_name": "Red Hat Enterprise Linux 9", "version": { "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-362.18.1.el9_3", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, { "version_value": "not down converted", "x_cve_json_5_version_data": { @@ -210,6 +238,14 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-362.18.1.el9_3", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, @@ -226,6 +262,34 @@ "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "version": { "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-70.85.1.el9_0", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.14.0-70.85.1.rt21.156.el9_0", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, { "version_value": "not down converted", "x_cve_json_5_version_data": { @@ -276,6 +340,27 @@ ] } }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.87.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -396,6 +481,26 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0386" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0412", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0412" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0431", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0431" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0432", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0432" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0461", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0461" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5178", "refsource": "MISC", diff --git a/2023/5xxx/CVE-2023-5824.json b/2023/5xxx/CVE-2023-5824.json index 0e1df6b93ef..9aa5ac9bc8d 100644 --- a/2023/5xxx/CVE-2023-5824.json +++ b/2023/5xxx/CVE-2023-5824.json @@ -81,6 +81,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "8080020231222130009.63b34585", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -192,6 +213,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0072" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0397", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0397" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5824", "refsource": "MISC", diff --git a/2023/5xxx/CVE-2023-5981.json b/2023/5xxx/CVE-2023-5981.json index 104a0664cb6..20ee7949b21 100644 --- a/2023/5xxx/CVE-2023-5981.json +++ b/2023/5xxx/CVE-2023-5981.json @@ -116,6 +116,48 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.6.16-7.el8_8.1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.7.6-21.el9_2.1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -217,6 +259,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0319" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0399", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0399" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0451", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0451" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5981", "refsource": "MISC", diff --git a/2024/0xxx/CVE-2024-0880.json b/2024/0xxx/CVE-2024-0880.json index d748511edec..7b46eaca9fa 100644 --- a/2024/0xxx/CVE-2024-0880.json +++ b/2024/0xxx/CVE-2024-0880.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0880", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/edit?id=2 of the component Password Reset. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252032. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Qidianbang qdbcrm 1.1.0 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /user/edit?id=2 der Komponente Password Reset. Dank der Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Qidianbang", + "product": { + "product_data": [ + { + "product_name": "qdbcrm", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.252032", + "refsource": "MISC", + "name": "https://vuldb.com/?id.252032" + }, + { + "url": "https://vuldb.com/?ctiid.252032", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.252032" + }, + { + "url": "https://github.com/gtqbhksl/weekdays_something/blob/main/qdb_csrf.md", + "refsource": "MISC", + "name": "https://github.com/gtqbhksl/weekdays_something/blob/main/qdb_csrf.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "zihe (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2024/0xxx/CVE-2024-0896.json b/2024/0xxx/CVE-2024-0896.json new file mode 100644 index 00000000000..4ef1e0848db --- /dev/null +++ b/2024/0xxx/CVE-2024-0896.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0896", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/0xxx/CVE-2024-0897.json b/2024/0xxx/CVE-2024-0897.json new file mode 100644 index 00000000000..f2fb3c63c64 --- /dev/null +++ b/2024/0xxx/CVE-2024-0897.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0897", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/0xxx/CVE-2024-0898.json b/2024/0xxx/CVE-2024-0898.json new file mode 100644 index 00000000000..eba9d127a19 --- /dev/null +++ b/2024/0xxx/CVE-2024-0898.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0898", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/22xxx/CVE-2024-22388.json b/2024/22xxx/CVE-2024-22388.json new file mode 100644 index 00000000000..0c9b274ebdb --- /dev/null +++ b/2024/22xxx/CVE-2024-22388.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-22388", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/23xxx/CVE-2024-23806.json b/2024/23xxx/CVE-2024-23806.json new file mode 100644 index 00000000000..6aa84e84ccd --- /dev/null +++ b/2024/23xxx/CVE-2024-23806.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-23806", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file