From 1e03388fedc9cc9c4f7c6b7f3b6b3f26512f242a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 14:15:08 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/25xxx/CVE-2018-25100.json | 77 ++++++++++++++++++++++ 2020/36xxx/CVE-2020-36825.json | 95 +++++++++++++++++++++++++-- 2020/36xxx/CVE-2020-36826.json | 18 ++++++ 2020/36xxx/CVE-2020-36827.json | 67 +++++++++++++++++++ 2021/26xxx/CVE-2021-26930.json | 5 ++ 2021/26xxx/CVE-2021-26931.json | 15 +++++ 2021/28xxx/CVE-2021-28038.json | 5 ++ 2021/32xxx/CVE-2021-32606.json | 5 ++ 2021/37xxx/CVE-2021-37159.json | 15 +++++ 2021/42xxx/CVE-2021-42327.json | 5 ++ 2021/42xxx/CVE-2021-42739.json | 12 +++- 2021/43xxx/CVE-2021-43976.json | 5 ++ 2021/44xxx/CVE-2021-44733.json | 5 ++ 2021/47xxx/CVE-2021-47154.json | 5 ++ 2022/44xxx/CVE-2022-44032.json | 5 ++ 2022/44xxx/CVE-2022-44033.json | 5 ++ 2022/44xxx/CVE-2022-44034.json | 5 ++ 2023/43xxx/CVE-2023-43279.json | 10 +++ 2023/4xxx/CVE-2023-4256.json | 10 +++ 2023/6xxx/CVE-2023-6597.json | 5 ++ 2024/0xxx/CVE-2024-0450.json | 10 +++ 2024/1xxx/CVE-2024-1603.json | 77 ++++++++++++++++++++-- 2024/1xxx/CVE-2024-1936.json | 5 ++ 2024/22xxx/CVE-2024-22871.json | 10 +++ 2024/23xxx/CVE-2024-23755.json | 71 +++++++++++++++++++-- 2024/24xxx/CVE-2024-24725.json | 61 ++++++++++++++++-- 2024/24xxx/CVE-2024-24786.json | 5 ++ 2024/24xxx/CVE-2024-24832.json | 113 +++++++++++++++++++++++++++++++-- 2024/24xxx/CVE-2024-24835.json | 113 +++++++++++++++++++++++++++++++-- 2024/24xxx/CVE-2024-24840.json | 113 +++++++++++++++++++++++++++++++-- 2024/29xxx/CVE-2024-29034.json | 94 +++++++++++++++++++++++++-- 2024/29xxx/CVE-2024-29187.json | 90 ++++++++++++++++++++++++-- 2024/29xxx/CVE-2024-29188.json | 90 ++++++++++++++++++++++++-- 2024/29xxx/CVE-2024-29194.json | 81 +++++++++++++++++++++-- 2024/29xxx/CVE-2024-29650.json | 61 ++++++++++++++++-- 2024/2xxx/CVE-2024-2611.json | 5 ++ 2024/2xxx/CVE-2024-2614.json | 5 ++ 2024/2xxx/CVE-2024-2849.json | 95 +++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2850.json | 95 +++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2851.json | 99 +++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2852.json | 95 +++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2853.json | 99 +++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2854.json | 95 +++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2855.json | 103 ++++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2856.json | 99 +++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2857.json | 18 ++++++ 2024/2xxx/CVE-2024-2858.json | 18 ++++++ 2024/2xxx/CVE-2024-2859.json | 18 ++++++ 2024/2xxx/CVE-2024-2860.json | 18 ++++++ 2024/2xxx/CVE-2024-2861.json | 18 ++++++ 2024/2xxx/CVE-2024-2867.json | 18 ++++++ 2024/30xxx/CVE-2024-30156.json | 67 +++++++++++++++++++ 2024/30xxx/CVE-2024-30157.json | 18 ++++++ 2024/30xxx/CVE-2024-30158.json | 18 ++++++ 2024/30xxx/CVE-2024-30159.json | 18 ++++++ 2024/30xxx/CVE-2024-30160.json | 18 ++++++ 2024/30xxx/CVE-2024-30161.json | 62 ++++++++++++++++++ 2024/30xxx/CVE-2024-30162.json | 18 ++++++ 2024/30xxx/CVE-2024-30163.json | 18 ++++++ 2024/30xxx/CVE-2024-30164.json | 18 ++++++ 2024/30xxx/CVE-2024-30165.json | 18 ++++++ 2024/30xxx/CVE-2024-30166.json | 18 ++++++ 2024/30xxx/CVE-2024-30167.json | 18 ++++++ 2024/30xxx/CVE-2024-30168.json | 18 ++++++ 2024/30xxx/CVE-2024-30169.json | 18 ++++++ 2024/30xxx/CVE-2024-30170.json | 18 ++++++ 2024/30xxx/CVE-2024-30171.json | 18 ++++++ 2024/30xxx/CVE-2024-30172.json | 18 ++++++ 2024/30xxx/CVE-2024-30173.json | 18 ++++++ 2024/30xxx/CVE-2024-30174.json | 18 ++++++ 2024/30xxx/CVE-2024-30175.json | 18 ++++++ 2024/30xxx/CVE-2024-30176.json | 18 ++++++ 2024/30xxx/CVE-2024-30202.json | 72 +++++++++++++++++++++ 2024/30xxx/CVE-2024-30203.json | 62 ++++++++++++++++++ 2024/30xxx/CVE-2024-30204.json | 62 ++++++++++++++++++ 2024/30xxx/CVE-2024-30205.json | 72 +++++++++++++++++++++ 2024/30xxx/CVE-2024-30206.json | 18 ++++++ 2024/30xxx/CVE-2024-30207.json | 18 ++++++ 2024/30xxx/CVE-2024-30208.json | 18 ++++++ 2024/30xxx/CVE-2024-30209.json | 18 ++++++ 80 files changed, 2990 insertions(+), 87 deletions(-) create mode 100644 2018/25xxx/CVE-2018-25100.json create mode 100644 2020/36xxx/CVE-2020-36826.json create mode 100644 2020/36xxx/CVE-2020-36827.json create mode 100644 2024/2xxx/CVE-2024-2857.json create mode 100644 2024/2xxx/CVE-2024-2858.json create mode 100644 2024/2xxx/CVE-2024-2859.json create mode 100644 2024/2xxx/CVE-2024-2860.json create mode 100644 2024/2xxx/CVE-2024-2861.json create mode 100644 2024/2xxx/CVE-2024-2867.json create mode 100644 2024/30xxx/CVE-2024-30156.json create mode 100644 2024/30xxx/CVE-2024-30157.json create mode 100644 2024/30xxx/CVE-2024-30158.json create mode 100644 2024/30xxx/CVE-2024-30159.json create mode 100644 2024/30xxx/CVE-2024-30160.json create mode 100644 2024/30xxx/CVE-2024-30161.json create mode 100644 2024/30xxx/CVE-2024-30162.json create mode 100644 2024/30xxx/CVE-2024-30163.json create mode 100644 2024/30xxx/CVE-2024-30164.json create mode 100644 2024/30xxx/CVE-2024-30165.json create mode 100644 2024/30xxx/CVE-2024-30166.json create mode 100644 2024/30xxx/CVE-2024-30167.json create mode 100644 2024/30xxx/CVE-2024-30168.json create mode 100644 2024/30xxx/CVE-2024-30169.json create mode 100644 2024/30xxx/CVE-2024-30170.json create mode 100644 2024/30xxx/CVE-2024-30171.json create mode 100644 2024/30xxx/CVE-2024-30172.json create mode 100644 2024/30xxx/CVE-2024-30173.json create mode 100644 2024/30xxx/CVE-2024-30174.json create mode 100644 2024/30xxx/CVE-2024-30175.json create mode 100644 2024/30xxx/CVE-2024-30176.json create mode 100644 2024/30xxx/CVE-2024-30202.json create mode 100644 2024/30xxx/CVE-2024-30203.json create mode 100644 2024/30xxx/CVE-2024-30204.json create mode 100644 2024/30xxx/CVE-2024-30205.json create mode 100644 2024/30xxx/CVE-2024-30206.json create mode 100644 2024/30xxx/CVE-2024-30207.json create mode 100644 2024/30xxx/CVE-2024-30208.json create mode 100644 2024/30xxx/CVE-2024-30209.json diff --git a/2018/25xxx/CVE-2018-25100.json b/2018/25xxx/CVE-2018-25100.json new file mode 100644 index 00000000000..38783dcf6e1 --- /dev/null +++ b/2018/25xxx/CVE-2018-25100.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-25100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mojolicious/mojo/pull/1192", + "refsource": "MISC", + "name": "https://github.com/mojolicious/mojo/pull/1192" + }, + { + "url": "https://github.com/mojolicious/mojo/issues/1185", + "refsource": "MISC", + "name": "https://github.com/mojolicious/mojo/issues/1185" + }, + { + "url": "https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149", + "refsource": "MISC", + "name": "https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149" + }, + { + "url": "https://metacpan.org/dist/Mojolicious/changes", + "refsource": "MISC", + "name": "https://metacpan.org/dist/Mojolicious/changes" + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36825.json b/2020/36xxx/CVE-2020-36825.json index 5aa54757632..774aa78c5a6 100644 --- a/2020/36xxx/CVE-2020-36825.json +++ b/2020/36xxx/CVE-2020-36825.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36825", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function download_file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The patch is identified as 0c394a795b9c10c07085361e6fcea286ee793701. It is recommended to apply a patch to fix this issue. VDB-257782 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In cyberaz0r WebRAT bis 20191222 wurde eine kritische Schwachstelle gefunden. Betroffen ist die Funktion download_file der Datei Server/api.php. Durch Manipulieren des Arguments name mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 0c394a795b9c10c07085361e6fcea286ee793701 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cyberaz0r", + "product": { + "product_data": [ + { + "product_name": "WebRAT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20191222" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257782", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257782" + }, + { + "url": "https://vuldb.com/?ctiid.257782", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257782" + }, + { + "url": "https://github.com/cyberaz0r/WebRAT/commit/0c394a795b9c10c07085361e6fcea286ee793701", + "refsource": "MISC", + "name": "https://github.com/cyberaz0r/WebRAT/commit/0c394a795b9c10c07085361e6fcea286ee793701" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2020/36xxx/CVE-2020-36826.json b/2020/36xxx/CVE-2020-36826.json new file mode 100644 index 00000000000..77893ae1d19 --- /dev/null +++ b/2020/36xxx/CVE-2020-36826.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-36826", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36827.json b/2020/36xxx/CVE-2020-36827.json new file mode 100644 index 00000000000..3d749940cde --- /dev/null +++ b/2020/36xxx/CVE-2020-36827.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-36827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/amaltsev/XAO-Web/commit/20dd1d3bc5b811503f5722a16037b60197fe7ef4", + "refsource": "MISC", + "name": "https://github.com/amaltsev/XAO-Web/commit/20dd1d3bc5b811503f5722a16037b60197fe7ef4" + }, + { + "url": "https://metacpan.org/dist/XAO-Web/changes", + "refsource": "MISC", + "name": "https://metacpan.org/dist/XAO-Web/changes" + } + ] + } +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26930.json b/2021/26xxx/CVE-2021-26930.json index 7417b219df9..60aca621bf7 100644 --- a/2021/26xxx/CVE-2021-26930.json +++ b/2021/26xxx/CVE-2021-26930.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=871997bc9e423f05c7da7c9178e62dde5df2a7f8", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=871997bc9e423f05c7da7c9178e62dde5df2a7f8" } ] } diff --git a/2021/26xxx/CVE-2021-26931.json b/2021/26xxx/CVE-2021-26931.json index b1390567492..5b477c00d53 100644 --- a/2021/26xxx/CVE-2021-26931.json +++ b/2021/26xxx/CVE-2021-26931.json @@ -81,6 +81,21 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7c77474b2d22176d2bfb592ec74e0f2cb71352c9", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7c77474b2d22176d2bfb592ec74e0f2cb71352c9" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a264285ed1cd32e26d9de4f3c8c6855e467fd63", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a264285ed1cd32e26d9de4f3c8c6855e467fd63" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3194a1746e8aabe86075fd3c5e7cf1f4632d7f16", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3194a1746e8aabe86075fd3c5e7cf1f4632d7f16" } ] } diff --git a/2021/28xxx/CVE-2021-28038.json b/2021/28xxx/CVE-2021-28038.json index a5541e8124f..7428ab57052 100644 --- a/2021/28xxx/CVE-2021-28038.json +++ b/2021/28xxx/CVE-2021-28038.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210409-0001/", "url": "https://security.netapp.com/advisory/ntap-20210409-0001/" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2991397d23ec597405b116d96de3813420bdcbc3", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2991397d23ec597405b116d96de3813420bdcbc3" } ] } diff --git a/2021/32xxx/CVE-2021-32606.json b/2021/32xxx/CVE-2021-32606.json index 39909f1b0f2..b714351f00b 100644 --- a/2021/32xxx/CVE-2021-32606.json +++ b/2021/32xxx/CVE-2021-32606.json @@ -96,6 +96,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210625-0001/", "url": "https://security.netapp.com/advisory/ntap-20210625-0001/" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b17c400aeb44daf041627722581ade527bb3c1d", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b17c400aeb44daf041627722581ade527bb3c1d" } ] } diff --git a/2021/37xxx/CVE-2021-37159.json b/2021/37xxx/CVE-2021-37159.json index 89411cb129b..d7d5080d3f9 100644 --- a/2021/37xxx/CVE-2021-37159.json +++ b/2021/37xxx/CVE-2021-37159.json @@ -76,6 +76,21 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210819-0003/", "url": "https://security.netapp.com/advisory/ntap-20210819-0003/" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6ecfb39ba9d7316057cea823b196b734f6b18ca", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6ecfb39ba9d7316057cea823b196b734f6b18ca" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dcb713d53e2eadf42b878c12a471e74dc6ed3145", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dcb713d53e2eadf42b878c12a471e74dc6ed3145" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1188601", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1188601" } ] } diff --git a/2021/42xxx/CVE-2021-42327.json b/2021/42xxx/CVE-2021-42327.json index b137e0a85c0..c8bbe5f47ba 100644 --- a/2021/42xxx/CVE-2021-42327.json +++ b/2021/42xxx/CVE-2021-42327.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20211118-0005/", "url": "https://security.netapp.com/advisory/ntap-20211118-0005/" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f23750b5b3d98653b31d4469592935ef6364ad67", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f23750b5b3d98653b31d4469592935ef6364ad67" } ] } diff --git a/2021/42xxx/CVE-2021-42739.json b/2021/42xxx/CVE-2021-42739.json index b140710b062..c9fc34e9981 100644 --- a/2021/42xxx/CVE-2021-42739.json +++ b/2021/42xxx/CVE-2021-42739.json @@ -49,6 +49,16 @@ "name": "https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/", "url": "https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/" }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35d2969ea3c7d32aee78066b1f3cf61a0d935a4e" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2021/q2/46", + "url": "https://seclists.org/oss-sec/2021/q2/46" + }, { "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1951739", @@ -70,7 +80,7 @@ "description_data": [ { "lang": "eng", - "value": "A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." + "value": "The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking." } ] } diff --git a/2021/43xxx/CVE-2021-43976.json b/2021/43xxx/CVE-2021-43976.json index 5ececca1c81..2e1656e6023 100644 --- a/2021/43xxx/CVE-2021-43976.json +++ b/2021/43xxx/CVE-2021-43976.json @@ -96,6 +96,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20211210-0001/", "url": "https://security.netapp.com/advisory/ntap-20211210-0001/" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04d80663f67ccef893061b49ec8a42ff7045ae84", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04d80663f67ccef893061b49ec8a42ff7045ae84" } ] } diff --git a/2021/44xxx/CVE-2021-44733.json b/2021/44xxx/CVE-2021-44733.json index 478ae2a73de..3465453da04 100644 --- a/2021/44xxx/CVE-2021-44733.json +++ b/2021/44xxx/CVE-2021-44733.json @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-5096", "url": "https://www.debian.org/security/2022/dsa-5096" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfd0743f1d9ea76931510ed150334d571fbab49d", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfd0743f1d9ea76931510ed150334d571fbab49d" } ] } diff --git a/2021/47xxx/CVE-2021-47154.json b/2021/47xxx/CVE-2021-47154.json index de48eb8c6a1..908ba82c513 100644 --- a/2021/47xxx/CVE-2021-47154.json +++ b/2021/47xxx/CVE-2021-47154.json @@ -71,6 +71,11 @@ "url": "https://metacpan.org/dist/Net-CIDR-Lite/changes", "refsource": "MISC", "name": "https://metacpan.org/dist/Net-CIDR-Lite/changes" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20240323 [SECURITY] [DLA 3770-1] libnet-cidr-lite-perl security update", + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00023.html" } ] } diff --git a/2022/44xxx/CVE-2022-44032.json b/2022/44xxx/CVE-2022-44032.json index b6badb26df1..7466495a9b0 100644 --- a/2022/44xxx/CVE-2022-44032.json +++ b/2022/44xxx/CVE-2022-44032.json @@ -61,6 +61,11 @@ "url": "https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/", "refsource": "MISC", "name": "https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15" } ] } diff --git a/2022/44xxx/CVE-2022-44033.json b/2022/44xxx/CVE-2022-44033.json index 6cbc2ef1902..55d0b6f081d 100644 --- a/2022/44xxx/CVE-2022-44033.json +++ b/2022/44xxx/CVE-2022-44033.json @@ -61,6 +61,11 @@ "url": "https://lore.kernel.org/lkml/20220919040457.GA302681@ubuntu/", "refsource": "MISC", "name": "https://lore.kernel.org/lkml/20220919040457.GA302681@ubuntu/" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15" } ] } diff --git a/2022/44xxx/CVE-2022-44034.json b/2022/44xxx/CVE-2022-44034.json index 83c013585fe..36516c0a225 100644 --- a/2022/44xxx/CVE-2022-44034.json +++ b/2022/44xxx/CVE-2022-44034.json @@ -61,6 +61,11 @@ "url": "https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/", "refsource": "MISC", "name": "https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15" } ] } diff --git a/2023/43xxx/CVE-2023-43279.json b/2023/43xxx/CVE-2023-43279.json index 9b4e7ffb0b6..0b1e2cf6779 100644 --- a/2023/43xxx/CVE-2023-43279.json +++ b/2023/43xxx/CVE-2023-43279.json @@ -61,6 +61,16 @@ "refsource": "FEDORA", "name": "FEDORA-2024-96903c39cb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-ec1fba69c2", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-b3b2a95168", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/" } ] } diff --git a/2023/4xxx/CVE-2023-4256.json b/2023/4xxx/CVE-2023-4256.json index 2f47228a21d..16817d2ec83 100644 --- a/2023/4xxx/CVE-2023-4256.json +++ b/2023/4xxx/CVE-2023-4256.json @@ -103,6 +103,16 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/" } ] }, diff --git a/2023/6xxx/CVE-2023-6597.json b/2023/6xxx/CVE-2023-6597.json index e49f7e2e70b..24419d5ea2b 100644 --- a/2023/6xxx/CVE-2023-6597.json +++ b/2023/6xxx/CVE-2023-6597.json @@ -113,6 +113,11 @@ "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/", "refsource": "MISC", "name": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html" } ] }, diff --git a/2024/0xxx/CVE-2024-0450.json b/2024/0xxx/CVE-2024-0450.json index 8a43d23739f..674772084d1 100644 --- a/2024/0xxx/CVE-2024-0450.json +++ b/2024/0xxx/CVE-2024-0450.json @@ -119,6 +119,16 @@ "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/", "refsource": "MISC", "name": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html" } ] }, diff --git a/2024/1xxx/CVE-2024-1603.json b/2024/1xxx/CVE-2024-1603.json index bb56bda23a0..455486c6da9 100644 --- a/2024/1xxx/CVE-2024-1603.json +++ b/2024/1xxx/CVE-2024-1603.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1603", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "paddle-security@baidu.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-73 External Control of File Name or Path", + "cweId": "CWE-73" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "paddlepaddle", + "product": { + "product_data": [ + { + "product_name": "paddlepaddle/paddle", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "latest" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929e", + "refsource": "MISC", + "name": "https://huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929e" + } + ] + }, + "source": { + "advisory": "7739eced-73a3-4a96-afcd-9c753c55929e", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "baseScore": 8.2, + "baseSeverity": "HIGH" } ] } diff --git a/2024/1xxx/CVE-2024-1936.json b/2024/1xxx/CVE-2024-1936.json index a986937bf32..28398eaad17 100644 --- a/2024/1xxx/CVE-2024-1936.json +++ b/2024/1xxx/CVE-2024-1936.json @@ -63,6 +63,11 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2024-11/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2024-11/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" } ] }, diff --git a/2024/22xxx/CVE-2024-22871.json b/2024/22xxx/CVE-2024-22871.json index 0012a07ff06..741e4cad437 100644 --- a/2024/22xxx/CVE-2024-22871.json +++ b/2024/22xxx/CVE-2024-22871.json @@ -61,6 +61,16 @@ "refsource": "FEDORA", "name": "FEDORA-2024-f7745a5990", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWWK2SO2MH4SXPO6L444MM6LHVLVFULV/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-91dab41dfa", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-270cd506bb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFPGUDXMW6OXKIDGCOZFEAXO74VQIB2T/" } ] } diff --git a/2024/23xxx/CVE-2024-23755.json b/2024/23xxx/CVE-2024-23755.json index 06a223a66b2..e8afa4ef309 100644 --- a/2024/23xxx/CVE-2024-23755.json +++ b/2024/23xxx/CVE-2024-23755.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-23755", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-23755", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.electronjs.org/docs/latest/tutorial/fuses", + "refsource": "MISC", + "name": "https://www.electronjs.org/docs/latest/tutorial/fuses" + }, + { + "url": "https://clickup.com/terms/security-policy", + "refsource": "MISC", + "name": "https://clickup.com/terms/security-policy" + }, + { + "refsource": "MISC", + "name": "https://www.electronjs.org/blog/statement-run-as-node-cves", + "url": "https://www.electronjs.org/blog/statement-run-as-node-cves" + }, + { + "refsource": "MISC", + "name": "https://clickup.com/security/disclosures", + "url": "https://clickup.com/security/disclosures" } ] } diff --git a/2024/24xxx/CVE-2024-24725.json b/2024/24xxx/CVE-2024-24725.json index 4fe9fbe1a86..02585c9be70 100644 --- a/2024/24xxx/CVE-2024-24725.json +++ b/2024/24xxx/CVE-2024-24725.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24725", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24725", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gibbonedu.org/download/", + "refsource": "MISC", + "name": "https://gibbonedu.org/download/" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/51903", + "url": "https://www.exploit-db.com/exploits/51903" } ] } diff --git a/2024/24xxx/CVE-2024-24786.json b/2024/24xxx/CVE-2024-24786.json index 53ee427073e..54f6c88fd19 100644 --- a/2024/24xxx/CVE-2024-24786.json +++ b/2024/24xxx/CVE-2024-24786.json @@ -75,6 +75,11 @@ "url": "https://pkg.go.dev/vuln/GO-2024-2611", "refsource": "MISC", "name": "https://pkg.go.dev/vuln/GO-2024-2611" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/" } ] } diff --git a/2024/24xxx/CVE-2024-24832.json b/2024/24xxx/CVE-2024-24832.json index 328c6db2836..ce4c736d312 100644 --- a/2024/24xxx/CVE-2024-24832.json +++ b/2024/24xxx/CVE-2024-24832.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24832", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Metagauss", + "product": { + "product_data": [ + { + "product_name": "EventPrime", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.4.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.3.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-3-9-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-3-9-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.4.0 or a higher version." + } + ], + "value": "Update to 3.4.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/24xxx/CVE-2024-24835.json b/2024/24xxx/CVE-2024-24835.json index cc8c2a03fa0..b548b1ae433 100644 --- a/2024/24xxx/CVE-2024-24835.json +++ b/2024/24xxx/CVE-2024-24835.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24835", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "realmag777", + "product": { + "product_data": [ + { + "product_name": "BEAR", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.1.4.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.1.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.1.4.1 or a higher version." + } + ], + "value": "Update to 1.1.4.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/24xxx/CVE-2024-24840.json b/2024/24xxx/CVE-2024-24840.json index b79e849ac82..da309dd50f3 100644 --- a/2024/24xxx/CVE-2024-24840.json +++ b/2024/24xxx/CVE-2024-24840.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24840", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "BdThemes", + "product": { + "product_data": [ + { + "product_name": "Element Pack Elementor Addons", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "5.4.12", + "status": "unaffected" + } + ], + "lessThanOrEqual": "5.4.11", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-elementor-addons-plugin-5-4-11-broken-access-control-on-duplicate-post-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-elementor-addons-plugin-5-4-11-broken-access-control-on-duplicate-post-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 5.4.12 or a higher version." + } + ], + "value": "Update to 5.4.12 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abu Hurayra (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29034.json b/2024/29xxx/CVE-2024-29034.json index a5dcfbf42a9..5871e476166 100644 --- a/2024/29xxx/CVE-2024-29034.json +++ b/2024/29xxx/CVE-2024-29034.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29034", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. Upgrade to 3.0.7 or 2.2.6.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-436: Interpretation Conflict", + "cweId": "CWE-436" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "carrierwaveuploader", + "product": { + "product_data": [ + { + "product_name": "carrierwave", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.0.0, < 3.0.7" + }, + { + "version_affected": "=", + "version_value": "< 2.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw", + "refsource": "MISC", + "name": "https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw" + }, + { + "url": "https://github.com/carrierwaveuploader/carrierwave/commit/25b1c800d45ef8e78dc445ebe3bd8a6e3f0a3477", + "refsource": "MISC", + "name": "https://github.com/carrierwaveuploader/carrierwave/commit/25b1c800d45ef8e78dc445ebe3bd8a6e3f0a3477" + } + ] + }, + "source": { + "advisory": "GHSA-vfmv-jfc5-pjjw", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29187.json b/2024/29xxx/CVE-2024-29187.json index 19fc404ae27..086138544b2 100644 --- a/2024/29xxx/CVE-2024-29187.json +++ b/2024/29xxx/CVE-2024-29187.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29187", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\\Windows\\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wixtoolset", + "product": { + "product_data": [ + { + "product_name": "issues", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.14.1" + }, + { + "version_affected": "=", + "version_value": ">= 4.0.0, < 4.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r", + "refsource": "MISC", + "name": "https://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r" + }, + { + "url": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7", + "refsource": "MISC", + "name": "https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7" + }, + { + "url": "https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9", + "refsource": "MISC", + "name": "https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9" + } + ] + }, + "source": { + "advisory": "GHSA-rf39-3f98-xr7r", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29188.json b/2024/29xxx/CVE-2024-29188.json index a3d012152f7..830efca1a71 100644 --- a/2024/29xxx/CVE-2024-29188.json +++ b/2024/29xxx/CVE-2024-29188.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29188", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed `RemoveFolderEx` to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction. This vulnerability is fixed in 3.14.1 and 4.0.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", + "cweId": "CWE-59" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wixtoolset", + "product": { + "product_data": [ + { + "product_name": "issues", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.14.1" + }, + { + "version_affected": "=", + "version_value": ">= 4.0.0, < 4.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/wixtoolset/issues/security/advisories/GHSA-jx4p-m4wm-vvjg", + "refsource": "MISC", + "name": "https://github.com/wixtoolset/issues/security/advisories/GHSA-jx4p-m4wm-vvjg" + }, + { + "url": "https://github.com/wixtoolset/wix/commit/2e5960b575881567a8807e6b8b9c513138b19742", + "refsource": "MISC", + "name": "https://github.com/wixtoolset/wix/commit/2e5960b575881567a8807e6b8b9c513138b19742" + }, + { + "url": "https://github.com/wixtoolset/wix3/commit/93eeb5f6835776694021f66d4226c262c67d487a", + "refsource": "MISC", + "name": "https://github.com/wixtoolset/wix3/commit/93eeb5f6835776694021f66d4226c262c67d487a" + } + ] + }, + "source": { + "advisory": "GHSA-jx4p-m4wm-vvjg", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29194.json b/2024/29xxx/CVE-2024-29194.json index 2d4729127ef..0639565d7e9 100644 --- a/2024/29xxx/CVE-2024-29194.json +++ b/2024/29xxx/CVE-2024-29194.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29194", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the is_master_admin key, stored in the local storage of the browser, can be manipulated by an attacker. By changing this key from false to true, the application grants administrative privileges to the user, without proper server-side validation. This has been patched in 7.0.1815." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639: Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OneUptime", + "product": { + "product_data": [ + { + "product_name": "oneuptime", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 7.0.1815" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-246p-xmg8-wmcq", + "refsource": "MISC", + "name": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-246p-xmg8-wmcq" + }, + { + "url": "https://github.com/OneUptime/oneuptime/commit/14016d23d834038dd65d3a96cf71af04b556a32c", + "refsource": "MISC", + "name": "https://github.com/OneUptime/oneuptime/commit/14016d23d834038dd65d3a96cf71af04b556a32c" + } + ] + }, + "source": { + "advisory": "GHSA-246p-xmg8-wmcq", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29650.json b/2024/29xxx/CVE-2024-29650.json index bffe1fddb04..270d661ff1b 100644 --- a/2024/29xxx/CVE-2024-29650.json +++ b/2024/29xxx/CVE-2024-29650.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-29650", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-29650", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/tariqhawis/1bc340ca5ea6ae115c9ab9665cfd5921", + "refsource": "MISC", + "name": "https://gist.github.com/tariqhawis/1bc340ca5ea6ae115c9ab9665cfd5921" + }, + { + "url": "https://learn.snyk.io/lesson/prototype-pollution/#a0a863a5-fd3a-539f-e1ed-a0769f6c6e3b", + "refsource": "MISC", + "name": "https://learn.snyk.io/lesson/prototype-pollution/#a0a863a5-fd3a-539f-e1ed-a0769f6c6e3b" } ] } diff --git a/2024/2xxx/CVE-2024-2611.json b/2024/2xxx/CVE-2024-2611.json index 4dc671e2dd2..427f6b13cc2 100644 --- a/2024/2xxx/CVE-2024-2611.json +++ b/2024/2xxx/CVE-2024-2611.json @@ -97,6 +97,11 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" } ] }, diff --git a/2024/2xxx/CVE-2024-2614.json b/2024/2xxx/CVE-2024-2614.json index 1528b444ca6..834d2bceb99 100644 --- a/2024/2xxx/CVE-2024-2614.json +++ b/2024/2xxx/CVE-2024-2614.json @@ -97,6 +97,11 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" } ] }, diff --git a/2024/2xxx/CVE-2024-2849.json b/2024/2xxx/CVE-2024-2849.json index de0a70b0395..6e6938abd25 100644 --- a/2024/2xxx/CVE-2024-2849.json +++ b/2024/2xxx/CVE-2024-2849.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2849", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester Simple File Manager 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion. Durch das Manipulieren des Arguments photo mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Simple File Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257770", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257770" + }, + { + "url": "https://vuldb.com/?ctiid.257770", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257770" + }, + { + "url": "https://github.com/CveSecLook/cve/issues/1", + "refsource": "MISC", + "name": "https://github.com/CveSecLook/cve/issues/1" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "FanYZ (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2850.json b/2024/2xxx/CVE-2024-2850.json index f7759d9b649..6ca0e16e7af 100644 --- a/2024/2xxx/CVE-2024-2850.json +++ b/2024/2xxx/CVE-2024-2850.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2850", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Tenda AC15 15.03.05.18 gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion saveParentControlInfo der Datei /goform/saveParentControlInfo. Dank der Manipulation des Arguments urls mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC15", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.05.18" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257774", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257774" + }, + { + "url": "https://vuldb.com/?ctiid.257774", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257774" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2851.json b/2024/2xxx/CVE-2024-2851.json index 748f257ffe1..9a348305dda 100644 --- a/2024/2xxx/CVE-2024-2851.json +++ b/2024/2xxx/CVE-2024-2851.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Tenda AC15 15.03.05.18/15.03.20_multi ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion formSetSambaConf der Datei /goform/setsambacfg. Dank Manipulation des Arguments usbName mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC15", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.05.18" + }, + { + "version_affected": "=", + "version_value": "15.03.20_multi" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257775", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257775" + }, + { + "url": "https://vuldb.com/?ctiid.257775", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257775" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2852.json b/2024/2xxx/CVE-2024-2852.json index 4e4bd94dd42..d4e4335aa04 100644 --- a/2024/2xxx/CVE-2024-2852.json +++ b/2024/2xxx/CVE-2024-2852.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2852", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Tenda AC15 15.03.20_multi wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion saveParentControlInfo der Datei /goform/saveParentControlInfo. Mit der Manipulation des Arguments urls mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC15", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.20_multi" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257776", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257776" + }, + { + "url": "https://vuldb.com/?ctiid.257776", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257776" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2853.json b/2024/2xxx/CVE-2024-2853.json index cba35e4734e..fafc6c756d2 100644 --- a/2024/2xxx/CVE-2024-2853.json +++ b/2024/2xxx/CVE-2024-2853.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Tenda AC10U 15.03.06.48/15.03.06.49 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion formSetSambaConf der Datei /goform/setsambacfg. Durch die Manipulation des Arguments usbName mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC10U", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.06.48" + }, + { + "version_affected": "=", + "version_value": "15.03.06.49" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257777", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257777" + }, + { + "url": "https://vuldb.com/?ctiid.257777", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257777" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetSambaConf.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetSambaConf.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2854.json b/2024/2xxx/CVE-2024-2854.json index ce9f1cbf0d3..51076bc51aa 100644 --- a/2024/2xxx/CVE-2024-2854.json +++ b/2024/2xxx/CVE-2024-2854.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2854", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Tenda AC18 15.03.05.05 entdeckt. Dabei betrifft es die Funktion formSetSambaConf der Datei /goform/setsambacfg. Durch Manipulation des Arguments usbName mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC18", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.05.05" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257778", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257778" + }, + { + "url": "https://vuldb.com/?ctiid.257778", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257778" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2855.json b/2024/2xxx/CVE-2024-2855.json index 919bd9b7585..ecae21b7442 100644 --- a/2024/2xxx/CVE-2024-2855.json +++ b/2024/2xxx/CVE-2024-2855.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2855", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Tenda AC15 15.03.05.18/15.03.05.19/15.03.20 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion fromSetSysTime der Datei /goform/SetSysTimeCfg. Mittels dem Manipulieren des Arguments time mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC15", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.05.18" + }, + { + "version_affected": "=", + "version_value": "15.03.05.19" + }, + { + "version_affected": "=", + "version_value": "15.03.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257779", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257779" + }, + { + "url": "https://vuldb.com/?ctiid.257779", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257779" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromSetSysTime.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromSetSysTime.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2856.json b/2024/2xxx/CVE-2024-2856.json index 2079b594762..f44d55e9b3c 100644 --- a/2024/2xxx/CVE-2024-2856.json +++ b/2024/2xxx/CVE-2024-2856.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2856", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Tenda AC10 16.03.10.13/16.03.10.20 entdeckt. Davon betroffen ist die Funktion fromSetSysTime der Datei /goform/SetSysTimeCfg. Mittels Manipulieren des Arguments timeZone mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC10", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "16.03.10.13" + }, + { + "version_affected": "=", + "version_value": "16.03.10.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257780", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257780" + }, + { + "url": "https://vuldb.com/?ctiid.257780", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257780" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2857.json b/2024/2xxx/CVE-2024-2857.json new file mode 100644 index 00000000000..b8cda0165af --- /dev/null +++ b/2024/2xxx/CVE-2024-2857.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2857", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2858.json b/2024/2xxx/CVE-2024-2858.json new file mode 100644 index 00000000000..d545e3d8843 --- /dev/null +++ b/2024/2xxx/CVE-2024-2858.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2858", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2859.json b/2024/2xxx/CVE-2024-2859.json new file mode 100644 index 00000000000..ebe1fc764de --- /dev/null +++ b/2024/2xxx/CVE-2024-2859.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2859", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2860.json b/2024/2xxx/CVE-2024-2860.json new file mode 100644 index 00000000000..ac13d294182 --- /dev/null +++ b/2024/2xxx/CVE-2024-2860.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2860", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2861.json b/2024/2xxx/CVE-2024-2861.json new file mode 100644 index 00000000000..c979d80d6bd --- /dev/null +++ b/2024/2xxx/CVE-2024-2861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2867.json b/2024/2xxx/CVE-2024-2867.json new file mode 100644 index 00000000000..cf5afed5cb7 --- /dev/null +++ b/2024/2xxx/CVE-2024-2867.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30156.json b/2024/30xxx/CVE-2024-30156.json new file mode 100644 index 00000000000..2a7baf7bbd4 --- /dev/null +++ b/2024/30xxx/CVE-2024-30156.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-30156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://varnish-cache.org/security/VSV00014.html", + "refsource": "MISC", + "name": "https://varnish-cache.org/security/VSV00014.html" + }, + { + "url": "https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security", + "refsource": "MISC", + "name": "https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security" + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30157.json b/2024/30xxx/CVE-2024-30157.json new file mode 100644 index 00000000000..442d43a7368 --- /dev/null +++ b/2024/30xxx/CVE-2024-30157.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30157", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30158.json b/2024/30xxx/CVE-2024-30158.json new file mode 100644 index 00000000000..35742da04f4 --- /dev/null +++ b/2024/30xxx/CVE-2024-30158.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30158", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30159.json b/2024/30xxx/CVE-2024-30159.json new file mode 100644 index 00000000000..e739d31b4cc --- /dev/null +++ b/2024/30xxx/CVE-2024-30159.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30159", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30160.json b/2024/30xxx/CVE-2024-30160.json new file mode 100644 index 00000000000..3000e6aa1e9 --- /dev/null +++ b/2024/30xxx/CVE-2024-30160.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30160", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30161.json b/2024/30xxx/CVE-2024-30161.json new file mode 100644 index 00000000000..930c33b7523 --- /dev/null +++ b/2024/30xxx/CVE-2024-30161.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-30161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may access QNetworkReply header data via a dangling pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://codereview.qt-project.org/c/qt/qtbase/+/544314", + "refsource": "MISC", + "name": "https://codereview.qt-project.org/c/qt/qtbase/+/544314" + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30162.json b/2024/30xxx/CVE-2024-30162.json new file mode 100644 index 00000000000..7a07ebcdefc --- /dev/null +++ b/2024/30xxx/CVE-2024-30162.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30162", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30163.json b/2024/30xxx/CVE-2024-30163.json new file mode 100644 index 00000000000..f2a706e362e --- /dev/null +++ b/2024/30xxx/CVE-2024-30163.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30163", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30164.json b/2024/30xxx/CVE-2024-30164.json new file mode 100644 index 00000000000..39cb4d97e6f --- /dev/null +++ b/2024/30xxx/CVE-2024-30164.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30164", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30165.json b/2024/30xxx/CVE-2024-30165.json new file mode 100644 index 00000000000..99a267af194 --- /dev/null +++ b/2024/30xxx/CVE-2024-30165.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30165", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30166.json b/2024/30xxx/CVE-2024-30166.json new file mode 100644 index 00000000000..e7f24098fe7 --- /dev/null +++ b/2024/30xxx/CVE-2024-30166.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30166", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30167.json b/2024/30xxx/CVE-2024-30167.json new file mode 100644 index 00000000000..4ece5cfa2c3 --- /dev/null +++ b/2024/30xxx/CVE-2024-30167.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30167", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30168.json b/2024/30xxx/CVE-2024-30168.json new file mode 100644 index 00000000000..35b92c8aef3 --- /dev/null +++ b/2024/30xxx/CVE-2024-30168.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30168", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30169.json b/2024/30xxx/CVE-2024-30169.json new file mode 100644 index 00000000000..726f2e3a8a7 --- /dev/null +++ b/2024/30xxx/CVE-2024-30169.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30169", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30170.json b/2024/30xxx/CVE-2024-30170.json new file mode 100644 index 00000000000..998055bbc9b --- /dev/null +++ b/2024/30xxx/CVE-2024-30170.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30170", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30171.json b/2024/30xxx/CVE-2024-30171.json new file mode 100644 index 00000000000..123e9ec8cf5 --- /dev/null +++ b/2024/30xxx/CVE-2024-30171.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30171", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30172.json b/2024/30xxx/CVE-2024-30172.json new file mode 100644 index 00000000000..abd917bddf7 --- /dev/null +++ b/2024/30xxx/CVE-2024-30172.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30172", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30173.json b/2024/30xxx/CVE-2024-30173.json new file mode 100644 index 00000000000..c6437dab415 --- /dev/null +++ b/2024/30xxx/CVE-2024-30173.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30173", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30174.json b/2024/30xxx/CVE-2024-30174.json new file mode 100644 index 00000000000..a156f0d8116 --- /dev/null +++ b/2024/30xxx/CVE-2024-30174.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30174", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30175.json b/2024/30xxx/CVE-2024-30175.json new file mode 100644 index 00000000000..1549037b887 --- /dev/null +++ b/2024/30xxx/CVE-2024-30175.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30175", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30176.json b/2024/30xxx/CVE-2024-30176.json new file mode 100644 index 00000000000..88dcec03327 --- /dev/null +++ b/2024/30xxx/CVE-2024-30176.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30176", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30202.json b/2024/30xxx/CVE-2024-30202.json new file mode 100644 index 00000000000..3bc6bb8fa04 --- /dev/null +++ b/2024/30xxx/CVE-2024-30202.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-30202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29", + "refsource": "MISC", + "name": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29" + }, + { + "refsource": "MISC", + "name": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9", + "url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9" + }, + { + "refsource": "MISC", + "name": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb", + "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb" + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30203.json b/2024/30xxx/CVE-2024-30203.json new file mode 100644 index 00000000000..e7ac422342e --- /dev/null +++ b/2024/30xxx/CVE-2024-30203.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-30203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Emacs before 29.3, Gnus treats inline MIME contents as trusted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29", + "refsource": "MISC", + "name": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29" + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30204.json b/2024/30xxx/CVE-2024-30204.json new file mode 100644 index 00000000000..968c8f293ec --- /dev/null +++ b/2024/30xxx/CVE-2024-30204.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-30204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29", + "refsource": "MISC", + "name": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29" + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30205.json b/2024/30xxx/CVE-2024-30205.json new file mode 100644 index 00000000000..04a4fdee807 --- /dev/null +++ b/2024/30xxx/CVE-2024-30205.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-30205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29", + "refsource": "MISC", + "name": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29" + }, + { + "refsource": "MISC", + "name": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d", + "url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d" + }, + { + "refsource": "MISC", + "name": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877", + "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877" + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30206.json b/2024/30xxx/CVE-2024-30206.json new file mode 100644 index 00000000000..69fcbc182c8 --- /dev/null +++ b/2024/30xxx/CVE-2024-30206.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30206", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30207.json b/2024/30xxx/CVE-2024-30207.json new file mode 100644 index 00000000000..a8a025765b8 --- /dev/null +++ b/2024/30xxx/CVE-2024-30207.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30207", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30208.json b/2024/30xxx/CVE-2024-30208.json new file mode 100644 index 00000000000..815406e8675 --- /dev/null +++ b/2024/30xxx/CVE-2024-30208.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30208", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30209.json b/2024/30xxx/CVE-2024-30209.json new file mode 100644 index 00000000000..a399e8e5a77 --- /dev/null +++ b/2024/30xxx/CVE-2024-30209.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30209", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file