From 1fe9b5bab17a1bbbadcfd4e1a87704e251ec1469 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 14 Nov 2024 15:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/2xxx/CVE-2022-2232.json | 124 +++++++++++++++++++++++++++++++-- 2024/11xxx/CVE-2024-11210.json | 100 ++++++++++++++++++++++++-- 2024/11xxx/CVE-2024-11219.json | 18 +++++ 2024/50xxx/CVE-2024-50837.json | 56 +++++++++++++-- 2024/50xxx/CVE-2024-50838.json | 56 +++++++++++++-- 2024/52xxx/CVE-2024-52577.json | 18 +++++ 6 files changed, 352 insertions(+), 20 deletions(-) create mode 100644 2024/11xxx/CVE-2024-11219.json create mode 100644 2024/52xxx/CVE-2024-52577.json diff --git a/2022/2xxx/CVE-2022-2232.json b/2022/2xxx/CVE-2022-2232.json index cfc7fad04fd..62800913731 100644 --- a/2022/2xxx/CVE-2022-2232.json +++ b/2022/2xxx/CVE-2022-2232.json @@ -1,17 +1,133 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2232", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Single Sign-On 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0094", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0094" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0095", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0095" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0096", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0096" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2022-2232", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2022-2232" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096994", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2096994" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "This flaw requires a misconfiguration of the \"UUID LDAP Attribute\" values. When they are set to the standard entryUUID, objectGUID or nsuniqueid Keycloak is not vulnerable." + } + ], + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Konstantin Goldenberg (VHV) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/11xxx/CVE-2024-11210.json b/2024/11xxx/CVE-2024-11210.json index 613e6b59f52..88399afbcd4 100644 --- a/2024/11xxx/CVE-2024-11210.json +++ b/2024/11xxx/CVE-2024-11210.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11210", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in EyouCMS 1.51 ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion editFile der Datei application/admin/logic/FilemanagerLogic.php. Durch Beeinflussen des Arguments activepath mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EyouCMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.51" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.284525", + "refsource": "MISC", + "name": "https://vuldb.com/?id.284525" + }, + { + "url": "https://vuldb.com/?ctiid.284525", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.284525" + }, + { + "url": "https://vuldb.com/?submit.437451", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.437451" + }, + { + "url": "https://github.com/nn0nkey/nn0nkey/blob/main/eyoucms/mlcy.md", + "refsource": "MISC", + "name": "https://github.com/nn0nkey/nn0nkey/blob/main/eyoucms/mlcy.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "nn0nkey (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.5, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P" } ] } diff --git a/2024/11xxx/CVE-2024-11219.json b/2024/11xxx/CVE-2024-11219.json new file mode 100644 index 00000000000..a25780379b4 --- /dev/null +++ b/2024/11xxx/CVE-2024-11219.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11219", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50837.json b/2024/50xxx/CVE-2024-50837.json index b037a58b74b..7e0bdad87da 100644 --- a/2024/50xxx/CVE-2024-50837.json +++ b/2024/50xxx/CVE-2024-50837.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-50837", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-50837", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stored Cross-Site Scripting (XSS) vulnerability was found in /lms/admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters in a POST HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20admin%20user.pdf", + "refsource": "MISC", + "name": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20admin%20user.pdf" } ] } diff --git a/2024/50xxx/CVE-2024-50838.json b/2024/50xxx/CVE-2024-50838.json index edf7b036627..e4162101c3a 100644 --- a/2024/50xxx/CVE-2024-50838.json +++ b/2024/50xxx/CVE-2024-50838.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-50838", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-50838", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stored Cross-Site Scripting (XSS) vulnerability was found in /lms/admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters in a POST HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20Department.pdf", + "refsource": "MISC", + "name": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20Department.pdf" } ] } diff --git a/2024/52xxx/CVE-2024-52577.json b/2024/52xxx/CVE-2024-52577.json new file mode 100644 index 00000000000..15edebcae54 --- /dev/null +++ b/2024/52xxx/CVE-2024-52577.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-52577", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file