diff --git a/2024/38xxx/CVE-2024-38817.json b/2024/38xxx/CVE-2024-38817.json index 6481da7296a..caf1e24d1a0 100644 --- a/2024/38xxx/CVE-2024-38817.json +++ b/2024/38xxx/CVE-2024-38817.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Mware NSX contains a command injection vulnerability.\u00a0\n\nA malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root." + "value": "VMware NSX contains a command injection vulnerability.\u00a0\n\nA malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root." } ] }, diff --git a/2024/6xxx/CVE-2024-6747.json b/2024/6xxx/CVE-2024-6747.json index 8038b21f312..3a4e4ac95a8 100644 --- a/2024/6xxx/CVE-2024-6747.json +++ b/2024/6xxx/CVE-2024-6747.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6747", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@checkmk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-201: Insertion of Sensitive Information Into Sent Data", + "cweId": "CWE-201" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Checkmk GmbH", + "product": { + "product_data": [ + { + "product_name": "Checkmk", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.3.0", + "version_value": "2.3.0p18" + }, + { + "version_affected": "<", + "version_name": "2.2.0", + "version_value": "2.2.0p36" + }, + { + "version_affected": "<", + "version_name": "2.1.0", + "version_value": "2.1.0p49" + }, + { + "version_affected": "<=", + "version_name": "2.0.0", + "version_value": "2.0.0p39" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://checkmk.com/werk/17145", + "refsource": "MISC", + "name": "https://checkmk.com/werk/17145" + } + ] + }, + "impact": { + "cvss": [ + { + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/7xxx/CVE-2024-7049.json b/2024/7xxx/CVE-2024-7049.json index 873819c1282..3ba887b862b 100644 --- a/2024/7xxx/CVE-2024-7049.json +++ b/2024/7xxx/CVE-2024-7049.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7049", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@huntr.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-488 Exposure of Data Element to Wrong Session", + "cweId": "CWE-488" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "open-webui", + "product": { + "product_data": [ + { + "product_name": "open-webui/open-webui", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "latest" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.com/bounties/ee9e3532-8ef1-4599-bb59-b8e2ba43a1fc", + "refsource": "MISC", + "name": "https://huntr.com/bounties/ee9e3532-8ef1-4599-bb59-b8e2ba43a1fc" + } + ] + }, + "source": { + "advisory": "ee9e3532-8ef1-4599-bb59-b8e2ba43a1fc", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/9xxx/CVE-2024-9793.json b/2024/9xxx/CVE-2024-9793.json new file mode 100644 index 00000000000..37a9ae5fca8 --- /dev/null +++ b/2024/9xxx/CVE-2024-9793.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9793", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9794.json b/2024/9xxx/CVE-2024-9794.json new file mode 100644 index 00000000000..c6b2c4ea0f4 --- /dev/null +++ b/2024/9xxx/CVE-2024-9794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9795.json b/2024/9xxx/CVE-2024-9795.json new file mode 100644 index 00000000000..c249b371922 --- /dev/null +++ b/2024/9xxx/CVE-2024-9795.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9795", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9796.json b/2024/9xxx/CVE-2024-9796.json new file mode 100644 index 00000000000..758219f97af --- /dev/null +++ b/2024/9xxx/CVE-2024-9796.json @@ -0,0 +1,80 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-9796", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP-Advanced-Search", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.3.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Wojciech Jezowski" + }, + { + "lang": "en", + "value": "WPScan" + } + ] +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9797.json b/2024/9xxx/CVE-2024-9797.json new file mode 100644 index 00000000000..3fdd79be136 --- /dev/null +++ b/2024/9xxx/CVE-2024-9797.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9797", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9798.json b/2024/9xxx/CVE-2024-9798.json new file mode 100644 index 00000000000..e4108a1c6e9 --- /dev/null +++ b/2024/9xxx/CVE-2024-9798.json @@ -0,0 +1,107 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-9798", + "ASSIGNER": "zowe-security@lists.openmainframeproject.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Open Mainframe Project", + "product": { + "product_data": [ + { + "product_name": "Zowe", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.0.0", + "version_value": "2.18.0" + }, + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "1.28.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zowe/api-layer", + "refsource": "MISC", + "name": "https://github.com/zowe/api-layer" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "No workaround is available." + } + ], + "exploit": [ + { + "lang": "en", + "value": "There are no known exploits of this issue however exploits targeting this issue are publicly available." + } + ], + "solution": [ + { + "lang": "en", + "value": "In version 2.18.0 set configuration property `apiml.health.protected` to `true` to require authentication or upgrade to version 3." + } + ], + "credits": [ + { + "lang": "en", + "value": "Pablo Hernan Carle" + }, + { + "lang": "en", + "value": "Pavel Jare\u0161" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:T/RC:C/CR:H/IR:H/AR:M/MAV:N/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H" + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9799.json b/2024/9xxx/CVE-2024-9799.json new file mode 100644 index 00000000000..46a146c5643 --- /dev/null +++ b/2024/9xxx/CVE-2024-9799.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9799", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9800.json b/2024/9xxx/CVE-2024-9800.json new file mode 100644 index 00000000000..e291948e41d --- /dev/null +++ b/2024/9xxx/CVE-2024-9800.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9800", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9801.json b/2024/9xxx/CVE-2024-9801.json new file mode 100644 index 00000000000..5e95492b196 --- /dev/null +++ b/2024/9xxx/CVE-2024-9801.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9801", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9802.json b/2024/9xxx/CVE-2024-9802.json new file mode 100644 index 00000000000..a375c0e8ad2 --- /dev/null +++ b/2024/9xxx/CVE-2024-9802.json @@ -0,0 +1,102 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-9802", + "ASSIGNER": "zowe-security@lists.openmainframeproject.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Open Mainframe Project", + "product": { + "product_data": [ + { + "product_name": "Zowe", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.11.0", + "version_value": "2.17.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zowe/api-layer", + "refsource": "MISC", + "name": "https://github.com/zowe/api-layer" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "No workaround is available." + } + ], + "exploit": [ + { + "lang": "en", + "value": "There are no known exploits of this issue however exploits targeting this issue are publicly available." + } + ], + "solution": [ + { + "lang": "en", + "value": "There is a fix since version 2.17.0, authentication is required for the endpoints." + } + ], + "credits": [ + { + "lang": "en", + "value": "Pablo Hernan Carle" + }, + { + "lang": "en", + "value": "Pavel Jare\u0161" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C" + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9803.json b/2024/9xxx/CVE-2024-9803.json new file mode 100644 index 00000000000..cd7bfa5bc90 --- /dev/null +++ b/2024/9xxx/CVE-2024-9803.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9803", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9804.json b/2024/9xxx/CVE-2024-9804.json new file mode 100644 index 00000000000..51c370e64d7 --- /dev/null +++ b/2024/9xxx/CVE-2024-9804.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9804", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9805.json b/2024/9xxx/CVE-2024-9805.json new file mode 100644 index 00000000000..92e3ce12776 --- /dev/null +++ b/2024/9xxx/CVE-2024-9805.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9805", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file