From 26d6198eec39a7594dbc3b669a827a74e527b58e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 19 Apr 2024 19:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4967.json | 18 ++++ 2024/31xxx/CVE-2024-31450.json | 91 ++++++++++++++++++++- 2024/32xxx/CVE-2024-32652.json | 86 ++++++++++++++++++- 2024/3xxx/CVE-2024-3979.json | 145 ++++++++++++++++++++++++++++++++- 4 files changed, 328 insertions(+), 12 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4967.json diff --git a/2022/4xxx/CVE-2022-4967.json b/2022/4xxx/CVE-2022-4967.json new file mode 100644 index 00000000000..858cb654a38 --- /dev/null +++ b/2022/4xxx/CVE-2022-4967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31450.json b/2024/31xxx/CVE-2024-31450.json index d3f62d8edfb..5a6ecee56fe 100644 --- a/2024/31xxx/CVE-2024-31450.json +++ b/2024/31xxx/CVE-2024-31450.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31450", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are saved on disk. The parameter name is taken from the JSON request and directly appended to the filepath that points to the emoji to delete. By using path traversal sequences (../), attackers with administrative privileges can exploit this endpoint to delete arbitrary files on the system, outside of the emoji directory. This vulnerability is fixed in 0.1.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "owncast", + "product": { + "product_data": [ + { + "product_name": "owncast", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://securitylab.github.com/advisories/GHSL-2023-277_Owncast/", + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2023-277_Owncast/" + }, + { + "url": "https://github.com/owncast/owncast/commit/1b14800c7d7f54be14ed4d130bfe7f480645076e", + "refsource": "MISC", + "name": "https://github.com/owncast/owncast/commit/1b14800c7d7f54be14ed4d130bfe7f480645076e" + }, + { + "url": "https://github.com/owncast/owncast/blob/v0.1.2/controllers/admin/emoji.go#L63", + "refsource": "MISC", + "name": "https://github.com/owncast/owncast/blob/v0.1.2/controllers/admin/emoji.go#L63" + }, + { + "url": "https://github.com/owncast/owncast/releases/tag/v0.1.3", + "refsource": "MISC", + "name": "https://github.com/owncast/owncast/releases/tag/v0.1.3" + } + ] + }, + "source": { + "advisory": "GHSA-9355-27m8-h74v", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 2.7, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/32xxx/CVE-2024-32652.json b/2024/32xxx/CVE-2024-32652.json index 84aab2b23bc..079ac8d78fa 100644 --- a/2024/32xxx/CVE-2024-32652.json +++ b/2024/32xxx/CVE-2024-32652.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32652", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a hostname such as an empty string, slashes `/`, and other strings. The version 1.10.1 includes the fix for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-755: Improper Handling of Exceptional Conditions", + "cweId": "CWE-755" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "honojs", + "product": { + "product_data": [ + { + "product_name": "node-server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.3.0, < 1.10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/honojs/node-server/security/advisories/GHSA-hgxw-5xg3-69jx", + "refsource": "MISC", + "name": "https://github.com/honojs/node-server/security/advisories/GHSA-hgxw-5xg3-69jx" + }, + { + "url": "https://github.com/honojs/node-server/issues/159", + "refsource": "MISC", + "name": "https://github.com/honojs/node-server/issues/159" + }, + { + "url": "https://github.com/honojs/node-server/commit/d847e60249fd8183ba0998bc379ba20505643204", + "refsource": "MISC", + "name": "https://github.com/honojs/node-server/commit/d847e60249fd8183ba0998bc379ba20505643204" + } + ] + }, + "source": { + "advisory": "GHSA-hgxw-5xg3-69jx", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3979.json b/2024/3xxx/CVE-2024-3979.json index 0157ca610cc..ff8b6f6be88 100644 --- a/2024/3xxx/CVE-2024-3979.json +++ b/2024/3xxx/CVE-2024-3979.json @@ -1,17 +1,154 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3979", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Affected by this issue is some unknown functionality. The manipulation leads to race condition. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261596." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in COVESA vsomeip bis 3.4.10 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion. Mittels dem Manipulieren mit unbekannten Daten kann eine race condition-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362 Race Condition", + "cweId": "CWE-362" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "COVESA", + "product": { + "product_data": [ + { + "product_name": "vsomeip", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.4.0" + }, + { + "version_affected": "=", + "version_value": "3.4.1" + }, + { + "version_affected": "=", + "version_value": "3.4.2" + }, + { + "version_affected": "=", + "version_value": "3.4.3" + }, + { + "version_affected": "=", + "version_value": "3.4.4" + }, + { + "version_affected": "=", + "version_value": "3.4.5" + }, + { + "version_affected": "=", + "version_value": "3.4.6" + }, + { + "version_affected": "=", + "version_value": "3.4.7" + }, + { + "version_affected": "=", + "version_value": "3.4.8" + }, + { + "version_affected": "=", + "version_value": "3.4.9" + }, + { + "version_affected": "=", + "version_value": "3.4.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.261596", + "refsource": "MISC", + "name": "https://vuldb.com/?id.261596" + }, + { + "url": "https://vuldb.com/?ctiid.261596", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.261596" + }, + { + "url": "https://vuldb.com/?submit.312410", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.312410" + }, + { + "url": "https://github.com/COVESA/vsomeip/issues/663", + "refsource": "MISC", + "name": "https://github.com/COVESA/vsomeip/issues/663" + }, + { + "url": "https://github.com/COVESA/vsomeip/files/14904610/details.zip", + "refsource": "MISC", + "name": "https://github.com/COVESA/vsomeip/files/14904610/details.zip" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "xuguosheng (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.4, + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 3.2, + "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P" } ] }