From 289c6b06765ad380aa535823cb8f86f3aa523474 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 13:09:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/4xxx/CVE-2023-4459.json | 87 ++++++++++++ 2023/7xxx/CVE-2023-7192.json | 87 ++++++++++++ 2024/0xxx/CVE-2024-0646.json | 116 ++++++++++++++++ 2024/29xxx/CVE-2024-29091.json | 113 +++++++++++++++- 2024/29xxx/CVE-2024-29092.json | 113 +++++++++++++++- 2024/29xxx/CVE-2024-29093.json | 113 +++++++++++++++- 2024/29xxx/CVE-2024-29094.json | 113 +++++++++++++++- 2024/29xxx/CVE-2024-29095.json | 113 +++++++++++++++- 2024/29xxx/CVE-2024-29096.json | 113 +++++++++++++++- 2024/2xxx/CVE-2024-2182.json | 239 +++++++++++++++++++++++++-------- 2024/2xxx/CVE-2024-2442.json | 110 ++++++++++++++- 2024/2xxx/CVE-2024-2545.json | 8 +- 12 files changed, 1239 insertions(+), 86 deletions(-) diff --git a/2023/4xxx/CVE-2023-4459.json b/2023/4xxx/CVE-2023-4459.json index 878fe1755ce..5760fc7f8b4 100644 --- a/2023/4xxx/CVE-2023-4459.json +++ b/2023/4xxx/CVE-2023-4459.json @@ -60,6 +60,83 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-305.125.1.el8_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-305.125.1.rt7.201.el8_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-305.125.1.el8_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-305.125.1.el8_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "version": { @@ -244,6 +321,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1306" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1367", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1367" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1382", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1382" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4459", "refsource": "MISC", diff --git a/2023/7xxx/CVE-2023-7192.json b/2023/7xxx/CVE-2023-7192.json index 8a61cc24d57..445d330e56b 100644 --- a/2023/7xxx/CVE-2023-7192.json +++ b/2023/7xxx/CVE-2023-7192.json @@ -60,6 +60,83 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-305.125.1.el8_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-305.125.1.rt7.201.el8_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-305.125.1.el8_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-305.125.1.el8_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "version": { @@ -289,6 +366,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1306" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1367", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1367" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1382", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1382" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-7192", "refsource": "MISC", diff --git a/2024/0xxx/CVE-2024-0646.json b/2024/0xxx/CVE-2024-0646.json index 72cc573a4ae..9e492c35ef1 100644 --- a/2024/0xxx/CVE-2024-0646.json +++ b/2024/0xxx/CVE-2024-0646.json @@ -189,6 +189,89 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-305.125.1.el8_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-305.125.1.rt7.201.el8_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-305.125.1.el8_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-305.125.1.el8_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "version": { @@ -216,6 +299,19 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -506,6 +602,26 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1306" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1367", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1367" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1368", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1368" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1377", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1377" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1382", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1382" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0646", "refsource": "MISC", diff --git a/2024/29xxx/CVE-2024-29091.json b/2024/29xxx/CVE-2024-29091.json index 7ad1513d39b..482ca5a96d4 100644 --- a/2024/29xxx/CVE-2024-29091.json +++ b/2024/29xxx/CVE-2024-29091.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29091", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dnesscarkey WP Armour \u2013 Honeypot Anti Spam allows Reflected XSS.This issue affects WP Armour \u2013 Honeypot Anti Spam: from n/a through 2.1.13.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dnesscarkey", + "product": { + "product_data": [ + { + "product_name": "WP Armour \u2013 Honeypot Anti Spam", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.1.14", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.1.13", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/honeypot/wordpress-wp-armour-plugin-2-1-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/honeypot/wordpress-wp-armour-plugin-2-1-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.1.14 or a higher version." + } + ], + "value": "Update to 2.1.14 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29092.json b/2024/29xxx/CVE-2024-29092.json index 51f7185957a..2882e08e481 100644 --- a/2024/29xxx/CVE-2024-29092.json +++ b/2024/29xxx/CVE-2024-29092.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29092", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Maciej Bis", + "product": { + "product_data": [ + { + "product_name": "Permalink Manager Lite", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.4.3.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.4.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/permalink-manager/wordpress-permalink-manager-lite-plugin-2-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/permalink-manager/wordpress-permalink-manager-lite-plugin-2-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.4.3.1 or a higher version." + } + ], + "value": "Update to 2.4.3.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29093.json b/2024/29xxx/CVE-2024-29093.json index 3b4ba17f73e..b92b45c2f8d 100644 --- a/2024/29xxx/CVE-2024-29093.json +++ b/2024/29xxx/CVE-2024-29093.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29093", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes \u2013 ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes \u2013 ReviewShort: from n/a through 1.01.3.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tobias Conrad", + "product": { + "product_data": [ + { + "product_name": "Builder for WooCommerce reviews shortcodes \u2013 ReviewShort", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.01.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.01.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/woo-product-reviews-shortcode/wordpress-builder-for-woocommerce-reviews-shortcodes-reviewshort-plugin-1-01-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/woo-product-reviews-shortcode/wordpress-builder-for-woocommerce-reviews-shortcodes-reviewshort-plugin-1-01-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.01.4 or a higher version." + } + ], + "value": "Update to 1.01.4 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29094.json b/2024/29xxx/CVE-2024-29094.json index cb8be52377c..8e75e8b8ced 100644 --- a/2024/29xxx/CVE-2024-29094.json +++ b/2024/29xxx/CVE-2024-29094.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29094", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) allows Stored XSS.This issue affects HT Easy GA4 ( Google Analytics 4 ): from n/a through 1.1.7.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HasThemes", + "product": { + "product_data": [ + { + "product_name": "HT Easy GA4 ( Google Analytics 4 )", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.1.8", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.1.7", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/ht-easy-google-analytics/wordpress-ht-easy-ga4-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/ht-easy-google-analytics/wordpress-ht-easy-ga4-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.1.8 or a higher version." + } + ], + "value": "Update to 1.1.8 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Yudistira Arya (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29095.json b/2024/29xxx/CVE-2024-29095.json index a00b319a5a5..56b6026305c 100644 --- a/2024/29xxx/CVE-2024-29095.json +++ b/2024/29xxx/CVE-2024-29095.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29095", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Ryley Site Reviews allows Stored XSS.This issue affects Site Reviews: from n/a through 6.11.6.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Paul Ryley", + "product": { + "product_data": [ + { + "product_name": "Site Reviews", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.11.7", + "status": "unaffected" + } + ], + "lessThanOrEqual": "6.11.6", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/site-reviews/wordpress-site-reviews-plugin-6-11-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/site-reviews/wordpress-site-reviews-plugin-6-11-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 6.11.7 or a higher version." + } + ], + "value": "Update to 6.11.7 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "isacaya (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29096.json b/2024/29xxx/CVE-2024-29096.json index 3886c2602fd..bbecd4be122 100644 --- a/2024/29xxx/CVE-2024-29096.json +++ b/2024/29xxx/CVE-2024-29096.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29096", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Manning MJM Clinic.This issue affects MJM Clinic: from n/a through 1.1.22.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Matt Manning", + "product": { + "product_data": [ + { + "product_name": "MJM Clinic", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.1.23", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.1.22", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/mjm-clinic/wordpress-mjm-clinic-plugin-1-1-22-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/mjm-clinic/wordpress-mjm-clinic-plugin-1-1-22-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.1.23 or a higher version." + } + ], + "value": "Update to 1.1.23 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Faizal Abroni (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2182.json b/2024/2xxx/CVE-2024-2182.json index 01ec0546168..df5ec0d8f9d 100644 --- a/2024/2xxx/CVE-2024-2182.json +++ b/2024/2xxx/CVE-2024-2182.json @@ -76,6 +76,146 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:23.06.1-112.el8fdp", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:22.12.1-94.el8fdp", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:22.03.3-71.el8fdp", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:23.03.1-100.el8fdp", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:23.09.0-136.el9fdp", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:23.06.1-112.el9fdp", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:22.12.1-94.el9fdp", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:22.03.3-71.el9fdp", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:23.03.1-100.el9fdp", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Fast Datapath for RHEL 7", "version": { @@ -129,12 +269,6 @@ "defaultStatus": "unknown" } }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, { "version_value": "not down converted", "x_cve_json_5_version_data": { @@ -146,24 +280,6 @@ "x_cve_json_5_version_data": { "defaultStatus": "unknown" } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } } ] } @@ -178,12 +294,6 @@ "defaultStatus": "affected" } }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, { "version_value": "not down converted", "x_cve_json_5_version_data": { @@ -195,30 +305,6 @@ "x_cve_json_5_version_data": { "defaultStatus": "unknown" } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } } ] } @@ -294,6 +380,51 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:1385", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1385" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1386", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1386" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1387", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1387" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1388", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1388" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1390", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1390" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1391", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1391" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1392", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1392" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1393", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1393" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1394", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1394" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-2182", "refsource": "MISC", diff --git a/2024/2xxx/CVE-2024-2442.json b/2024/2xxx/CVE-2024-2442.json index 440c48e975b..ec078779045 100644 --- a/2024/2xxx/CVE-2024-2442.json +++ b/2024/2xxx/CVE-2024-2442.json @@ -1,17 +1,119 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2442", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nFranklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker to access sensitive files on the system.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-25 Path Traversal: '/../filedir'", + "cweId": "CWE-25" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Franklin Fueling System", + "product": { + "product_data": [ + { + "product_name": "EVO 550", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.26.3.8963" + } + ] + } + }, + { + "product_name": "EVO 5000", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.26.3.8963" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-079-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-079-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n

Franklin Fueling Systems released the following to fix this vulnerability:

For more information, contact Franklin Fueling System.

\n\n
" + } + ], + "value": "\nFranklin Fueling Systems released the following to fix this vulnerability:\n\n * EVO 550: 2.26.3.8963 https://www.franklinfueling.com/en/landing-pages/firmware/evo550-5000-firmware/ \n * EVO 5000: 2.26.3.8963 https://www.franklinfueling.com/en/landing-pages/firmware/evo550-5000-firmware/ \n\nFor more information, contact Franklin Fueling System https://www.franklinfueling.com/en/contact-us/ .\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Momen Eldawakhly of Samurai Digital Security Ltd reported this vulnerability to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2545.json b/2024/2xxx/CVE-2024-2545.json index de82cdf3197..441bc22974e 100644 --- a/2024/2xxx/CVE-2024-2545.json +++ b/2024/2xxx/CVE-2024-2545.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2545", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1730. Reason: This candidate is a duplicate of CVE-2024-1730. Notes: All CVE users should reference CVE-2024-1730 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] }