From 2b3a12aef6b53512896a08f7f0b9cf8e04fb6c6e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 5 Jun 2024 17:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/5xxx/CVE-2020-5245.json | 142 +++++++++++++++++---------------- 2023/47xxx/CVE-2023-47245.json | 34 +++++++- 2023/6xxx/CVE-2023-6240.json | 15 +++- 2024/0xxx/CVE-2024-0340.json | 15 +++- 2024/1xxx/CVE-2024-1459.json | 21 ++--- 2024/1xxx/CVE-2024-1635.json | 2 +- 2024/20xxx/CVE-2024-20404.json | 126 ++++++++++++++++++++++++++++- 2024/20xxx/CVE-2024-20405.json | 126 ++++++++++++++++++++++++++++- 2024/33xxx/CVE-2024-33542.json | 36 ++++++++- 2024/33xxx/CVE-2024-33679.json | 36 ++++++++- 2024/35xxx/CVE-2024-35674.json | 113 +++++++++++++++++++++++++- 2024/3xxx/CVE-2024-3154.json | 28 ++++++- 2024/5xxx/CVE-2024-5655.json | 18 +++++ 2024/5xxx/CVE-2024-5656.json | 18 +++++ 2024/5xxx/CVE-2024-5657.json | 18 +++++ 2024/5xxx/CVE-2024-5658.json | 18 +++++ 2024/5xxx/CVE-2024-5659.json | 18 +++++ 2024/5xxx/CVE-2024-5660.json | 18 +++++ 18 files changed, 692 insertions(+), 110 deletions(-) create mode 100644 2024/5xxx/CVE-2024-5655.json create mode 100644 2024/5xxx/CVE-2024-5656.json create mode 100644 2024/5xxx/CVE-2024-5657.json create mode 100644 2024/5xxx/CVE-2024-5658.json create mode 100644 2024/5xxx/CVE-2024-5659.json create mode 100644 2024/5xxx/CVE-2024-5660.json diff --git a/2020/5xxx/CVE-2020-5245.json b/2020/5xxx/CVE-2020-5245.json index f164e778fbd..0c5a4324a7b 100644 --- a/2020/5xxx/CVE-2020-5245.json +++ b/2020/5xxx/CVE-2020-5245.json @@ -1,121 +1,125 @@ { - "CVE_data_meta": { - "ASSIGNER": "security-advisories@github.com", - "ID": "CVE-2020-5245", - "STATE": "PUBLIC", - "TITLE": "Remote Code Execution (RCE) vulnerability in dropwizard-validation" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "dropwizard-validation", - "version": { - "version_data": [ - { - "version_value": "< 1.3.19" - }, - { - "version_value": ">= 2.0.0, < 2.0.2" - } - ] - } - } - ] - }, - "vendor_name": "dropwizard" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-5245", + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2." + "value": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature.\n\nThe issue has been fixed in dropwizard-validation 1.3.19 and 2.0.2." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.9, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')" + "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + "cweId": "CWE-74" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dropwizard", + "product": { + "product_data": [ + { + "product_name": "dropwizard-validation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.3.0, < 1.3.19" + }, + { + "version_affected": "=", + "version_value": ">= 2.0.0, < 2.0.2" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", + "url": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf", "refsource": "MISC", - "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" + "name": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf" }, { - "name": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf", - "refsource": "CONFIRM", - "url": "https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf" + "url": "https://github.com/dropwizard/dropwizard/pull/3157", + "refsource": "MISC", + "name": "https://github.com/dropwizard/dropwizard/pull/3157" }, { - "name": "https://github.com/dropwizard/dropwizard/pull/3157", + "url": "https://github.com/dropwizard/dropwizard/pull/3160", "refsource": "MISC", - "url": "https://github.com/dropwizard/dropwizard/pull/3157" + "name": "https://github.com/dropwizard/dropwizard/pull/3160" }, { - "name": "https://github.com/dropwizard/dropwizard/pull/3160", + "url": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236", "refsource": "MISC", - "url": "https://github.com/dropwizard/dropwizard/pull/3160" + "name": "https://github.com/dropwizard/dropwizard/commit/28479f743a9d0aab6d0e963fc07f3dd98e8c8236" }, { - "name": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634", + "url": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634", "refsource": "MISC", - "url": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634" + "name": "https://github.com/dropwizard/dropwizard/commit/d87d1e4f8e20f6494c0232bf8560c961b46db634" }, { - "name": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation", + "url": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation", "refsource": "MISC", - "url": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation" + "name": "https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation" }, { - "name": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions", + "url": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions", "refsource": "MISC", - "url": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions" + "name": "https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions" }, { - "name": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm", + "url": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm", "refsource": "MISC", - "url": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm" + "name": "https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm" } ] }, "source": { "advisory": "GHSA-3mcp-9wr4-cjqf", "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2023/47xxx/CVE-2023-47245.json b/2023/47xxx/CVE-2023-47245.json index 3f69ed010f2..0821e3383d1 100644 --- a/2023/47xxx/CVE-2023-47245.json +++ b/2023/47xxx/CVE-2023-47245.json @@ -40,9 +40,24 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.7" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.7.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.7", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } } ] } @@ -68,6 +83,19 @@ "source": { "discovery": "EXTERNAL" }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.7.1 or a higher version." + } + ], + "value": "Update to\u00a01.7.1 or a higher version." + } + ], "credits": [ { "lang": "en", diff --git a/2023/6xxx/CVE-2023-6240.json b/2023/6xxx/CVE-2023-6240.json index a212ed4e02b..ef9179934e8 100644 --- a/2023/6xxx/CVE-2023-6240.json +++ b/2023/6xxx/CVE-2023-6240.json @@ -44,7 +44,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:4.18.0-553.5.1.el8_10", + "version": "0:4.18.0-553.5.1.rt7.346.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -56,6 +56,14 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-553.5.1.el8_10", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } @@ -243,6 +251,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:3618" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:3627", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3627" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6240", "refsource": "MISC", diff --git a/2024/0xxx/CVE-2024-0340.json b/2024/0xxx/CVE-2024-0340.json index fb0f4bad942..1a0e9ad44cd 100644 --- a/2024/0xxx/CVE-2024-0340.json +++ b/2024/0xxx/CVE-2024-0340.json @@ -44,7 +44,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:4.18.0-553.5.1.el8_10", + "version": "0:4.18.0-553.5.1.rt7.346.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -56,6 +56,14 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-553.5.1.el8_10", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } @@ -126,6 +134,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:3618" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:3627", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3627" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0340", "refsource": "MISC", diff --git a/2024/1xxx/CVE-2024-1459.json b/2024/1xxx/CVE-2024-1459.json index 3582a85e862..ff27be271ba 100644 --- a/2024/1xxx/CVE-2024-1459.json +++ b/2024/1xxx/CVE-2024-1459.json @@ -36,7 +36,7 @@ "product": { "product_data": [ { - "product_name": "Red Hat JBoss Enterprise Application Platform 7.1.0", + "product_name": "Red Hat JBoss Enterprise Application Platform 7", "version": { "version_data": [ { @@ -44,6 +44,12 @@ "x_cve_json_5_version_data": { "defaultStatus": "unaffected" } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } } ] } @@ -155,19 +161,6 @@ ] } }, - { - "product_name": "Red Hat JBoss Enterprise Application Platform 7", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat JBoss Fuse 6", "version": { diff --git a/2024/1xxx/CVE-2024-1635.json b/2024/1xxx/CVE-2024-1635.json index dca612ddb78..de970ca8532 100644 --- a/2024/1xxx/CVE-2024-1635.json +++ b/2024/1xxx/CVE-2024-1635.json @@ -36,7 +36,7 @@ "product": { "product_data": [ { - "product_name": "Red Hat JBoss Enterprise Application Platform 7.1.0", + "product_name": "Red Hat JBoss Enterprise Application Platform 7", "version": { "version_data": [ { diff --git a/2024/20xxx/CVE-2024-20404.json b/2024/20xxx/CVE-2024-20404.json index dfd100c1735..ceceafa0ea1 100644 --- a/2024/20xxx/CVE-2024-20404.json +++ b/2024/20xxx/CVE-2024-20404.json @@ -1,17 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20404", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system.\r\n\r This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for services that are associated to the affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Contact Center Enterprise", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Cisco Unified Contact Center Express", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Cisco Finesse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.6(2)" + }, + { + "version_affected": "=", + "version_value": "12.6(2)ES1" + }, + { + "version_affected": "=", + "version_value": "12.6(2)ES2" + } + ] + } + }, + { + "product_name": "Cisco Packaged Contact Center Enterprise", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew" + } + ] + }, + "source": { + "advisory": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew", + "discovery": "EXTERNAL", + "defects": [ + "CSCwh95292" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" } ] } diff --git a/2024/20xxx/CVE-2024-20405.json b/2024/20xxx/CVE-2024-20405.json index 460df389c40..9a6445d6d3d 100644 --- a/2024/20xxx/CVE-2024-20405.json +++ b/2024/20xxx/CVE-2024-20405.json @@ -1,17 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20405", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. \r\n\r This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Contact Center Enterprise", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Cisco Unified Contact Center Express", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Cisco Finesse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.6(2)" + }, + { + "version_affected": "=", + "version_value": "12.6(2)ES1" + }, + { + "version_affected": "=", + "version_value": "12.6(2)ES2" + } + ] + } + }, + { + "product_name": "Cisco Packaged Contact Center Enterprise", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "N/A" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew" + } + ] + }, + "source": { + "advisory": "cisco-sa-finesse-ssrf-rfi-Um7wT8Ew", + "discovery": "EXTERNAL", + "defects": [ + "CSCwh95276" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" } ] } diff --git a/2024/33xxx/CVE-2024-33542.json b/2024/33xxx/CVE-2024-33542.json index 2c26d1eb152..e05fa5febdb 100644 --- a/2024/33xxx/CVE-2024-33542.json +++ b/2024/33xxx/CVE-2024-33542.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5.\n\n" + "value": "Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5." } ] }, @@ -40,9 +40,24 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.4.5" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.4.6", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.4.5", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } } ] } @@ -68,6 +83,19 @@ "source": { "discovery": "EXTERNAL" }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.4.6 or a higher version." + } + ], + "value": "Update to\u00a01.4.6 or a higher version." + } + ], "credits": [ { "lang": "en", diff --git a/2024/33xxx/CVE-2024-33679.json b/2024/33xxx/CVE-2024-33679.json index c0c0a578f0b..6fc42b2b1b4 100644 --- a/2024/33xxx/CVE-2024-33679.json +++ b/2024/33xxx/CVE-2024-33679.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5.\n\n" + "value": "Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5." } ] }, @@ -40,9 +40,24 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "n/a", - "version_value": "1.1.5" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.1.6", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.1.5", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } } ] } @@ -68,6 +83,19 @@ "source": { "discovery": "EXTERNAL" }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.1.6 or a higher version." + } + ], + "value": "Update to\u00a01.1.6 or a higher version." + } + ], "credits": [ { "lang": "en", diff --git a/2024/35xxx/CVE-2024-35674.json b/2024/35xxx/CVE-2024-35674.json index f6ae3c37ee8..de24d2da7f5 100644 --- a/2024/35xxx/CVE-2024-35674.json +++ b/2024/35xxx/CVE-2024-35674.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35674", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.109." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unlimited Elements", + "product": { + "product_data": [ + { + "product_name": "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.5.110", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.5.109", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-109-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-109-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.5.110 or a higher version." + } + ], + "value": "Update to 1.5.110 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Khalid (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3154.json b/2024/3xxx/CVE-2024-3154.json index 0d028003092..8071ed137bb 100644 --- a/2024/3xxx/CVE-2024-3154.json +++ b/2024/3xxx/CVE-2024-3154.json @@ -56,6 +56,27 @@ ] } }, + { + "product_name": "Red Hat OpenShift Container Platform 4.13", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:1.26.5-16.2.rhaos4.13.git67e2a9d.el8", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat OpenShift Container Platform 4.14", "version": { @@ -65,7 +86,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.27.6-2.rhaos4.14.gitb3bd0bf.el8", + "version": "0:1.27.6-2.rhaos4.14.gitb3bd0bf.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -134,6 +155,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:2784" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:3496", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:3496" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-3154", "refsource": "MISC", diff --git a/2024/5xxx/CVE-2024-5655.json b/2024/5xxx/CVE-2024-5655.json new file mode 100644 index 00000000000..5c6d4e2b034 --- /dev/null +++ b/2024/5xxx/CVE-2024-5655.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5655", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5656.json b/2024/5xxx/CVE-2024-5656.json new file mode 100644 index 00000000000..aec5f9b8cf1 --- /dev/null +++ b/2024/5xxx/CVE-2024-5656.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5656", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5657.json b/2024/5xxx/CVE-2024-5657.json new file mode 100644 index 00000000000..dceed4c82aa --- /dev/null +++ b/2024/5xxx/CVE-2024-5657.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5657", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5658.json b/2024/5xxx/CVE-2024-5658.json new file mode 100644 index 00000000000..47fd47de529 --- /dev/null +++ b/2024/5xxx/CVE-2024-5658.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5658", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5659.json b/2024/5xxx/CVE-2024-5659.json new file mode 100644 index 00000000000..ae69a1aa48e --- /dev/null +++ b/2024/5xxx/CVE-2024-5659.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5659", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5660.json b/2024/5xxx/CVE-2024-5660.json new file mode 100644 index 00000000000..932f0469eaf --- /dev/null +++ b/2024/5xxx/CVE-2024-5660.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5660", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file