From 2f23474e17ea331b9ceb58d74d7b43f8ff58468c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 17 Dec 2024 19:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/12xxx/CVE-2024-12724.json | 18 ++++++++ 2024/12xxx/CVE-2024-12725.json | 18 ++++++++ 2024/12xxx/CVE-2024-12726.json | 18 ++++++++ 2024/12xxx/CVE-2024-12727.json | 18 ++++++++ 2024/12xxx/CVE-2024-12728.json | 18 ++++++++ 2024/12xxx/CVE-2024-12729.json | 18 ++++++++ 2024/12xxx/CVE-2024-12730.json | 18 ++++++++ 2024/45xxx/CVE-2024-45493.json | 2 +- 2024/45xxx/CVE-2024-45494.json | 2 +- 2024/51xxx/CVE-2024-51479.json | 81 ++++++++++++++++++++++++++++++++-- 2024/54xxx/CVE-2024-54662.json | 61 ++++++++++++++++++++++--- 2024/56xxx/CVE-2024-56139.json | 58 ++++++++++++++++++++++-- 2024/56xxx/CVE-2024-56156.json | 18 ++++++++ 2024/56xxx/CVE-2024-56157.json | 18 ++++++++ 2024/56xxx/CVE-2024-56158.json | 18 ++++++++ 2024/56xxx/CVE-2024-56159.json | 18 ++++++++ 2024/56xxx/CVE-2024-56160.json | 18 ++++++++ 17 files changed, 404 insertions(+), 16 deletions(-) create mode 100644 2024/12xxx/CVE-2024-12724.json create mode 100644 2024/12xxx/CVE-2024-12725.json create mode 100644 2024/12xxx/CVE-2024-12726.json create mode 100644 2024/12xxx/CVE-2024-12727.json create mode 100644 2024/12xxx/CVE-2024-12728.json create mode 100644 2024/12xxx/CVE-2024-12729.json create mode 100644 2024/12xxx/CVE-2024-12730.json create mode 100644 2024/56xxx/CVE-2024-56156.json create mode 100644 2024/56xxx/CVE-2024-56157.json create mode 100644 2024/56xxx/CVE-2024-56158.json create mode 100644 2024/56xxx/CVE-2024-56159.json create mode 100644 2024/56xxx/CVE-2024-56160.json diff --git a/2024/12xxx/CVE-2024-12724.json b/2024/12xxx/CVE-2024-12724.json new file mode 100644 index 00000000000..d6b2686f00e --- /dev/null +++ b/2024/12xxx/CVE-2024-12724.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12724", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12725.json b/2024/12xxx/CVE-2024-12725.json new file mode 100644 index 00000000000..b618de325fe --- /dev/null +++ b/2024/12xxx/CVE-2024-12725.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12725", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12726.json b/2024/12xxx/CVE-2024-12726.json new file mode 100644 index 00000000000..c6ca0220e5d --- /dev/null +++ b/2024/12xxx/CVE-2024-12726.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12726", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12727.json b/2024/12xxx/CVE-2024-12727.json new file mode 100644 index 00000000000..637f762b72c --- /dev/null +++ b/2024/12xxx/CVE-2024-12727.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12727", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12728.json b/2024/12xxx/CVE-2024-12728.json new file mode 100644 index 00000000000..3ee16a84607 --- /dev/null +++ b/2024/12xxx/CVE-2024-12728.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12728", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12729.json b/2024/12xxx/CVE-2024-12729.json new file mode 100644 index 00000000000..7ca34188834 --- /dev/null +++ b/2024/12xxx/CVE-2024-12729.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12729", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12730.json b/2024/12xxx/CVE-2024-12730.json new file mode 100644 index 00000000000..3fedfe05650 --- /dev/null +++ b/2024/12xxx/CVE-2024-12730.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12730", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/45xxx/CVE-2024-45493.json b/2024/45xxx/CVE-2024-45493.json index c6b7fc1ab5c..9755f4770fe 100644 --- a/2024/45xxx/CVE-2024-45493.json +++ b/2024/45xxx/CVE-2024-45493.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in MSA Safety FieldServer Gateways and Embedded Modules with build revisions before 7.0.0. The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for this, which might allow them to authenticate with an internal user account from the network (if they know their password)." + "value": "An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for this, which might allow them to authenticate with an internal user account from the network (if they know their password)." } ] }, diff --git a/2024/45xxx/CVE-2024-45494.json b/2024/45xxx/CVE-2024-45494.json index ef56f8b905c..cdc2cdde5ee 100644 --- a/2024/45xxx/CVE-2024-45494.json +++ b/2024/45xxx/CVE-2024-45494.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in MSA Safety FieldServer Gateways and Embedded Modules with build revisions before 7.0.0. The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions." + "value": "An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions." } ] }, diff --git a/2024/51xxx/CVE-2024-51479.json b/2024/51xxx/CVE-2024-51479.json index e88cfc633ca..76caf2822dd 100644 --- a/2024/51xxx/CVE-2024-51479.json +++ b/2024/51xxx/CVE-2024-51479.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51479", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vercel", + "product": { + "product_data": [ + { + "product_name": "next.js", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 9.5.5, < 14.2.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f", + "refsource": "MISC", + "name": "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f" + }, + { + "url": "https://github.com/vercel/next.js/releases/tag/v14.2.15", + "refsource": "MISC", + "name": "https://github.com/vercel/next.js/releases/tag/v14.2.15" + } + ] + }, + "source": { + "advisory": "GHSA-7gfc-8cq8-jh5f", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/54xxx/CVE-2024-54662.json b/2024/54xxx/CVE-2024-54662.json index f4e8545a765..3b8c786bb3c 100644 --- a/2024/54xxx/CVE-2024-54662.json +++ b/2024/54xxx/CVE-2024-54662.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-54662", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-54662", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.inet.no/dante/", + "refsource": "MISC", + "name": "https://www.inet.no/dante/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.inet.no/dante/advisory-2024-12-16.txt", + "url": "https://www.inet.no/dante/advisory-2024-12-16.txt" } ] } diff --git a/2024/56xxx/CVE-2024-56139.json b/2024/56xxx/CVE-2024-56139.json index 728d06704a3..4020635707f 100644 --- a/2024/56xxx/CVE-2024-56139.json +++ b/2024/56xxx/CVE-2024-56139.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-56139", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has not yet been addressed and users are advised to avoid untrusted input to their systems." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "leonhad", + "product": { + "product_data": [ + { + "product_name": "pdftools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 0.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/leonhad/pdftools/security/advisories/GHSA-hgvf-4pf3-fwc9", + "refsource": "MISC", + "name": "https://github.com/leonhad/pdftools/security/advisories/GHSA-hgvf-4pf3-fwc9" + } + ] + }, + "source": { + "advisory": "GHSA-hgvf-4pf3-fwc9", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56156.json b/2024/56xxx/CVE-2024-56156.json new file mode 100644 index 00000000000..7155cbf059d --- /dev/null +++ b/2024/56xxx/CVE-2024-56156.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-56156", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56157.json b/2024/56xxx/CVE-2024-56157.json new file mode 100644 index 00000000000..0b3245e90d9 --- /dev/null +++ b/2024/56xxx/CVE-2024-56157.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-56157", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56158.json b/2024/56xxx/CVE-2024-56158.json new file mode 100644 index 00000000000..2eae7fd112c --- /dev/null +++ b/2024/56xxx/CVE-2024-56158.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-56158", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56159.json b/2024/56xxx/CVE-2024-56159.json new file mode 100644 index 00000000000..573cc77a15d --- /dev/null +++ b/2024/56xxx/CVE-2024-56159.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-56159", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56160.json b/2024/56xxx/CVE-2024-56160.json new file mode 100644 index 00000000000..d35be323104 --- /dev/null +++ b/2024/56xxx/CVE-2024-56160.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-56160", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file