diff --git a/2023/51xxx/CVE-2023-51519.json b/2023/51xxx/CVE-2023-51519.json index 8b1951fee21..2a40b5dd8ac 100644 --- a/2023/51xxx/CVE-2023-51519.json +++ b/2023/51xxx/CVE-2023-51519.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through 2.7.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Soliloquy Team", + "product": { + "product_data": [ + { + "product_name": "Slider by Soliloquy", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.7.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.7.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/soliloquy-lite/wordpress-slider-by-soliloquy-responsive-image-slider-for-wordpress-plugin-2-7-2-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/soliloquy-lite/wordpress-slider-by-soliloquy-responsive-image-slider-for-wordpress-plugin-2-7-2-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.7.3 or a higher version." + } + ], + "value": "Update to 2.7.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abdi Pranata (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/51xxx/CVE-2023-51682.json b/2023/51xxx/CVE-2023-51682.json index 1ea4711a6a0..a77b1ca3112 100644 --- a/2023/51xxx/CVE-2023-51682.json +++ b/2023/51xxx/CVE-2023-51682.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51682", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ibericode", + "product": { + "product_data": [ + { + "product_name": "MC4WP", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.9.10", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.9.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/mailchimp-for-wp/wordpress-mc4wp-plugin-4-9-9-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/mailchimp-for-wp/wordpress-mc4wp-plugin-4-9-9-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.9.10 or a higher version." + } + ], + "value": "Update to 4.9.10 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/20xxx/CVE-2024-20671.json b/2024/20xxx/CVE-2024-20671.json index 5c5691b0329..14e03e06547 100644 --- a/2024/20xxx/CVE-2024-20671.json +++ b/2024/20xxx/CVE-2024-20671.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Security Feature Bypass" + "value": "CWE-276: Incorrect Default Permissions", + "cweId": "CWE-276" } ] } diff --git a/2024/20xxx/CVE-2024-20673.json b/2024/20xxx/CVE-2024-20673.json index c384394f8ad..e5aa9b23239 100644 --- a/2024/20xxx/CVE-2024-20673.json +++ b/2024/20xxx/CVE-2024-20673.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Remote Code Execution" + "value": "CWE-693: Protection Mechanism Failure", + "cweId": "CWE-693" } ] } diff --git a/2024/21xxx/CVE-2024-21304.json b/2024/21xxx/CVE-2024-21304.json index 2b08612c9b1..77cf6d1f149 100644 --- a/2024/21xxx/CVE-2024-21304.json +++ b/2024/21xxx/CVE-2024-21304.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Elevation of Privilege" + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" } ] } diff --git a/2024/21xxx/CVE-2024-21351.json b/2024/21xxx/CVE-2024-21351.json index bedb5fbdf2a..0eb5220458b 100644 --- a/2024/21xxx/CVE-2024-21351.json +++ b/2024/21xxx/CVE-2024-21351.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Security Feature Bypass" + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" } ] } diff --git a/2024/21xxx/CVE-2024-21399.json b/2024/21xxx/CVE-2024-21399.json index c13e9f1621d..f0be4bdab5b 100644 --- a/2024/21xxx/CVE-2024-21399.json +++ b/2024/21xxx/CVE-2024-21399.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Remote Code Execution" + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" } ] } diff --git a/2024/21xxx/CVE-2024-21408.json b/2024/21xxx/CVE-2024-21408.json index fafba9db0e3..ede66e4bd79 100644 --- a/2024/21xxx/CVE-2024-21408.json +++ b/2024/21xxx/CVE-2024-21408.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Denial of Service" + "value": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", + "cweId": "CWE-835" } ] } diff --git a/2024/21xxx/CVE-2024-21411.json b/2024/21xxx/CVE-2024-21411.json index 4e08f04d4a6..15ee2d04a96 100644 --- a/2024/21xxx/CVE-2024-21411.json +++ b/2024/21xxx/CVE-2024-21411.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Remote Code Execution" + "value": "CWE-453: Insecure Default Variable Initialization", + "cweId": "CWE-453" } ] } diff --git a/2024/21xxx/CVE-2024-21412.json b/2024/21xxx/CVE-2024-21412.json index 6cc6e74658b..fc42d23c510 100644 --- a/2024/21xxx/CVE-2024-21412.json +++ b/2024/21xxx/CVE-2024-21412.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Security Feature Bypass" + "value": "CWE-693: Protection Mechanism Failure", + "cweId": "CWE-693" } ] } diff --git a/2024/21xxx/CVE-2024-21421.json b/2024/21xxx/CVE-2024-21421.json index 1d9511407c4..3b2734faa63 100644 --- a/2024/21xxx/CVE-2024-21421.json +++ b/2024/21xxx/CVE-2024-21421.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Spoofing" + "value": "CWE-1395: Dependency on Vulnerable Third-Party Component", + "cweId": "CWE-1395" } ] } diff --git a/2024/21xxx/CVE-2024-21423.json b/2024/21xxx/CVE-2024-21423.json index f8f2ea47e29..2288c7c3f00 100644 --- a/2024/21xxx/CVE-2024-21423.json +++ b/2024/21xxx/CVE-2024-21423.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Information Disclosure" + "value": "CWE-693: Protection Mechanism Failure", + "cweId": "CWE-693" } ] } diff --git a/2024/21xxx/CVE-2024-21431.json b/2024/21xxx/CVE-2024-21431.json index 55e7a879792..bf154a0d16c 100644 --- a/2024/21xxx/CVE-2024-21431.json +++ b/2024/21xxx/CVE-2024-21431.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Security Feature Bypass" + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" } ] } diff --git a/2024/21xxx/CVE-2024-21433.json b/2024/21xxx/CVE-2024-21433.json index 57f85ce46f7..cfea999c30c 100644 --- a/2024/21xxx/CVE-2024-21433.json +++ b/2024/21xxx/CVE-2024-21433.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Elevation of Privilege" + "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition", + "cweId": "CWE-367" } ] } diff --git a/2024/23xxx/CVE-2024-23521.json b/2024/23xxx/CVE-2024-23521.json index d3e0f0b086b..afd1228d7d3 100644 --- a/2024/23xxx/CVE-2024-23521.json +++ b/2024/23xxx/CVE-2024-23521.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Happyforms", + "product": { + "product_data": [ + { + "product_name": "Happyforms", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.25.11", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.25.10", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/happyforms/wordpress-happyforms-plugin-1-25-10-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/happyforms/wordpress-happyforms-plugin-1-25-10-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.25.11 or a higher version." + } + ], + "value": "Update to 1.25.11 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Revan Arifio (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/26xxx/CVE-2024-26163.json b/2024/26xxx/CVE-2024-26163.json index 184ce4a107f..b77d00cec61 100644 --- a/2024/26xxx/CVE-2024-26163.json +++ b/2024/26xxx/CVE-2024-26163.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Security Feature Bypass" + "value": "CWE-693: Protection Mechanism Failure", + "cweId": "CWE-693" } ] } @@ -45,6 +46,18 @@ } ] } + }, + { + "product_name": "Microsoft Edge (Chromium-based) Extended Stable", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "122.0.2365.92" + } + ] + } } ] } diff --git a/2024/26xxx/CVE-2024-26165.json b/2024/26xxx/CVE-2024-26165.json index 132afe9aeea..8e8210eefb0 100644 --- a/2024/26xxx/CVE-2024-26165.json +++ b/2024/26xxx/CVE-2024-26165.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Elevation of Privilege" + "value": "CWE-256: Plaintext Storage of a Password", + "cweId": "CWE-256" } ] } diff --git a/2024/26xxx/CVE-2024-26167.json b/2024/26xxx/CVE-2024-26167.json index 0fdec9b54dc..4008d48c6a4 100644 --- a/2024/26xxx/CVE-2024-26167.json +++ b/2024/26xxx/CVE-2024-26167.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Spoofing" + "value": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames", + "cweId": "CWE-1021" } ] } diff --git a/2024/26xxx/CVE-2024-26173.json b/2024/26xxx/CVE-2024-26173.json index ac01844e67c..53e25c5616a 100644 --- a/2024/26xxx/CVE-2024-26173.json +++ b/2024/26xxx/CVE-2024-26173.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Elevation of Privilege" + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" } ] } diff --git a/2024/26xxx/CVE-2024-26181.json b/2024/26xxx/CVE-2024-26181.json index 3464b68a3f9..b50b752cb89 100644 --- a/2024/26xxx/CVE-2024-26181.json +++ b/2024/26xxx/CVE-2024-26181.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Denial of Service" + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" } ] } diff --git a/2024/26xxx/CVE-2024-26188.json b/2024/26xxx/CVE-2024-26188.json index 41df3873092..99ebdf9fdf1 100644 --- a/2024/26xxx/CVE-2024-26188.json +++ b/2024/26xxx/CVE-2024-26188.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Spoofing" + "value": "CWE-357: Insufficient UI Warning of Dangerous Operations", + "cweId": "CWE-357" } ] } diff --git a/2024/26xxx/CVE-2024-26192.json b/2024/26xxx/CVE-2024-26192.json index ed4aeb30ada..66870bbb217 100644 --- a/2024/26xxx/CVE-2024-26192.json +++ b/2024/26xxx/CVE-2024-26192.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Information Disclosure" + "value": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", + "cweId": "CWE-359" } ] } diff --git a/2024/26xxx/CVE-2024-26196.json b/2024/26xxx/CVE-2024-26196.json index 92f72bce7b1..d4bbfdcef68 100644 --- a/2024/26xxx/CVE-2024-26196.json +++ b/2024/26xxx/CVE-2024-26196.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Information Disclosure" + "value": "CWE-259: Use of Hard-coded Password", + "cweId": "CWE-259" } ] } diff --git a/2024/26xxx/CVE-2024-26210.json b/2024/26xxx/CVE-2024-26210.json index dd416eb7d6c..d10a6769b4b 100644 --- a/2024/26xxx/CVE-2024-26210.json +++ b/2024/26xxx/CVE-2024-26210.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability" + "value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability" } ] }, diff --git a/2024/26xxx/CVE-2024-26244.json b/2024/26xxx/CVE-2024-26244.json index 9e97b67011d..10f1b47f7d8 100644 --- a/2024/26xxx/CVE-2024-26244.json +++ b/2024/26xxx/CVE-2024-26244.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability" + "value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability" } ] }, diff --git a/2024/26xxx/CVE-2024-26246.json b/2024/26xxx/CVE-2024-26246.json index 3c7b7572111..3de181bfd49 100644 --- a/2024/26xxx/CVE-2024-26246.json +++ b/2024/26xxx/CVE-2024-26246.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Security Feature Bypass" + "value": "CWE-1220: Insufficient Granularity of Access Control", + "cweId": "CWE-1220" } ] } diff --git a/2024/26xxx/CVE-2024-26247.json b/2024/26xxx/CVE-2024-26247.json index 54b56301f79..467a55105c8 100644 --- a/2024/26xxx/CVE-2024-26247.json +++ b/2024/26xxx/CVE-2024-26247.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Security Feature Bypass" + "value": "CWE-269: Improper Privilege Management", + "cweId": "CWE-269" } ] } diff --git a/2024/26xxx/CVE-2024-26256.json b/2024/26xxx/CVE-2024-26256.json index 43905b9540e..771064910d3 100644 --- a/2024/26xxx/CVE-2024-26256.json +++ b/2024/26xxx/CVE-2024-26256.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "libarchive Remote Code Execution Vulnerability" + "value": "Libarchive Remote Code Execution Vulnerability" } ] }, diff --git a/2024/29xxx/CVE-2024-29057.json b/2024/29xxx/CVE-2024-29057.json index 14c4f42b310..3d62b0747f5 100644 --- a/2024/29xxx/CVE-2024-29057.json +++ b/2024/29xxx/CVE-2024-29057.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Spoofing" + "value": "CWE-357: Insufficient UI Warning of Dangerous Operations", + "cweId": "CWE-357" } ] } diff --git a/2024/29xxx/CVE-2024-29987.json b/2024/29xxx/CVE-2024-29987.json index 32345539724..5319cb802c5 100644 --- a/2024/29xxx/CVE-2024-29987.json +++ b/2024/29xxx/CVE-2024-29987.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Information Disclosure" + "value": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", + "cweId": "CWE-359" } ] } diff --git a/2024/30xxx/CVE-2024-30050.json b/2024/30xxx/CVE-2024-30050.json index 3ebc94d1819..1554ba71330 100644 --- a/2024/30xxx/CVE-2024-30050.json +++ b/2024/30xxx/CVE-2024-30050.json @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "Security Feature Bypass" + "value": "CWE-693: Protection Mechanism Failure", + "cweId": "CWE-693" } ] } diff --git a/2024/32xxx/CVE-2024-32144.json b/2024/32xxx/CVE-2024-32144.json index 158db997f89..9b1abd8df87 100644 --- a/2024/32xxx/CVE-2024-32144.json +++ b/2024/32xxx/CVE-2024-32144.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32144", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Welcart Inc.", + "product": { + "product_data": [ + { + "product_name": "Welcart e-Commerce", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.10.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.9.14", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-9-14-broken-access-control-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-9-14-broken-access-control-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.10.0 or a higher version." + } + ], + "value": "Update to 2.10.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "emad (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/34xxx/CVE-2024-34822.json b/2024/34xxx/CVE-2024-34822.json index f49f678f725..2178a4c18b8 100644 --- a/2024/34xxx/CVE-2024-34822.json +++ b/2024/34xxx/CVE-2024-34822.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34822", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "weDevs", + "product": { + "product_data": [ + { + "product_name": "weMail", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.14.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.14.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wemail/wordpress-wemail-plugin-1-14-2-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wemail/wordpress-wemail-plugin-1-14-2-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.14.3 or a higher version." + } + ], + "value": "Update to 1.14.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/34xxx/CVE-2024-34826.json b/2024/34xxx/CVE-2024-34826.json index 09469a1b489..bf533e86d63 100644 --- a/2024/34xxx/CVE-2024-34826.json +++ b/2024/34xxx/CVE-2024-34826.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34826", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW Styler: from n/a through 1.6.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tobias Conrad", + "product": { + "product_data": [ + { + "product_name": "Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW Styler", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.6.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.6.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/cf7-styler/wordpress-cf7-wow-styler-plugin-1-6-4-broken-access-control-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/cf7-styler/wordpress-cf7-wow-styler-plugin-1-6-4-broken-access-control-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.6.5 or a higher version." + } + ], + "value": "Update to 1.6.5 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dhabaleshwar Das (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/35xxx/CVE-2024-35235.json b/2024/35xxx/CVE-2024-35235.json index 06d8e06eb9d..2ac667be025 100644 --- a/2024/35xxx/CVE-2024-35235.json +++ b/2024/35xxx/CVE-2024-35235.json @@ -82,6 +82,11 @@ "url": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240", "refsource": "MISC", "name": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/06/11/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/06/11/1" } ] }, diff --git a/2024/35xxx/CVE-2024-35684.json b/2024/35xxx/CVE-2024-35684.json index 3f5a5962f98..9c0a1a9d64b 100644 --- a/2024/35xxx/CVE-2024-35684.json +++ b/2024/35xxx/CVE-2024-35684.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.This issue affects ElasticPress: from n/a through 5.1.0." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.This issue affects ElasticPress: from n/a through 5.1.1." } ] }, @@ -46,11 +46,11 @@ { "changes": [ { - "at": "5.1.1", + "at": "5.1.2", "status": "unaffected" } ], - "lessThanOrEqual": "5.1.0", + "lessThanOrEqual": "5.1.1", "status": "affected", "version": "n/a", "versionType": "custom" @@ -90,10 +90,10 @@ { "base64": false, "type": "text/html", - "value": "Update to 5.1.1 or a higher version." + "value": "Update to 5.1.2 or a higher version." } ], - "value": "Update to 5.1.1 or a higher version." + "value": "Update to\u00a05.1.2 or a higher version." } ], "credits": [ diff --git a/2024/36xxx/CVE-2024-36650.json b/2024/36xxx/CVE-2024-36650.json index f7e1719f201..89923bb7b3d 100644 --- a/2024/36xxx/CVE-2024-36650.json +++ b/2024/36xxx/CVE-2024-36650.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36650", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36650", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked. This can lead to a buffer overflow, allowing attackers to construct malicious HTTP or MQTT requests to cause a denial-of-service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://gist.github.com/Swind1er/f442fcac520a48c05c744c7b72362483", + "url": "https://gist.github.com/Swind1er/f442fcac520a48c05c744c7b72362483" } ] } diff --git a/2024/38xxx/CVE-2024-38000.json b/2024/38xxx/CVE-2024-38000.json new file mode 100644 index 00000000000..898a829d483 --- /dev/null +++ b/2024/38xxx/CVE-2024-38000.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38000", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38001.json b/2024/38xxx/CVE-2024-38001.json new file mode 100644 index 00000000000..92550de0dd4 --- /dev/null +++ b/2024/38xxx/CVE-2024-38001.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38001", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38002.json b/2024/38xxx/CVE-2024-38002.json new file mode 100644 index 00000000000..3c1ea5684cb --- /dev/null +++ b/2024/38xxx/CVE-2024-38002.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38002", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38003.json b/2024/38xxx/CVE-2024-38003.json new file mode 100644 index 00000000000..f35384b3a18 --- /dev/null +++ b/2024/38xxx/CVE-2024-38003.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38003", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38004.json b/2024/38xxx/CVE-2024-38004.json new file mode 100644 index 00000000000..fdb8d243738 --- /dev/null +++ b/2024/38xxx/CVE-2024-38004.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38004", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38005.json b/2024/38xxx/CVE-2024-38005.json new file mode 100644 index 00000000000..3cc0f93051f --- /dev/null +++ b/2024/38xxx/CVE-2024-38005.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38005", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38006.json b/2024/38xxx/CVE-2024-38006.json new file mode 100644 index 00000000000..3ac83776c00 --- /dev/null +++ b/2024/38xxx/CVE-2024-38006.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38006", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38007.json b/2024/38xxx/CVE-2024-38007.json new file mode 100644 index 00000000000..d7c224f97e5 --- /dev/null +++ b/2024/38xxx/CVE-2024-38007.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38007", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38008.json b/2024/38xxx/CVE-2024-38008.json new file mode 100644 index 00000000000..abf53feebd6 --- /dev/null +++ b/2024/38xxx/CVE-2024-38008.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38008", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38009.json b/2024/38xxx/CVE-2024-38009.json new file mode 100644 index 00000000000..8df2eec40ae --- /dev/null +++ b/2024/38xxx/CVE-2024-38009.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38009", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5812.json b/2024/5xxx/CVE-2024-5812.json index 6afabf4b650..c6a163b4f59 100644 --- a/2024/5xxx/CVE-2024-5812.json +++ b/2024/5xxx/CVE-2024-5812.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5812", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@beyondtrust.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-290 Authentication Bypass by Spoofing", + "cweId": "CWE-290" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "BeyondTrust", + "product": { + "product_data": [ + { + "product_name": "BeyondInsight PasswordSafe", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "24.1.0", + "version_value": "24.1.1" + }, + { + "version_affected": "<", + "version_name": "23.3.0", + "version_value": "23.3.0.959" + }, + { + "version_affected": "<", + "version_name": "23.2.0", + "version_value": "23.2.0.1293" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-07", + "refsource": "MISC", + "name": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-07" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/5xxx/CVE-2024-5813.json b/2024/5xxx/CVE-2024-5813.json index 565b18e52d6..a06dc382af3 100644 --- a/2024/5xxx/CVE-2024-5813.json +++ b/2024/5xxx/CVE-2024-5813.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5813", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@beyondtrust.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "BeyondTrust", + "product": { + "product_data": [ + { + "product_name": "BeyondInsight PasswordSafe", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "23.3", + "version_value": "23.3.0.929" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-08", + "refsource": "MISC", + "name": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-08" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/5xxx/CVE-2024-5865.json b/2024/5xxx/CVE-2024-5865.json new file mode 100644 index 00000000000..d34c67a267e --- /dev/null +++ b/2024/5xxx/CVE-2024-5865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5866.json b/2024/5xxx/CVE-2024-5866.json new file mode 100644 index 00000000000..e2f3a702d5a --- /dev/null +++ b/2024/5xxx/CVE-2024-5866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5867.json b/2024/5xxx/CVE-2024-5867.json new file mode 100644 index 00000000000..5ddf3f2b123 --- /dev/null +++ b/2024/5xxx/CVE-2024-5867.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5868.json b/2024/5xxx/CVE-2024-5868.json new file mode 100644 index 00000000000..35c0a2de9bc --- /dev/null +++ b/2024/5xxx/CVE-2024-5868.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5868", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5869.json b/2024/5xxx/CVE-2024-5869.json new file mode 100644 index 00000000000..a5402c7e667 --- /dev/null +++ b/2024/5xxx/CVE-2024-5869.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5869", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5870.json b/2024/5xxx/CVE-2024-5870.json new file mode 100644 index 00000000000..05c1161ba66 --- /dev/null +++ b/2024/5xxx/CVE-2024-5870.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5870", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5871.json b/2024/5xxx/CVE-2024-5871.json new file mode 100644 index 00000000000..d4edfad1ef3 --- /dev/null +++ b/2024/5xxx/CVE-2024-5871.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5871", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5872.json b/2024/5xxx/CVE-2024-5872.json new file mode 100644 index 00000000000..625da44d706 --- /dev/null +++ b/2024/5xxx/CVE-2024-5872.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5872", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file