From 33cf6362b791e2a16a43a4974c4bc7129f04dfd9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 1 Apr 2024 20:40:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/0xxx/CVE-2023-0943.json | 4 +- 2023/39xxx/CVE-2023-39325.json | 5 ++ 2023/52xxx/CVE-2023-52160.json | 5 ++ 2024/24xxx/CVE-2024-24246.json | 10 +++ 2024/26xxx/CVE-2024-26605.json | 4 +- 2024/26xxx/CVE-2024-26606.json | 9 +-- 2024/26xxx/CVE-2024-26607.json | 4 +- 2024/26xxx/CVE-2024-26608.json | 4 +- 2024/26xxx/CVE-2024-26609.json | 4 +- 2024/26xxx/CVE-2024-26610.json | 4 +- 2024/26xxx/CVE-2024-26611.json | 4 +- 2024/26xxx/CVE-2024-26612.json | 4 +- 2024/26xxx/CVE-2024-26613.json | 4 +- 2024/26xxx/CVE-2024-26614.json | 4 +- 2024/26xxx/CVE-2024-26615.json | 4 +- 2024/26xxx/CVE-2024-26616.json | 4 +- 2024/26xxx/CVE-2024-26617.json | 4 +- 2024/26xxx/CVE-2024-26618.json | 4 +- 2024/26xxx/CVE-2024-26619.json | 4 +- 2024/26xxx/CVE-2024-26620.json | 4 +- 2024/26xxx/CVE-2024-26621.json | 4 +- 2024/27xxx/CVE-2024-27698.json | 4 +- 2024/28xxx/CVE-2024-28089.json | 15 +++-- 2024/28xxx/CVE-2024-28755.json | 18 ++++++ 2024/28xxx/CVE-2024-28756.json | 18 ++++++ 2024/28xxx/CVE-2024-28757.json | 67 ++++++++++++++++++++ 2024/28xxx/CVE-2024-28758.json | 18 ++++++ 2024/28xxx/CVE-2024-28759.json | 18 ++++++ 2024/28xxx/CVE-2024-28760.json | 18 ++++++ 2024/28xxx/CVE-2024-28761.json | 18 ++++++ 2024/28xxx/CVE-2024-28762.json | 18 ++++++ 2024/28xxx/CVE-2024-28763.json | 18 ++++++ 2024/28xxx/CVE-2024-28764.json | 18 ++++++ 2024/28xxx/CVE-2024-28765.json | 18 ++++++ 2024/28xxx/CVE-2024-28766.json | 18 ++++++ 2024/28xxx/CVE-2024-28767.json | 18 ++++++ 2024/28xxx/CVE-2024-28768.json | 18 ++++++ 2024/28xxx/CVE-2024-28769.json | 18 ++++++ 2024/28xxx/CVE-2024-28770.json | 18 ++++++ 2024/28xxx/CVE-2024-28771.json | 18 ++++++ 2024/28xxx/CVE-2024-28772.json | 18 ++++++ 2024/28xxx/CVE-2024-28773.json | 18 ++++++ 2024/28xxx/CVE-2024-28774.json | 18 ++++++ 2024/28xxx/CVE-2024-28775.json | 18 ++++++ 2024/28xxx/CVE-2024-28776.json | 18 ++++++ 2024/28xxx/CVE-2024-28777.json | 18 ++++++ 2024/28xxx/CVE-2024-28778.json | 18 ++++++ 2024/28xxx/CVE-2024-28779.json | 18 ++++++ 2024/28xxx/CVE-2024-28780.json | 18 ++++++ 2024/28xxx/CVE-2024-28781.json | 18 ++++++ 2024/28xxx/CVE-2024-28782.json | 18 ++++++ 2024/28xxx/CVE-2024-28783.json | 18 ++++++ 2024/28xxx/CVE-2024-28784.json | 18 ++++++ 2024/28xxx/CVE-2024-28785.json | 18 ++++++ 2024/28xxx/CVE-2024-28786.json | 18 ++++++ 2024/28xxx/CVE-2024-28787.json | 18 ++++++ 2024/28xxx/CVE-2024-28788.json | 18 ++++++ 2024/28xxx/CVE-2024-28789.json | 18 ++++++ 2024/28xxx/CVE-2024-28790.json | 18 ++++++ 2024/28xxx/CVE-2024-28791.json | 18 ++++++ 2024/28xxx/CVE-2024-28792.json | 18 ++++++ 2024/28xxx/CVE-2024-28793.json | 18 ++++++ 2024/28xxx/CVE-2024-28794.json | 18 ++++++ 2024/28xxx/CVE-2024-28795.json | 18 ++++++ 2024/28xxx/CVE-2024-28796.json | 18 ++++++ 2024/28xxx/CVE-2024-28797.json | 18 ++++++ 2024/28xxx/CVE-2024-28798.json | 18 ++++++ 2024/28xxx/CVE-2024-28799.json | 18 ++++++ 2024/2xxx/CVE-2024-2057.json | 5 ++ 2024/2xxx/CVE-2024-2313.json | 103 +++++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2314.json | 91 +++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2351.json | 95 ++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2352.json | 105 +++++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2353.json | 95 ++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2354.json | 95 ++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2355.json | 95 ++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2357.json | 18 ++++++ 2024/2xxx/CVE-2024-2358.json | 18 ++++++ 2024/2xxx/CVE-2024-2359.json | 18 ++++++ 2024/2xxx/CVE-2024-2360.json | 18 ++++++ 2024/2xxx/CVE-2024-2361.json | 18 ++++++ 2024/2xxx/CVE-2024-2362.json | 18 ++++++ 2024/2xxx/CVE-2024-2363.json | 105 +++++++++++++++++++++++++++++++ 2024/2xxx/CVE-2024-2364.json | 109 +++++++++++++++++++++++++++++++++ 2024/2xxx/CVE-2024-2365.json | 109 +++++++++++++++++++++++++++++++++ 2024/2xxx/CVE-2024-2366.json | 18 ++++++ 86 files changed, 2032 insertions(+), 76 deletions(-) create mode 100644 2024/28xxx/CVE-2024-28755.json create mode 100644 2024/28xxx/CVE-2024-28756.json create mode 100644 2024/28xxx/CVE-2024-28757.json create mode 100644 2024/28xxx/CVE-2024-28758.json create mode 100644 2024/28xxx/CVE-2024-28759.json create mode 100644 2024/28xxx/CVE-2024-28760.json create mode 100644 2024/28xxx/CVE-2024-28761.json create mode 100644 2024/28xxx/CVE-2024-28762.json create mode 100644 2024/28xxx/CVE-2024-28763.json create mode 100644 2024/28xxx/CVE-2024-28764.json create mode 100644 2024/28xxx/CVE-2024-28765.json create mode 100644 2024/28xxx/CVE-2024-28766.json create mode 100644 2024/28xxx/CVE-2024-28767.json create mode 100644 2024/28xxx/CVE-2024-28768.json create mode 100644 2024/28xxx/CVE-2024-28769.json create mode 100644 2024/28xxx/CVE-2024-28770.json create mode 100644 2024/28xxx/CVE-2024-28771.json create mode 100644 2024/28xxx/CVE-2024-28772.json create mode 100644 2024/28xxx/CVE-2024-28773.json create mode 100644 2024/28xxx/CVE-2024-28774.json create mode 100644 2024/28xxx/CVE-2024-28775.json create mode 100644 2024/28xxx/CVE-2024-28776.json create mode 100644 2024/28xxx/CVE-2024-28777.json create mode 100644 2024/28xxx/CVE-2024-28778.json create mode 100644 2024/28xxx/CVE-2024-28779.json create mode 100644 2024/28xxx/CVE-2024-28780.json create mode 100644 2024/28xxx/CVE-2024-28781.json create mode 100644 2024/28xxx/CVE-2024-28782.json create mode 100644 2024/28xxx/CVE-2024-28783.json create mode 100644 2024/28xxx/CVE-2024-28784.json create mode 100644 2024/28xxx/CVE-2024-28785.json create mode 100644 2024/28xxx/CVE-2024-28786.json create mode 100644 2024/28xxx/CVE-2024-28787.json create mode 100644 2024/28xxx/CVE-2024-28788.json create mode 100644 2024/28xxx/CVE-2024-28789.json create mode 100644 2024/28xxx/CVE-2024-28790.json create mode 100644 2024/28xxx/CVE-2024-28791.json create mode 100644 2024/28xxx/CVE-2024-28792.json create mode 100644 2024/28xxx/CVE-2024-28793.json create mode 100644 2024/28xxx/CVE-2024-28794.json create mode 100644 2024/28xxx/CVE-2024-28795.json create mode 100644 2024/28xxx/CVE-2024-28796.json create mode 100644 2024/28xxx/CVE-2024-28797.json create mode 100644 2024/28xxx/CVE-2024-28798.json create mode 100644 2024/28xxx/CVE-2024-28799.json create mode 100644 2024/2xxx/CVE-2024-2357.json create mode 100644 2024/2xxx/CVE-2024-2358.json create mode 100644 2024/2xxx/CVE-2024-2359.json create mode 100644 2024/2xxx/CVE-2024-2360.json create mode 100644 2024/2xxx/CVE-2024-2361.json create mode 100644 2024/2xxx/CVE-2024-2362.json create mode 100644 2024/2xxx/CVE-2024-2363.json create mode 100644 2024/2xxx/CVE-2024-2364.json create mode 100644 2024/2xxx/CVE-2024-2365.json create mode 100644 2024/2xxx/CVE-2024-2366.json diff --git a/2023/0xxx/CVE-2023-0943.json b/2023/0xxx/CVE-2023-0943.json index 32f2d75a540..169839e27b9 100644 --- a/2023/0xxx/CVE-2023-0943.json +++ b/2023/0xxx/CVE-2023-0943.json @@ -11,11 +11,11 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects some unknown processing of the file index.php?page=site_settings of the component Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591." + "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with the input ../../shell.php leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591." }, { "lang": "deu", - "value": "Eine Schwachstelle wurde in SourceCodester Best POS Management System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei index.php?page=site_settings der Komponente Image Handler. Durch das Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden." + "value": "Eine Schwachstelle wurde in SourceCodester Best POS Management System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion save_settings der Datei index.php?page=site_settings der Komponente Image Handler. Durch das Manipulieren des Arguments img mit der Eingabe ../../shell.php mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden." } ] }, diff --git a/2023/39xxx/CVE-2023-39325.json b/2023/39xxx/CVE-2023-39325.json index b867beeb2f9..52d144c2adc 100644 --- a/2023/39xxx/CVE-2023-39325.json +++ b/2023/39xxx/CVE-2023-39325.json @@ -267,6 +267,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/" } ] } diff --git a/2023/52xxx/CVE-2023-52160.json b/2023/52xxx/CVE-2023-52160.json index 220b4d79c73..22150534234 100644 --- a/2023/52xxx/CVE-2023-52160.json +++ b/2023/52xxx/CVE-2023-52160.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20240227 [SECURITY] [DLA 3743-1] wpa security update", "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-36d2be00d0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/" } ] } diff --git a/2024/24xxx/CVE-2024-24246.json b/2024/24xxx/CVE-2024-24246.json index b1119905b10..bda844b2afc 100644 --- a/2024/24xxx/CVE-2024-24246.json +++ b/2024/24xxx/CVE-2024-24246.json @@ -56,6 +56,16 @@ "url": "https://github.com/qpdf/qpdf/issues/1123", "refsource": "MISC", "name": "https://github.com/qpdf/qpdf/issues/1123" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-daa7df59d6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX3D3YCNS6CQL3774OFUROLP3EM25ILC/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-8762164e47", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WLK6ICPJUMOJNHZQWXAA5MPXG5JHZZL/" } ] } diff --git a/2024/26xxx/CVE-2024-26605.json b/2024/26xxx/CVE-2024-26605.json index 7a64bdd8094..26c4e34fc64 100644 --- a/2024/26xxx/CVE-2024-26605.json +++ b/2024/26xxx/CVE-2024-26605.json @@ -64,7 +64,7 @@ "versionType": "custom" }, { - "version": "6.8-rc3", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -97,6 +97,6 @@ ] }, "generator": { - "engine": "bippy-5e66918c8507" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26606.json b/2024/26xxx/CVE-2024-26606.json index 4e7e298d227..a1531a84042 100644 --- a/2024/26xxx/CVE-2024-26606.json +++ b/2024/26xxx/CVE-2024-26606.json @@ -100,7 +100,7 @@ "versionType": "custom" }, { - "version": "6.8-rc3", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -159,15 +159,10 @@ "url": "https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/" } ] }, "generator": { - "engine": "bippy-b01c2a820106" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26607.json b/2024/26xxx/CVE-2024-26607.json index 44d377826bf..2131c0acb08 100644 --- a/2024/26xxx/CVE-2024-26607.json +++ b/2024/26xxx/CVE-2024-26607.json @@ -76,7 +76,7 @@ "versionType": "custom" }, { - "version": "6.8-rc2", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -119,6 +119,6 @@ ] }, "generator": { - "engine": "bippy-c298863b1525" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26608.json b/2024/26xxx/CVE-2024-26608.json index 37d2e29d228..f3426918afe 100644 --- a/2024/26xxx/CVE-2024-26608.json +++ b/2024/26xxx/CVE-2024-26608.json @@ -82,7 +82,7 @@ "versionType": "custom" }, { - "version": "6.8-rc2", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -130,6 +130,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26609.json b/2024/26xxx/CVE-2024-26609.json index 2d91847f8f6..608e592cb84 100644 --- a/2024/26xxx/CVE-2024-26609.json +++ b/2024/26xxx/CVE-2024-26609.json @@ -100,7 +100,7 @@ "versionType": "custom" }, { - "version": "6.8-rc2", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -163,6 +163,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26610.json b/2024/26xxx/CVE-2024-26610.json index 96f6d11b8b4..17e2424a0b4 100644 --- a/2024/26xxx/CVE-2024-26610.json +++ b/2024/26xxx/CVE-2024-26610.json @@ -88,7 +88,7 @@ "versionType": "custom" }, { - "version": "6.8-rc2", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -141,6 +141,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26611.json b/2024/26xxx/CVE-2024-26611.json index 1ae37396066..7c33e8a2905 100644 --- a/2024/26xxx/CVE-2024-26611.json +++ b/2024/26xxx/CVE-2024-26611.json @@ -70,7 +70,7 @@ "versionType": "custom" }, { - "version": "6.8-rc2", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26612.json b/2024/26xxx/CVE-2024-26612.json index 65cd948f2e1..8936f9610ff 100644 --- a/2024/26xxx/CVE-2024-26612.json +++ b/2024/26xxx/CVE-2024-26612.json @@ -76,7 +76,7 @@ "versionType": "custom" }, { - "version": "6.8-rc2", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -119,6 +119,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26613.json b/2024/26xxx/CVE-2024-26613.json index aee1f4c1b74..6a85911fbfb 100644 --- a/2024/26xxx/CVE-2024-26613.json +++ b/2024/26xxx/CVE-2024-26613.json @@ -100,7 +100,7 @@ "versionType": "custom" }, { - "version": "6.8-rc2", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -163,6 +163,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26614.json b/2024/26xxx/CVE-2024-26614.json index b268f779b6f..7ede4d77e70 100644 --- a/2024/26xxx/CVE-2024-26614.json +++ b/2024/26xxx/CVE-2024-26614.json @@ -88,7 +88,7 @@ "versionType": "custom" }, { - "version": "6.8-rc2", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -141,6 +141,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26615.json b/2024/26xxx/CVE-2024-26615.json index bae03852a04..2dfe7c8e248 100644 --- a/2024/26xxx/CVE-2024-26615.json +++ b/2024/26xxx/CVE-2024-26615.json @@ -100,7 +100,7 @@ "versionType": "custom" }, { - "version": "6.8-rc2", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -163,6 +163,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26616.json b/2024/26xxx/CVE-2024-26616.json index b134314a677..095d26566d1 100644 --- a/2024/26xxx/CVE-2024-26616.json +++ b/2024/26xxx/CVE-2024-26616.json @@ -70,7 +70,7 @@ "versionType": "custom" }, { - "version": "6.8-rc2", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26617.json b/2024/26xxx/CVE-2024-26617.json index bd37a2f5e16..d791e42692a 100644 --- a/2024/26xxx/CVE-2024-26617.json +++ b/2024/26xxx/CVE-2024-26617.json @@ -64,7 +64,7 @@ "versionType": "custom" }, { - "version": "6.8-rc1", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -97,6 +97,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26618.json b/2024/26xxx/CVE-2024-26618.json index 6fd08961a73..1a606dcf94d 100644 --- a/2024/26xxx/CVE-2024-26618.json +++ b/2024/26xxx/CVE-2024-26618.json @@ -70,7 +70,7 @@ "versionType": "custom" }, { - "version": "6.8-rc1", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26619.json b/2024/26xxx/CVE-2024-26619.json index 8be97e03da8..df522685d05 100644 --- a/2024/26xxx/CVE-2024-26619.json +++ b/2024/26xxx/CVE-2024-26619.json @@ -64,7 +64,7 @@ "versionType": "custom" }, { - "version": "6.8-rc1", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -97,6 +97,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26620.json b/2024/26xxx/CVE-2024-26620.json index 928b8884659..a707a2f3933 100644 --- a/2024/26xxx/CVE-2024-26620.json +++ b/2024/26xxx/CVE-2024-26620.json @@ -76,7 +76,7 @@ "versionType": "custom" }, { - "version": "6.8-rc1", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -119,6 +119,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26621.json b/2024/26xxx/CVE-2024-26621.json index 9325f82a447..a74155a6ab9 100644 --- a/2024/26xxx/CVE-2024-26621.json +++ b/2024/26xxx/CVE-2024-26621.json @@ -70,7 +70,7 @@ "versionType": "custom" }, { - "version": "6.8-rc3", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" @@ -108,6 +108,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/27xxx/CVE-2024-27698.json b/2024/27xxx/CVE-2024-27698.json index 7a04537e49b..3e87468cd9a 100644 --- a/2024/27xxx/CVE-2024-27698.json +++ b/2024/27xxx/CVE-2024-27698.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2024-27698", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2024/28xxx/CVE-2024-28089.json b/2024/28xxx/CVE-2024-28089.json index d570981a9b9..ff1ccbc7865 100644 --- a/2024/28xxx/CVE-2024-28089.json +++ b/2024/28xxx/CVE-2024-28089.json @@ -52,15 +52,20 @@ }, "references": { "reference_data": [ - { - "url": "https://drive.proton.me/urls/8RVTDGP9C0#GLVSkEMRYULI", - "refsource": "MISC", - "name": "https://drive.proton.me/urls/8RVTDGP9C0#GLVSkEMRYULI" - }, { "refsource": "MISC", "name": "https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-28089", "url": "https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-28089" + }, + { + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC.gif", + "url": "https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC.gif" + }, + { + "refsource": "MISC", + "name": "https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC_DOS_ALT.gif", + "url": "https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC_DOS_ALT.gif" } ] } diff --git a/2024/28xxx/CVE-2024-28755.json b/2024/28xxx/CVE-2024-28755.json new file mode 100644 index 00000000000..c92da759238 --- /dev/null +++ b/2024/28xxx/CVE-2024-28755.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28755", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28756.json b/2024/28xxx/CVE-2024-28756.json new file mode 100644 index 00000000000..e04e1b20c70 --- /dev/null +++ b/2024/28xxx/CVE-2024-28756.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28756", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28757.json b/2024/28xxx/CVE-2024-28757.json new file mode 100644 index 00000000000..ecfaae4edc7 --- /dev/null +++ b/2024/28xxx/CVE-2024-28757.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-28757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libexpat/libexpat/pull/842", + "refsource": "MISC", + "name": "https://github.com/libexpat/libexpat/pull/842" + }, + { + "url": "https://github.com/libexpat/libexpat/issues/839", + "refsource": "MISC", + "name": "https://github.com/libexpat/libexpat/issues/839" + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28758.json b/2024/28xxx/CVE-2024-28758.json new file mode 100644 index 00000000000..11d951dae78 --- /dev/null +++ b/2024/28xxx/CVE-2024-28758.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28758", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28759.json b/2024/28xxx/CVE-2024-28759.json new file mode 100644 index 00000000000..b567b8dba3b --- /dev/null +++ b/2024/28xxx/CVE-2024-28759.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28759", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28760.json b/2024/28xxx/CVE-2024-28760.json new file mode 100644 index 00000000000..afc6a663065 --- /dev/null +++ b/2024/28xxx/CVE-2024-28760.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28760", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28761.json b/2024/28xxx/CVE-2024-28761.json new file mode 100644 index 00000000000..46a4be3d40c --- /dev/null +++ b/2024/28xxx/CVE-2024-28761.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28761", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28762.json b/2024/28xxx/CVE-2024-28762.json new file mode 100644 index 00000000000..f0fc644434e --- /dev/null +++ b/2024/28xxx/CVE-2024-28762.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28762", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28763.json b/2024/28xxx/CVE-2024-28763.json new file mode 100644 index 00000000000..79d76093051 --- /dev/null +++ b/2024/28xxx/CVE-2024-28763.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28763", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28764.json b/2024/28xxx/CVE-2024-28764.json new file mode 100644 index 00000000000..a850479ee61 --- /dev/null +++ b/2024/28xxx/CVE-2024-28764.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28764", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28765.json b/2024/28xxx/CVE-2024-28765.json new file mode 100644 index 00000000000..2b128974af2 --- /dev/null +++ b/2024/28xxx/CVE-2024-28765.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28765", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28766.json b/2024/28xxx/CVE-2024-28766.json new file mode 100644 index 00000000000..ca0cc6c576e --- /dev/null +++ b/2024/28xxx/CVE-2024-28766.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28766", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28767.json b/2024/28xxx/CVE-2024-28767.json new file mode 100644 index 00000000000..2151ce4d12e --- /dev/null +++ b/2024/28xxx/CVE-2024-28767.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28767", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28768.json b/2024/28xxx/CVE-2024-28768.json new file mode 100644 index 00000000000..c9907273d01 --- /dev/null +++ b/2024/28xxx/CVE-2024-28768.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28768", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28769.json b/2024/28xxx/CVE-2024-28769.json new file mode 100644 index 00000000000..fcea8e68344 --- /dev/null +++ b/2024/28xxx/CVE-2024-28769.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28769", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28770.json b/2024/28xxx/CVE-2024-28770.json new file mode 100644 index 00000000000..249418c0f9d --- /dev/null +++ b/2024/28xxx/CVE-2024-28770.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28770", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28771.json b/2024/28xxx/CVE-2024-28771.json new file mode 100644 index 00000000000..a2675a345da --- /dev/null +++ b/2024/28xxx/CVE-2024-28771.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28771", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28772.json b/2024/28xxx/CVE-2024-28772.json new file mode 100644 index 00000000000..d452008a98e --- /dev/null +++ b/2024/28xxx/CVE-2024-28772.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28772", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28773.json b/2024/28xxx/CVE-2024-28773.json new file mode 100644 index 00000000000..37750b7e3db --- /dev/null +++ b/2024/28xxx/CVE-2024-28773.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28773", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28774.json b/2024/28xxx/CVE-2024-28774.json new file mode 100644 index 00000000000..190dbca9e58 --- /dev/null +++ b/2024/28xxx/CVE-2024-28774.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28774", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28775.json b/2024/28xxx/CVE-2024-28775.json new file mode 100644 index 00000000000..3393f65a89a --- /dev/null +++ b/2024/28xxx/CVE-2024-28775.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28775", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28776.json b/2024/28xxx/CVE-2024-28776.json new file mode 100644 index 00000000000..5ed62779222 --- /dev/null +++ b/2024/28xxx/CVE-2024-28776.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28776", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28777.json b/2024/28xxx/CVE-2024-28777.json new file mode 100644 index 00000000000..e891bb0842d --- /dev/null +++ b/2024/28xxx/CVE-2024-28777.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28777", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28778.json b/2024/28xxx/CVE-2024-28778.json new file mode 100644 index 00000000000..4929f64f07e --- /dev/null +++ b/2024/28xxx/CVE-2024-28778.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28778", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28779.json b/2024/28xxx/CVE-2024-28779.json new file mode 100644 index 00000000000..e9512b25ae3 --- /dev/null +++ b/2024/28xxx/CVE-2024-28779.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28779", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28780.json b/2024/28xxx/CVE-2024-28780.json new file mode 100644 index 00000000000..ffb9d277c22 --- /dev/null +++ b/2024/28xxx/CVE-2024-28780.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28780", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28781.json b/2024/28xxx/CVE-2024-28781.json new file mode 100644 index 00000000000..b0c71a8194d --- /dev/null +++ b/2024/28xxx/CVE-2024-28781.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28781", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28782.json b/2024/28xxx/CVE-2024-28782.json new file mode 100644 index 00000000000..06e5d17e373 --- /dev/null +++ b/2024/28xxx/CVE-2024-28782.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28782", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28783.json b/2024/28xxx/CVE-2024-28783.json new file mode 100644 index 00000000000..3693d364d88 --- /dev/null +++ b/2024/28xxx/CVE-2024-28783.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28783", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28784.json b/2024/28xxx/CVE-2024-28784.json new file mode 100644 index 00000000000..2f82d0a2220 --- /dev/null +++ b/2024/28xxx/CVE-2024-28784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28785.json b/2024/28xxx/CVE-2024-28785.json new file mode 100644 index 00000000000..4b868870f1c --- /dev/null +++ b/2024/28xxx/CVE-2024-28785.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28785", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28786.json b/2024/28xxx/CVE-2024-28786.json new file mode 100644 index 00000000000..8e309e7de4b --- /dev/null +++ b/2024/28xxx/CVE-2024-28786.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28786", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28787.json b/2024/28xxx/CVE-2024-28787.json new file mode 100644 index 00000000000..a3c3960a376 --- /dev/null +++ b/2024/28xxx/CVE-2024-28787.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28787", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28788.json b/2024/28xxx/CVE-2024-28788.json new file mode 100644 index 00000000000..9ac30ee4d11 --- /dev/null +++ b/2024/28xxx/CVE-2024-28788.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28788", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28789.json b/2024/28xxx/CVE-2024-28789.json new file mode 100644 index 00000000000..502383cce5a --- /dev/null +++ b/2024/28xxx/CVE-2024-28789.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28789", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28790.json b/2024/28xxx/CVE-2024-28790.json new file mode 100644 index 00000000000..b2391a56c7e --- /dev/null +++ b/2024/28xxx/CVE-2024-28790.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28790", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28791.json b/2024/28xxx/CVE-2024-28791.json new file mode 100644 index 00000000000..0faca531928 --- /dev/null +++ b/2024/28xxx/CVE-2024-28791.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28791", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28792.json b/2024/28xxx/CVE-2024-28792.json new file mode 100644 index 00000000000..8c71eb49696 --- /dev/null +++ b/2024/28xxx/CVE-2024-28792.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28792", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28793.json b/2024/28xxx/CVE-2024-28793.json new file mode 100644 index 00000000000..c49a4d719b9 --- /dev/null +++ b/2024/28xxx/CVE-2024-28793.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28793", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28794.json b/2024/28xxx/CVE-2024-28794.json new file mode 100644 index 00000000000..b6368dcfd5a --- /dev/null +++ b/2024/28xxx/CVE-2024-28794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28795.json b/2024/28xxx/CVE-2024-28795.json new file mode 100644 index 00000000000..ece90dd5953 --- /dev/null +++ b/2024/28xxx/CVE-2024-28795.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28795", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28796.json b/2024/28xxx/CVE-2024-28796.json new file mode 100644 index 00000000000..372168b7843 --- /dev/null +++ b/2024/28xxx/CVE-2024-28796.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28796", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28797.json b/2024/28xxx/CVE-2024-28797.json new file mode 100644 index 00000000000..6c413c62030 --- /dev/null +++ b/2024/28xxx/CVE-2024-28797.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28797", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28798.json b/2024/28xxx/CVE-2024-28798.json new file mode 100644 index 00000000000..e6c3df6502c --- /dev/null +++ b/2024/28xxx/CVE-2024-28798.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28798", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28799.json b/2024/28xxx/CVE-2024-28799.json new file mode 100644 index 00000000000..47096c3c96f --- /dev/null +++ b/2024/28xxx/CVE-2024-28799.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28799", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2057.json b/2024/2xxx/CVE-2024-2057.json index cdaf54f847a..afd12e4d7f1 100644 --- a/2024/2xxx/CVE-2024-2057.json +++ b/2024/2xxx/CVE-2024-2057.json @@ -77,6 +77,11 @@ "url": "https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl", "refsource": "MISC", "name": "https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl" + }, + { + "url": "https://github.com/langchain-ai/langchain/pull/18695", + "refsource": "MISC", + "name": "https://github.com/langchain-ai/langchain/pull/18695" } ] }, diff --git a/2024/2xxx/CVE-2024-2313.json b/2024/2xxx/CVE-2024-2313.json index 661d1daefd8..0ec6de4e624 100644 --- a/2024/2xxx/CVE-2024-2313.json +++ b/2024/2xxx/CVE-2024-2313.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2313", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@ubuntu.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bpftrace", + "product": { + "product_data": [ + { + "product_name": "bpftrace", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "0", + "lessThan": "v0.20.2", + "versionType": "semver" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998", + "refsource": "MISC", + "name": "https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313", + "refsource": "MISC", + "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Mark Esler" + }, + { + "lang": "en", + "value": "Seth Arnold" + }, + { + "lang": "en", + "value": "Brendan Gregg" + }, + { + "lang": "en", + "value": "Jordan Rome" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", + "baseScore": 2.8, + "baseSeverity": "LOW" } ] } diff --git a/2024/2xxx/CVE-2024-2314.json b/2024/2xxx/CVE-2024-2314.json index 4cde12577a7..8103fb2970d 100644 --- a/2024/2xxx/CVE-2024-2314.json +++ b/2024/2xxx/CVE-2024-2314.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2314", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@ubuntu.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IOVisor", + "product": { + "product_data": [ + { + "product_name": "BPF Compiler Collection", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "008ea09e891194c072f2a9305a3c872a241dc342" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342", + "refsource": "MISC", + "name": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314", + "refsource": "MISC", + "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Mark Esler" + }, + { + "lang": "en", + "value": "Seth Arnold" + }, + { + "lang": "en", + "value": "Brendan Gregg" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", + "baseScore": 2.8, + "baseSeverity": "LOW" } ] } diff --git a/2024/2xxx/CVE-2024-2351.json b/2024/2xxx/CVE-2024-2351.json index 6924668eef3..aaacef3b904 100644 --- a/2024/2xxx/CVE-2024-2351.json +++ b/2024/2xxx/CVE-2024-2351.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2351", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument cat_id/brand_id/keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256303." + }, + { + "lang": "deu", + "value": "In CodeAstro Ecommerce Site 1.0 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei action.php der Komponente Search. Durch die Manipulation des Arguments cat_id/brand_id/keyword mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CodeAstro", + "product": { + "product_data": [ + { + "product_name": "Ecommerce Site", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256303", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256303" + }, + { + "url": "https://vuldb.com/?ctiid.256303", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256303" + }, + { + "url": "https://docs.qq.com/doc/DYklCV0thWnRaaWpY", + "refsource": "MISC", + "name": "https://docs.qq.com/doc/DYklCV0thWnRaaWpY" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Mooooon (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2352.json b/2024/2xxx/CVE-2024-2352.json index 7fede0ca5a6..0f142dda70b 100644 --- a/2024/2xxx/CVE-2024-2352.json +++ b/2024/2xxx/CVE-2024-2352.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2352", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\\nopen -a Calculator leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-256304." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in 1Panel bis 1.10.1-lts entdeckt. Hierbei geht es um die Funktion baseApi.UpdateDeviceSwap der Datei /api/v1/toolbox/device/update/swap. Durch Manipulation des Arguments Path mit der Eingabe 123123123\\nopen -a Calculator mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Command Injection", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "1Panel", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.10.1-lts" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256304", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256304" + }, + { + "url": "https://vuldb.com/?ctiid.256304", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256304" + }, + { + "url": "https://github.com/1Panel-dev/1Panel/pull/4131", + "refsource": "MISC", + "name": "https://github.com/1Panel-dev/1Panel/pull/4131" + }, + { + "url": "https://github.com/1Panel-dev/1Panel/pull/4131#issue-2176105990", + "refsource": "MISC", + "name": "https://github.com/1Panel-dev/1Panel/pull/4131#issue-2176105990" + }, + { + "url": "https://github.com/1Panel-dev/1Panel/pull/4131/commits/0edd7a9f6f5100aab98a0ea6e5deedff7700396c", + "refsource": "MISC", + "name": "https://github.com/1Panel-dev/1Panel/pull/4131/commits/0edd7a9f6f5100aab98a0ea6e5deedff7700396c" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "linyz-tel (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2353.json b/2024/2xxx/CVE-2024-2353.json index 166cf2adde6..3cf9223f55e 100644 --- a/2024/2xxx/CVE-2024-2353.json +++ b/2024/2xxx/CVE-2024-2353.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2353", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Totolink X6000R 9.4.0cu.852_20230719 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion setDiagnosisCfg der Datei /cgi-bin/cstecgi.cgi der Komponente shttpd. Mit der Manipulation des Arguments ip mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Totolink", + "product": { + "product_data": [ + { + "product_name": "X6000R", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.4.0cu.852_20230719" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256313", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256313" + }, + { + "url": "https://vuldb.com/?ctiid.256313", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256313" + }, + { + "url": "https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md", + "refsource": "MISC", + "name": "https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "oraclepi (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2354.json b/2024/2xxx/CVE-2024-2354.json index 8a8e7992af8..ad4be102805 100644 --- a/2024/2xxx/CVE-2024-2354.json +++ b/2024/2xxx/CVE-2024-2354.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2354", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Dreamer CMS 4.1.3 gefunden. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/menu/toEdit. Durch die Manipulation des Arguments id mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dreamer", + "product": { + "product_data": [ + { + "product_name": "CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256314", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256314" + }, + { + "url": "https://vuldb.com/?ctiid.256314", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256314" + }, + { + "url": "https://github.com/sweatxi/BugHub/blob/main/dreamer_cms_admin_menu_toEdit_csrf.pdf", + "refsource": "MISC", + "name": "https://github.com/sweatxi/BugHub/blob/main/dreamer_cms_admin_menu_toEdit_csrf.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "lin_yun (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2024/2xxx/CVE-2024-2355.json b/2024/2xxx/CVE-2024-2355.json index c6d9ff38f0c..85c863057b6 100644 --- a/2024/2xxx/CVE-2024-2355.json +++ b/2024/2xxx/CVE-2024-2355.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2355", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secret_coder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In keerti1924 Secret-Coder-PHP-Project 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /secret_coder.sql. Durch Manipulation mit unbekannten Daten kann eine inclusion of sensitive information in source code-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-540 Inclusion of Sensitive Information in Source Code", + "cweId": "CWE-540" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "keerti1924", + "product": { + "product_data": [ + { + "product_name": "Secret-Coder-PHP-Project", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256315", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256315" + }, + { + "url": "https://vuldb.com/?ctiid.256315", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256315" + }, + { + "url": "https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20Sensitive%20Information%20Disclosure%5D%20on%20secret_coder.sql.md", + "refsource": "MISC", + "name": "https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20Sensitive%20Information%20Disclosure%5D%20on%20secret_coder.sql.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "reiginald (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.7, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.7, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.6, + "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N" } ] } diff --git a/2024/2xxx/CVE-2024-2357.json b/2024/2xxx/CVE-2024-2357.json new file mode 100644 index 00000000000..78495cbef1d --- /dev/null +++ b/2024/2xxx/CVE-2024-2357.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2357", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2358.json b/2024/2xxx/CVE-2024-2358.json new file mode 100644 index 00000000000..2684f2b7419 --- /dev/null +++ b/2024/2xxx/CVE-2024-2358.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2358", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2359.json b/2024/2xxx/CVE-2024-2359.json new file mode 100644 index 00000000000..4a8cf30d07a --- /dev/null +++ b/2024/2xxx/CVE-2024-2359.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2359", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2360.json b/2024/2xxx/CVE-2024-2360.json new file mode 100644 index 00000000000..fbf8511d495 --- /dev/null +++ b/2024/2xxx/CVE-2024-2360.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2360", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2361.json b/2024/2xxx/CVE-2024-2361.json new file mode 100644 index 00000000000..295aea27683 --- /dev/null +++ b/2024/2xxx/CVE-2024-2361.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2361", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2362.json b/2024/2xxx/CVE-2024-2362.json new file mode 100644 index 00000000000..f80858437a2 --- /dev/null +++ b/2024/2xxx/CVE-2024-2362.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2362", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2363.json b/2024/2xxx/CVE-2024-2363.json new file mode 100644 index 00000000000..735ccb12908 --- /dev/null +++ b/2024/2xxx/CVE-2024-2363.json @@ -0,0 +1,105 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2363", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256318 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED ** In AOL AIM Triton 1.0.4 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente Invite Handler. Durch das Manipulieren des Arguments CSeq mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AOL", + "product": { + "product_data": [ + { + "product_name": "AIM Triton", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256318", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256318" + }, + { + "url": "https://vuldb.com/?ctiid.256318", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256318" + }, + { + "url": "https://fitoxs.com/vuldb/exploit/exploit_aim_triton.txt", + "refsource": "MISC", + "name": "https://fitoxs.com/vuldb/exploit/exploit_aim_triton.txt" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "fernando.mengali (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P" + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2364.json b/2024/2xxx/CVE-2024-2364.json new file mode 100644 index 00000000000..d2705e4e35e --- /dev/null +++ b/2024/2xxx/CVE-2024-2364.json @@ -0,0 +1,109 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2364", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256320." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in Musicshelf 1.0/1.1 f\u00fcr Android entdeckt. Es betrifft eine unbekannte Funktion der Datei androidmanifest.xml der Komponente Backup Handler. Durch das Beeinflussen mit unbekannten Daten kann eine exposure of backup file to an unauthorized control sphere-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-530 Exposure of Backup File to an Unauthorized Control Sphere", + "cweId": "CWE-530" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Musicshelf", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + }, + { + "version_affected": "=", + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256320", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256320" + }, + { + "url": "https://vuldb.com/?ctiid.256320", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256320" + }, + { + "url": "https://github.com/ctflearner/Android_Findings/blob/main/Musicshelf/Musicshelf_Manifest_issue.md", + "refsource": "MISC", + "name": "https://github.com/ctflearner/Android_Findings/blob/main/Musicshelf/Musicshelf_Manifest_issue.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Affan (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 1.8, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 1.8, + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 1.4, + "vectorString": "AV:L/AC:L/Au:M/C:P/I:N/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2365.json b/2024/2xxx/CVE-2024-2365.json new file mode 100644 index 00000000000..e235b03a53b --- /dev/null +++ b/2024/2xxx/CVE-2024-2365.json @@ -0,0 +1,109 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2365", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\\fabric\\sdk\\android\\services\\network\\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-256321 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In Musicshelf 1.0/1.1 f\u00fcr Android wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei io\\fabric\\sdk\\android\\services\\network\\PinningTrustManager.java der Komponente SHA-1 Handler. Durch Beeinflussen mit unbekannten Daten kann eine password hash with insufficient computational effort-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-916 Password Hash With Insufficient Computational Effort", + "cweId": "CWE-916" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Musicshelf", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + }, + { + "version_affected": "=", + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256321", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256321" + }, + { + "url": "https://vuldb.com/?ctiid.256321", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256321" + }, + { + "url": "https://github.com/ctflearner/Android_Findings/blob/main/Musicshelf/Weak_Hashing_Algorithms.md", + "refsource": "MISC", + "name": "https://github.com/ctflearner/Android_Findings/blob/main/Musicshelf/Weak_Hashing_Algorithms.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Affan (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 1.6, + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 1.6, + "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 0.8, + "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2366.json b/2024/2xxx/CVE-2024-2366.json new file mode 100644 index 00000000000..284f918230f --- /dev/null +++ b/2024/2xxx/CVE-2024-2366.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2366", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file