From 358babedc90c96d86c6062d4128a05b2e65d9363 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Jul 2024 14:00:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/24xxx/CVE-2022-24975.json | 5 ++ 2024/32xxx/CVE-2024-32755.json | 103 ++++++++++++++++++++- 2024/32xxx/CVE-2024-32756.json | 103 ++++++++++++++++++++- 2024/34xxx/CVE-2024-34122.json | 103 ++++++++++++++++++++- 2024/36xxx/CVE-2024-36404.json | 159 ++++++++++++++++++++++++++++++++- 2024/38xxx/CVE-2024-38519.json | 91 ++++++++++++++++++- 2024/39xxx/CVE-2024-39119.json | 56 ++++++++++-- 2024/39xxx/CVE-2024-39143.json | 56 ++++++++++-- 2024/39xxx/CVE-2024-39887.json | 18 ++++ 2024/39xxx/CVE-2024-39888.json | 18 ++++ 2024/6xxx/CVE-2024-6452.json | 18 ++++ 11 files changed, 698 insertions(+), 32 deletions(-) create mode 100644 2024/39xxx/CVE-2024-39887.json create mode 100644 2024/39xxx/CVE-2024-39888.json create mode 100644 2024/6xxx/CVE-2024-6452.json diff --git a/2022/24xxx/CVE-2022-24975.json b/2022/24xxx/CVE-2022-24975.json index c71c3c2f854..2b32dd53b21 100644 --- a/2022/24xxx/CVE-2022-24975.json +++ b/2022/24xxx/CVE-2022-24975.json @@ -61,6 +61,11 @@ "url": "https://github.com/git/git/blob/2dc94da3744bfbbf145eca587a0f5ff480cc5867/Documentation/git-clone.txt#L185-L191", "refsource": "MISC", "name": "https://github.com/git/git/blob/2dc94da3744bfbbf145eca587a0f5ff480cc5867/Documentation/git-clone.txt#L185-L191" + }, + { + "refsource": "MISC", + "name": "https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/", + "url": "https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/" } ] } diff --git a/2024/32xxx/CVE-2024-32755.json b/2024/32xxx/CVE-2024-32755.json index a62d7264cfb..3f885e368cf 100644 --- a/2024/32xxx/CVE-2024-32755.json +++ b/2024/32xxx/CVE-2024-32755.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32755", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productsecurity@jci.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain circumstances the web interface will accept characters unrelated to the expected input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Johnson Controls", + "product": { + "product_data": [ + { + "product_name": "American Dynamics Illustra Essentials Gen 4", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "Illustra.Ess4.01.02.10.5982" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories", + "refsource": "MISC", + "name": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-04", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-04" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nUpdate firmware to Illustra.Ess4.01.02.13.6953 (Available July 11, 2024)" + } + ], + "value": "Update firmware to Illustra.Ess4.01.02.13.6953\u00a0(Available July 11, 2024)" + } + ], + "credits": [ + { + "lang": "en", + "value": "Sam Hanson of Dragos" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/32xxx/CVE-2024-32756.json b/2024/32xxx/CVE-2024-32756.json index cee9fba10f3..5d42e5879a1 100644 --- a/2024/32xxx/CVE-2024-32756.json +++ b/2024/32xxx/CVE-2024-32756.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32756", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productsecurity@jci.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under certain circumstances the Linux users credentials may be recovered by an authenticated user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-257: Storing Passwords in a Recoverable Format", + "cweId": "CWE-257" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Johnson Controls", + "product": { + "product_data": [ + { + "product_name": "American Dynamics Illustra Essentials Gen 4", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "Illustra.Ess4.01.02.10.5982" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories", + "refsource": "MISC", + "name": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-05", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-05" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nUpgrade camera to Illustra.Ess4.01.02.13.6953 (Available July 11, 2024)\n\n
" + } + ], + "value": "Upgrade camera to Illustra.Ess4.01.02.13.6953 (Available July 11, 2024)" + } + ], + "credits": [ + { + "lang": "en", + "value": "Sam Hanson of Dragos" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/34xxx/CVE-2024-34122.json b/2024/34xxx/CVE-2024-34122.json index ddfcd1209ec..16f0a5eb7e2 100644 --- a/2024/34xxx/CVE-2024-34122.json +++ b/2024/34xxx/CVE-2024-34122.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34122", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat for Edge versions 126.0.2592.68 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Acrobat for Edge", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "126.0.2592.68", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-34122", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-34122" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 7.8, + "environmentalSeverity": "HIGH", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "HIGH", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "HIGH", + "modifiedIntegrityImpact": "HIGH", + "modifiedPrivilegesRequired": "NONE", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "NONE", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 7.8, + "temporalSeverity": "HIGH", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/36xxx/CVE-2024-36404.json b/2024/36xxx/CVE-2024-36404.json index 55ba5a7bef3..b823f08b209 100644 --- a/2024/36xxx/CVE-2024-36404.json +++ b/2024/36xxx/CVE-2024-36404.json @@ -1,17 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-36404", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution (RCE) is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6 contain a fix for this issue. As a workaround, GeoTools can operate with reduced functionality by removing the `gt-complex` jar from one's application. As an example of the impact, application schema `datastore` would not function without the ability to use XPath expressions to query complex content. Alternatively, one may utilize a drop-in replacement GeoTools jar from SourceForge for versions 31.1, 30.3, 30.2, 29.2, 28.2, 27.5, 27.4, 26.7, 26.4, 25.2, and 24.0. These jars are for download only and are not available from maven central, intended to quickly provide a fix to affected applications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + "cweId": "CWE-95" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "geotools", + "product": { + "product_data": [ + { + "product_name": "geotools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 29.6" + }, + { + "version_affected": "=", + "version_value": ">= 30.0, < 30.4" + }, + { + "version_affected": "=", + "version_value": ">= 31.0, < 31.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w", + "refsource": "MISC", + "name": "https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w" + }, + { + "url": "https://github.com/geotools/geotools/pull/4797", + "refsource": "MISC", + "name": "https://github.com/geotools/geotools/pull/4797" + }, + { + "url": "https://github.com/geotools/geotools/commit/f0c9961dc4d40c5acfce2169fab92805738de5ea", + "refsource": "MISC", + "name": "https://github.com/geotools/geotools/commit/f0c9961dc4d40c5acfce2169fab92805738de5ea" + }, + { + "url": "https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852", + "refsource": "MISC", + "name": "https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852" + }, + { + "url": "https://osgeo-org.atlassian.net/browse/GEOT-7587", + "refsource": "MISC", + "name": "https://osgeo-org.atlassian.net/browse/GEOT-7587" + }, + { + "url": "https://sourceforge.net/projects/geotools/files/GeoTools%2024%20Releases/24.0/geotools-24.0-patches.zip/download", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/geotools/files/GeoTools%2024%20Releases/24.0/geotools-24.0-patches.zip/download" + }, + { + "url": "https://sourceforge.net/projects/geotools/files/GeoTools%2025%20Releases/25.2/geotools-25.2-patches.zip/download", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/geotools/files/GeoTools%2025%20Releases/25.2/geotools-25.2-patches.zip/download" + }, + { + "url": "https://sourceforge.net/projects/geotools/files/GeoTools%2026%20Releases/26.4", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/geotools/files/GeoTools%2026%20Releases/26.4" + }, + { + "url": "https://sourceforge.net/projects/geotools/files/GeoTools%2026%20Releases/26.7/geotools-26.7-patches.zip/download", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/geotools/files/GeoTools%2026%20Releases/26.7/geotools-26.7-patches.zip/download" + }, + { + "url": "https://sourceforge.net/projects/geotools/files/GeoTools%2027%20Releases/27.4/geotools-27.4-patches.zip/download", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/geotools/files/GeoTools%2027%20Releases/27.4/geotools-27.4-patches.zip/download" + }, + { + "url": "https://sourceforge.net/projects/geotools/files/GeoTools%2027%20Releases/27.5/geotools-27.5-patches.zip/download", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/geotools/files/GeoTools%2027%20Releases/27.5/geotools-27.5-patches.zip/download" + }, + { + "url": "https://sourceforge.net/projects/geotools/files/GeoTools%2028%20Releases/28.2/geotools-28.2-patches.zip/download", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/geotools/files/GeoTools%2028%20Releases/28.2/geotools-28.2-patches.zip/download" + }, + { + "url": "https://sourceforge.net/projects/geotools/files/GeoTools%2029%20Releases/29.2/geotools-29.2-patches.zip/download", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/geotools/files/GeoTools%2029%20Releases/29.2/geotools-29.2-patches.zip/download" + }, + { + "url": "https://sourceforge.net/projects/geotools/files/GeoTools%2030%20Releases/30.2/geotools-30.2-patches.zip/download", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/geotools/files/GeoTools%2030%20Releases/30.2/geotools-30.2-patches.zip/download" + }, + { + "url": "https://sourceforge.net/projects/geotools/files/GeoTools%2030%20Releases/30.3/geotools-30.3-patches.zip/download", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/geotools/files/GeoTools%2030%20Releases/30.3/geotools-30.3-patches.zip/download" + }, + { + "url": "https://sourceforge.net/projects/geotools/files/GeoTools%2031%20Releases/31.1", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/geotools/files/GeoTools%2031%20Releases/31.1" + } + ] + }, + "source": { + "advisory": "GHSA-w3pj-wh35-fq8w", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/38xxx/CVE-2024-38519.json b/2024/38xxx/CVE-2024-38519.json index ca1bc83dd0d..1aecb127cab 100644 --- a/2024/38xxx/CVE-2024-38519.json +++ b/2024/38xxx/CVE-2024-38519.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "`yt-dlp` is a command-line audio/video downloader. Prior to version 2024.07.01, `yt-dlp` does not limit the extensions of downloaded files, which could lead to aribitrary filenames being created in the download folder (and path traversal on Windows). Since `yt-dlp` also reads config from the working directory (and on Windows executables will be executed from the yt-dlp directory) this could lead to arbitrary code being executed. `yt-dlp` version 2024.07.01 fixes this issue by whitelisting the allowed extensions. This might mean some very uncommon extensions might not get downloaded, however it will also limit the possible exploitation surface. In addition to upgrading, have `.%(ext)s` at the end of the output template and make sure the user trusts the websites that they are downloading from. Also, make sure to never download to a directory within PATH or other sensitive locations like one's user directory, `system32`, or other binaries locations. For users who are not able to upgrade, keep the default output template (`-o \"%(title)s [%(id)s].%(ext)s`); make sure the extension of the media to download is a common video/audio/sub/... one; try to avoid the generic extractor; and/or use `--ignore-config --config-location ...` to not load config from common locations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434: Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "yt-dlp", + "product": { + "product_data": [ + { + "product_name": "yt-dlp", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2024.07.01" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j", + "refsource": "MISC", + "name": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j" + }, + { + "url": "https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a", + "refsource": "MISC", + "name": "https://github.com/yt-dlp/yt-dlp/commit/5ce582448ececb8d9c30c8c31f58330090ced03a" + }, + { + "url": "https://github.com/yt-dlp/yt-dlp/releases/tag/2024.07.01", + "refsource": "MISC", + "name": "https://github.com/yt-dlp/yt-dlp/releases/tag/2024.07.01" + }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp", + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp" + } + ] + }, + "source": { + "advisory": "GHSA-79w7-vh3h-8g4j", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/39xxx/CVE-2024-39119.json b/2024/39xxx/CVE-2024-39119.json index dd4405d9db1..388372486df 100644 --- a/2024/39xxx/CVE-2024-39119.json +++ b/2024/39xxx/CVE-2024-39119.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-39119", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-39119", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/2477231995/cms/blob/main/1.md", + "refsource": "MISC", + "name": "https://github.com/2477231995/cms/blob/main/1.md" } ] } diff --git a/2024/39xxx/CVE-2024-39143.json b/2024/39xxx/CVE-2024-39143.json index ae7b6b40765..080864df16d 100644 --- a/2024/39xxx/CVE-2024-39143.json +++ b/2024/39xxx/CVE-2024-39143.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-39143", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-39143", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Coderberg/ResidenceCMS/issues/128", + "refsource": "MISC", + "name": "https://github.com/Coderberg/ResidenceCMS/issues/128" } ] } diff --git a/2024/39xxx/CVE-2024-39887.json b/2024/39xxx/CVE-2024-39887.json new file mode 100644 index 00000000000..48c5e74f618 --- /dev/null +++ b/2024/39xxx/CVE-2024-39887.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39887", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39888.json b/2024/39xxx/CVE-2024-39888.json new file mode 100644 index 00000000000..5f1dbaebded --- /dev/null +++ b/2024/39xxx/CVE-2024-39888.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39888", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6452.json b/2024/6xxx/CVE-2024-6452.json new file mode 100644 index 00000000000..dea48b316cc --- /dev/null +++ b/2024/6xxx/CVE-2024-6452.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6452", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file