diff --git a/2024/1xxx/CVE-2024-1741.json b/2024/1xxx/CVE-2024-1741.json
index c8e83fc8aee..aca93ae13c4 100644
--- a/2024/1xxx/CVE-2024-1741.json
+++ b/2024/1xxx/CVE-2024-1741.json
@@ -40,9 +40,9 @@
"version": {
"version_data": [
{
- "version_affected": "<=",
+ "version_affected": "<",
"version_name": "unspecified",
- "version_value": "latest"
+ "version_value": "1.2.8"
}
]
}
@@ -59,6 +59,11 @@
"url": "https://huntr.com/bounties/671bd040-1cc5-4227-8182-5904e9c5ed3b",
"refsource": "MISC",
"name": "https://huntr.com/bounties/671bd040-1cc5-4227-8182-5904e9c5ed3b"
+ },
+ {
+ "url": "https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2",
+ "refsource": "MISC",
+ "name": "https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2"
}
]
},
diff --git a/2024/1xxx/CVE-2024-1902.json b/2024/1xxx/CVE-2024-1902.json
index 72360d8185c..4d290b5b2c3 100644
--- a/2024/1xxx/CVE-2024-1902.json
+++ b/2024/1xxx/CVE-2024-1902.json
@@ -40,9 +40,9 @@
"version": {
"version_data": [
{
- "version_affected": "<=",
+ "version_affected": "<",
"version_name": "unspecified",
- "version_value": "latest"
+ "version_value": "1.2.8"
}
]
}
@@ -59,6 +59,11 @@
"url": "https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8",
"refsource": "MISC",
"name": "https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8"
+ },
+ {
+ "url": "https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2",
+ "refsource": "MISC",
+ "name": "https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2"
}
]
},
diff --git a/2024/23xxx/CVE-2024-23593.json b/2024/23xxx/CVE-2024-23593.json
index f9ef78e0a6c..d22e98030af 100644
--- a/2024/23xxx/CVE-2024-23593.json
+++ b/2024/23xxx/CVE-2024-23593.json
@@ -1,17 +1,106 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23593",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@lenovo.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nA vulnerability was reported\n\nin a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014\n\n that could allow a privileged attacker with local access to modify the boot manager and escalate privileges. \n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-1284: Improper Validation of Specified Quantity in Input",
+ "cweId": "CWE-1284"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Lenovo",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Windows 7 and 8 PC Preloads",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "various"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-132277",
+ "refsource": "MISC",
+ "name": "https://support.lenovo.com/us/en/product_security/LEN-132277"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nConcerned customers can follow Microsoft's guidance to apply the April 9, 2024 Windows security updates. Please refer to KB5025885 to enable the latest protections: https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocatio...
"
+ }
+ ],
+ "value": "\nConcerned customers can follow Microsoft's guidance to apply the April 9, 2024 Windows security updates. Please refer to KB5025885 to enable the latest protections:\u00a0 https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocatio... https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d \n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lenovo thanks Zammis Clark for reporting this issue."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/23xxx/CVE-2024-23594.json b/2024/23xxx/CVE-2024-23594.json
index 0b3eba92e86..5f5184d2410 100644
--- a/2024/23xxx/CVE-2024-23594.json
+++ b/2024/23xxx/CVE-2024-23594.json
@@ -1,17 +1,106 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23594",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@lenovo.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nA buffer overflow vulnerability was reported\n\nin a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014\n\n\n that could allow a privileged attacker with local access to execute arbitrary code. \n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-121: Stack-based Buffer Overflow",
+ "cweId": "CWE-121"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Lenovo",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Windows 7 and 8 PC Preloads",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "various"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-132277",
+ "refsource": "MISC",
+ "name": "https://support.lenovo.com/us/en/product_security/LEN-132277"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\n\n\nConcerned customers can follow Microsoft's guidance to apply the April 9, 2024 Windows security updates. Please refer to KB5025885 to enable the latest protections: https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocatio...\n\n
"
+ }
+ ],
+ "value": "\n\n\nConcerned customers can follow Microsoft's guidance to apply the April 9, 2024 Windows security updates. Please refer to KB5025885 to enable the latest protections: https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocatio... https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d \n\n https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-23594 \n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lenovo thanks Zammis Clark for reporting this issue."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/24xxx/CVE-2024-24485.json b/2024/24xxx/CVE-2024-24485.json
index bdc940e5c80..e2643aaa998 100644
--- a/2024/24xxx/CVE-2024-24485.json
+++ b/2024/24xxx/CVE-2024-24485.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-24485",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-24485",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2024-24485",
+ "url": "https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2024-24485"
}
]
}
diff --git a/2024/24xxx/CVE-2024-24486.json b/2024/24xxx/CVE-2024-24486.json
index 952046d96f0..879ffb53420 100644
--- a/2024/24xxx/CVE-2024-24486.json
+++ b/2024/24xxx/CVE-2024-24486.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-24486",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-24486",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://raw.githubusercontent.com/MostafaSoliman/Security-Advisories/master/CVE-2024-24486",
+ "url": "https://raw.githubusercontent.com/MostafaSoliman/Security-Advisories/master/CVE-2024-24486"
}
]
}
diff --git a/2024/24xxx/CVE-2024-24487.json b/2024/24xxx/CVE-2024-24487.json
index 2b581e9d636..11efc96aff9 100644
--- a/2024/24xxx/CVE-2024-24487.json
+++ b/2024/24xxx/CVE-2024-24487.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-24487",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-24487",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://raw.githubusercontent.com/MostafaSoliman/Security-Advisories/master/CVE-2024-24487",
+ "url": "https://raw.githubusercontent.com/MostafaSoliman/Security-Advisories/master/CVE-2024-24487"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28556.json b/2024/28xxx/CVE-2024-28556.json
index 57860e27465..64c61c12259 100644
--- a/2024/28xxx/CVE-2024-28556.json
+++ b/2024/28xxx/CVE-2024-28556.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-28556",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-28556",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/xuanluansec/vul/blob/main/vul/1/README.md",
+ "refsource": "MISC",
+ "name": "https://github.com/xuanluansec/vul/blob/main/vul/1/README.md"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/xuanluansec/vul/issues/1",
+ "url": "https://github.com/xuanluansec/vul/issues/1"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28557.json b/2024/28xxx/CVE-2024-28557.json
index 68a1fbe81cd..c38c76e5b5b 100644
--- a/2024/28xxx/CVE-2024-28557.json
+++ b/2024/28xxx/CVE-2024-28557.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-28557",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-28557",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/xuanluansec/vul/blob/main/vul/2/README-SQL-2.md",
+ "refsource": "MISC",
+ "name": "https://github.com/xuanluansec/vul/blob/main/vul/2/README-SQL-2.md"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/xuanluansec/vul/issues/2",
+ "url": "https://github.com/xuanluansec/vul/issues/2"
}
]
}
diff --git a/2024/28xxx/CVE-2024-28558.json b/2024/28xxx/CVE-2024-28558.json
index f8097561857..7128fd9a72c 100644
--- a/2024/28xxx/CVE-2024-28558.json
+++ b/2024/28xxx/CVE-2024-28558.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-28558",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-28558",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/xuanluansec/vul/blob/main/vul/sql/sql-3.md",
+ "refsource": "MISC",
+ "name": "https://github.com/xuanluansec/vul/blob/main/vul/sql/sql-3.md"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/xuanluansec/vul/issues/3#issue-2243633522",
+ "url": "https://github.com/xuanluansec/vul/issues/3#issue-2243633522"
}
]
}
diff --git a/2024/2xxx/CVE-2024-2659.json b/2024/2xxx/CVE-2024-2659.json
index 6a793bbfb1b..be61d9c6d26 100644
--- a/2024/2xxx/CVE-2024-2659.json
+++ b/2024/2xxx/CVE-2024-2659.json
@@ -1,17 +1,100 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2659",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@lenovo.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "\nA command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Lenovo",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "SMM, SMM2, FPC",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "various"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-140420",
+ "refsource": "MISC",
+ "name": "https://support.lenovo.com/us/en/product_security/LEN-140420"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "\n\nUpdate \n\nSMM/SMM2 or FPC\n\n to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-140420 \n\n
"
+ }
+ ],
+ "value": "\nUpdate \n\nSMM/SMM2 or FPC\n\n to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-140420 \u00a0 \u00a0\n\n\n"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/2xxx/CVE-2024-2952.json b/2024/2xxx/CVE-2024-2952.json
index c1de039bc1b..6c5550ee822 100644
--- a/2024/2xxx/CVE-2024-2952.json
+++ b/2024/2xxx/CVE-2024-2952.json
@@ -40,9 +40,9 @@
"version": {
"version_data": [
{
- "version_affected": "<=",
+ "version_affected": "<",
"version_name": "unspecified",
- "version_value": "latest"
+ "version_value": "1.34.42"
}
]
}
@@ -59,6 +59,11 @@
"url": "https://huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4",
"refsource": "MISC",
"name": "https://huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4"
+ },
+ {
+ "url": "https://github.com/berriai/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3",
+ "refsource": "MISC",
+ "name": "https://github.com/berriai/litellm/commit/8a1cdc901708b07b7ff4eca20f9cb0f1f0e8d0b3"
}
]
},
diff --git a/2024/31xxx/CVE-2024-31219.json b/2024/31xxx/CVE-2024-31219.json
index 3eb0d902dfb..dc8fff7dca4 100644
--- a/2024/31xxx/CVE-2024-31219.json
+++ b/2024/31xxx/CVE-2024-31219.json
@@ -1,17 +1,90 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31219",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via `whispers_allowed_groups` and reactions are made on whispers on public topics, the contents of the whisper and the reaction data are shown on the `/u/:username/activity/reactions` endpoint.\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
+ "cweId": "CWE-200"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "discourse",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "discourse-reactions",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 0.5"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/discourse/discourse-reactions/security/advisories/GHSA-7cqc-5xrw-xh67",
+ "refsource": "MISC",
+ "name": "https://github.com/discourse/discourse-reactions/security/advisories/GHSA-7cqc-5xrw-xh67"
+ },
+ {
+ "url": "https://github.com/discourse/discourse-reactions/commit/6a5a8dacd7e5cbbbbe7d2288b1df9c1062994dbe",
+ "refsource": "MISC",
+ "name": "https://github.com/discourse/discourse-reactions/commit/6a5a8dacd7e5cbbbbe7d2288b1df9c1062994dbe"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-7cqc-5xrw-xh67",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/3xxx/CVE-2024-3803.json b/2024/3xxx/CVE-2024-3803.json
index 0414748db66..f27d5c16907 100644
--- a/2024/3xxx/CVE-2024-3803.json
+++ b/2024/3xxx/CVE-2024-3803.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3803",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408. This vulnerability affects unknown code of the file /Public/webuploader/0.1.5/server/fileupload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "deu",
+ "value": "In Vesystem Cloud Desktop bis 20240408 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /Public/webuploader/0.1.5/server/fileupload.php. Durch Beeinflussen des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-434 Unrestricted Upload",
+ "cweId": "CWE-434"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Vesystem",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Cloud Desktop",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "20240408"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.260776",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.260776"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.260776",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.260776"
+ },
+ {
+ "url": "https://vuldb.com/?submit.312315",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.312315"
+ },
+ {
+ "url": "https://github.com/h0e4a0r1t/fDGPOeWeaSuyFrWh/blob/main/VESYSTEM%20Cloud%20desktop%20arbitrary%20file%20upload%20vulnerability_fileupload.php.pdf",
+ "refsource": "MISC",
+ "name": "https://github.com/h0e4a0r1t/fDGPOeWeaSuyFrWh/blob/main/VESYSTEM%20Cloud%20desktop%20arbitrary%20file%20upload%20vulnerability_fileupload.php.pdf"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "H0e4a0r1t (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 6.5,
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2024/3xxx/CVE-2024-3849.json b/2024/3xxx/CVE-2024-3849.json
new file mode 100644
index 00000000000..6f3426638e7
--- /dev/null
+++ b/2024/3xxx/CVE-2024-3849.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-3849",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file