From 3a1d2b5f6ebaed879bb4ff61e4a262409ff5ef53 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 7 Nov 2024 18:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20457.json | 66 ++++++++++++-- 2019/20xxx/CVE-2019-20458.json | 61 +++++++++++-- 2019/20xxx/CVE-2019-20459.json | 61 +++++++++++-- 2020/11xxx/CVE-2020-11916.json | 56 ++++++++++-- 2020/11xxx/CVE-2020-11917.json | 56 ++++++++++-- 2020/11xxx/CVE-2020-11918.json | 56 ++++++++++-- 2020/11xxx/CVE-2020-11919.json | 56 ++++++++++-- 2020/11xxx/CVE-2020-11921.json | 56 ++++++++++-- 2020/11xxx/CVE-2020-11926.json | 56 ++++++++++-- 2024/10xxx/CVE-2024-10965.json | 159 ++++++++++++++++++++++++++++++++- 2024/10xxx/CVE-2024-10974.json | 18 ++++ 2024/45xxx/CVE-2024-45794.json | 76 +++++++++++++++- 2024/47xxx/CVE-2024-47073.json | 58 +++++++++++- 2024/48xxx/CVE-2024-48290.json | 61 +++++++++++-- 2024/51xxx/CVE-2024-51428.json | 61 +++++++++++-- 2024/51xxx/CVE-2024-51758.json | 63 ++++++++++++- 2024/51xxx/CVE-2024-51989.json | 76 +++++++++++++++- 2024/51xxx/CVE-2024-51993.json | 76 +++++++++++++++- 2024/51xxx/CVE-2024-51994.json | 76 +++++++++++++++- 2024/51xxx/CVE-2024-51995.json | 76 +++++++++++++++- 20 files changed, 1226 insertions(+), 98 deletions(-) create mode 100644 2024/10xxx/CVE-2024-10974.json diff --git a/2019/20xxx/CVE-2019-20457.json b/2019/20xxx/CVE-2019-20457.json index 934812787b4..21dfbde4b0f 100644 --- a/2019/20xxx/CVE-2019-20457.json +++ b/2019/20xxx/CVE-2019-20457.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20457", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20457", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD5 hash of the password in hexadecimal. An attacker can easily derive the true MD5 hash from this, and use offline cracking attacks to obtain administrative access to the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://global.brother", + "refsource": "MISC", + "name": "https://global.brother" + }, + { + "refsource": "CONFIRM", + "name": "https://support.brother.com/g/s/security/en/index.html", + "url": "https://support.brother.com/g/s/security/en/index.html" + }, + { + "refsource": "FULLDISC", + "name": "20240729 Bunch of IoT CVEs", + "url": "https://seclists.org/fulldisclosure/2024/Jul/14" } ] } diff --git a/2019/20xxx/CVE-2019-20458.json b/2019/20xxx/CVE-2019-20458.json index 231734208bb..586fd06fe4e 100644 --- a/2019/20xxx/CVE-2019-20458.json +++ b/2019/20xxx/CVE-2019-20458.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20458", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20458", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a password. The user is at no point prompted to set up a password on the device (leaving a number of devices without a password). In this case, anyone connecting to the web admin panel is capable of becoming admin without using any credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://epson.com/Support/wa00826", + "url": "https://epson.com/Support/wa00826" + }, + { + "refsource": "FULLDISC", + "name": "20240729 Bunch of IoT CVEs", + "url": "https://seclists.org/fulldisclosure/2024/Jul/14" } ] } diff --git a/2019/20xxx/CVE-2019-20459.json b/2019/20xxx/CVE-2019-20459.json index b49baefed79..04d79e1844f 100644 --- a/2019/20xxx/CVE-2019-20459.json +++ b/2019/20xxx/CVE-2019-20459.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20459", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20459", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. With the SNMPv1 public community, all values can be read, and with the epson community, all the changeable values can be written/updated, as demonstrated by permanently disabling the network card or changing the DNS servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://epson.com/Support/wa00826", + "url": "https://epson.com/Support/wa00826" + }, + { + "refsource": "FULLDISC", + "name": "20240729 Bunch of IoT CVEs", + "url": "https://seclists.org/fulldisclosure/2024/Jul/14" } ] } diff --git a/2020/11xxx/CVE-2020-11916.json b/2020/11xxx/CVE-2020-11916.json index 8d7e2950257..7b6b210a4f8 100644 --- a/2020/11xxx/CVE-2020-11916.json +++ b/2020/11xxx/CVE-2020-11916.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11916", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11916", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20240729 Bunch of IoT CVEs", + "url": "https://seclists.org/fulldisclosure/2024/Jul/14" } ] } diff --git a/2020/11xxx/CVE-2020-11917.json b/2020/11xxx/CVE-2020-11917.json index 3309af26d29..0afe651f8ca 100644 --- a/2020/11xxx/CVE-2020-11917.json +++ b/2020/11xxx/CVE-2020-11917.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11917", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11917", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, which makes it easier for remote attackers to discover the physical locations of many Siime Eye devices, violating the privacy of users who do not wish to disclose their ownership of this type of device. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20240729 Bunch of IoT CVEs", + "url": "https://seclists.org/fulldisclosure/2024/Jul/14" } ] } diff --git a/2020/11xxx/CVE-2020-11918.json b/2020/11xxx/CVE-2020-11918.json index 17b878b0992..2df779c8ea4 100644 --- a/2020/11xxx/CVE-2020-11918.json +++ b/2020/11xxx/CVE-2020-11918.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11918", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11918", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20240729 Bunch of IoT CVEs", + "url": "https://seclists.org/fulldisclosure/2024/Jul/14" } ] } diff --git a/2020/11xxx/CVE-2020-11919.json b/2020/11xxx/CVE-2020-11919.json index 17b5dd096d3..f19d085193e 100644 --- a/2020/11xxx/CVE-2020-11919.json +++ b/2020/11xxx/CVE-2020-11919.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11919", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11919", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20240729 Bunch of IoT CVEs", + "url": "https://seclists.org/fulldisclosure/2024/Jul/14" } ] } diff --git a/2020/11xxx/CVE-2020-11921.json b/2020/11xxx/CVE-2020-11921.json index 64fa6335ee3..f30e96cb936 100644 --- a/2020/11xxx/CVE-2020-11921.json +++ b/2020/11xxx/CVE-2020-11921.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11921", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11921", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Lush 2 through 2020-02-25. Due to the lack of Bluetooth traffic encryption, it is possible to hijack an ongoing Bluetooth connection between the Lush 2 and a mobile phone. This allows an attacker to gain full control over the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20240729 Bunch of IoT CVEs", + "url": "https://seclists.org/fulldisclosure/2024/Jul/14" } ] } diff --git a/2020/11xxx/CVE-2020-11926.json b/2020/11xxx/CVE-2020-11926.json index c42bde6b188..3790cd053ac 100644 --- a/2020/11xxx/CVE-2020-11926.json +++ b/2020/11xxx/CVE-2020-11926.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11926", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11926", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Clients can authenticate themselves to the device using a username and password. These credentials can be obtained through an unauthenticated web request, e.g., for a JavaScript file. Also, the disclosed information includes the SSID and WPA2 key for the Wi-Fi network the device is connected to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20240729 Bunch of IoT CVEs", + "url": "https://seclists.org/fulldisclosure/2024/Jul/14" } ] } diff --git a/2024/10xxx/CVE-2024-10965.json b/2024/10xxx/CVE-2024-10965.json index ffcca6b9a64..7c2dae062b6 100644 --- a/2024/10xxx/CVE-2024-10965.json +++ b/2024/10xxx/CVE-2024-10965.json @@ -1,17 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10965", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The patch is named c9ce39747e0372aaa2157b2b56174914a12c06d8. It is recommended to apply a patch to fix this issue." + }, + { + "lang": "deu", + "value": "In emqx neuron bis 2.10.0 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /api/v2/schema der Komponente JSON File Handler. Durch das Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Patch wird als c9ce39747e0372aaa2157b2b56174914a12c06d8 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure", + "cweId": "CWE-200" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "emqx", + "product": { + "product_data": [ + { + "product_name": "neuron", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + }, + { + "version_affected": "=", + "version_value": "2.2" + }, + { + "version_affected": "=", + "version_value": "2.3" + }, + { + "version_affected": "=", + "version_value": "2.4" + }, + { + "version_affected": "=", + "version_value": "2.5" + }, + { + "version_affected": "=", + "version_value": "2.6" + }, + { + "version_affected": "=", + "version_value": "2.7" + }, + { + "version_affected": "=", + "version_value": "2.8" + }, + { + "version_affected": "=", + "version_value": "2.9" + }, + { + "version_affected": "=", + "version_value": "2.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.283411", + "refsource": "MISC", + "name": "https://vuldb.com/?id.283411" + }, + { + "url": "https://vuldb.com/?ctiid.283411", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.283411" + }, + { + "url": "https://vuldb.com/?submit.435375", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.435375" + }, + { + "url": "https://github.com/emqx/neuron/issues/2281", + "refsource": "MISC", + "name": "https://github.com/emqx/neuron/issues/2281" + }, + { + "url": "https://github.com/emqx/neuron/pull/2282", + "refsource": "MISC", + "name": "https://github.com/emqx/neuron/pull/2282" + }, + { + "url": "https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8", + "refsource": "MISC", + "name": "https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "susu199 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N" } ] } diff --git a/2024/10xxx/CVE-2024-10974.json b/2024/10xxx/CVE-2024-10974.json new file mode 100644 index 00000000000..3b13d798a31 --- /dev/null +++ b/2024/10xxx/CVE-2024-10974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/45xxx/CVE-2024-45794.json b/2024/45xxx/CVE-2024-45794.json index 7c11aef9f5b..e4876336403 100644 --- a/2024/45xxx/CVE-2024-45794.json +++ b/2024/45xxx/CVE-2024-45794.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45794", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "devtron-labs", + "product": { + "product_data": [ + { + "product_name": "devtron", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/devtron-labs/devtron/security/advisories/GHSA-q78v-cv36-8fxj", + "refsource": "MISC", + "name": "https://github.com/devtron-labs/devtron/security/advisories/GHSA-q78v-cv36-8fxj" + } + ] + }, + "source": { + "advisory": "GHSA-q78v-cv36-8fxj", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/47xxx/CVE-2024-47073.json b/2024/47xxx/CVE-2024-47073.json index 4b58309cb25..dd952a82914 100644 --- a/2024/47xxx/CVE-2024-47073.json +++ b/2024/47xxx/CVE-2024-47073.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47073", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Improper Verification of Cryptographic Signature", + "cweId": "CWE-347" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dataease", + "product": { + "product_data": [ + { + "product_name": "dataease", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.10.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dataease/dataease/security/advisories/GHSA-5jr4-wrm2-xj36", + "refsource": "MISC", + "name": "https://github.com/dataease/dataease/security/advisories/GHSA-5jr4-wrm2-xj36" + } + ] + }, + "source": { + "advisory": "GHSA-5jr4-wrm2-xj36", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/48xxx/CVE-2024-48290.json b/2024/48xxx/CVE-2024-48290.json index 0830ca82b7a..ce85bc48d2b 100644 --- a/2024/48xxx/CVE-2024-48290.json +++ b/2024/48xxx/CVE-2024-48290.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48290", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48290", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://realtek.com", + "refsource": "MISC", + "name": "http://realtek.com" + }, + { + "refsource": "MISC", + "name": "https://gitee.com/guozhi123456/vulnerability-Report/blob/master/Realtek/Realtek.md", + "url": "https://gitee.com/guozhi123456/vulnerability-Report/blob/master/Realtek/Realtek.md" } ] } diff --git a/2024/51xxx/CVE-2024-51428.json b/2024/51xxx/CVE-2024-51428.json index 6dcf8e918c5..d80b7b275a4 100644 --- a/2024/51xxx/CVE-2024-51428.json +++ b/2024/51xxx/CVE-2024-51428.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-51428", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-51428", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a crafted data channel packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/espressif/esp-idf", + "refsource": "MISC", + "name": "https://github.com/espressif/esp-idf" + }, + { + "refsource": "MISC", + "name": "https://gitee.com/guozhi123456/vulnerability-Report/blob/master/Esp/Accept_Invaild_Address.md", + "url": "https://gitee.com/guozhi123456/vulnerability-Report/blob/master/Esp/Accept_Invaild_Address.md" } ] } diff --git a/2024/51xxx/CVE-2024-51758.json b/2024/51xxx/CVE-2024-51758.json index 0c91617f9e6..e447ccec039 100644 --- a/2024/51xxx/CVE-2024-51758.json +++ b/2024/51xxx/CVE-2024-51758.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51758", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the `default_filesystem_disk` config option. This allows the user to easily swap their storage driver to something production-ready like `s3` when deploying their app, without having to touch multiple configuration options and potentially forgetting about some. The default disk is set to `public` when you first install Filament, since this allows users to quickly get started developing with a functional disk that allows features such as file upload previews locally without the need to set up an S3 disk with temporary URL support. However, some features of Filament such as exports also rely on storage, and the files that are stored contain data that should often not be public. This is not an issue for the many deployed applications, since many use a secure default disk such as S3 in production. However, [CWE-1188](https://cwe.mitre.org/data/definitions/1188.html) suggests that having the `public` disk as the default disk in Filament is a security vulnerability itself. As such, we have implemented a measure to protect users whereby if the `public` disk is set as the default disk, the exports feature will automatically swap it out for the `local` disk, if that exists. Users who set the default disk to `local` or `s3` already are not affected. If a user wants to continue to use the `public` disk for exports, they can by setting the export disk deliberately. This change has been included in the 3.2.123 release and all users who use the `public` disk are advised to upgrade." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1188: Insecure Default Initialization of Resource", + "cweId": "CWE-1188" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "filamentphp", + "product": { + "product_data": [ + { + "product_name": "filament", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.2.0, < 3.2.123" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/filamentphp/filament/security/advisories/GHSA-4hxw-gc2q-f6f3", + "refsource": "MISC", + "name": "https://github.com/filamentphp/filament/security/advisories/GHSA-4hxw-gc2q-f6f3" + }, + { + "url": "https://filamentphp.com/docs/3.x/actions/prebuilt-actions/export#customizing-the-storage-disk", + "refsource": "MISC", + "name": "https://filamentphp.com/docs/3.x/actions/prebuilt-actions/export#customizing-the-storage-disk" + } + ] + }, + "source": { + "advisory": "GHSA-4hxw-gc2q-f6f3", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/51xxx/CVE-2024-51989.json b/2024/51xxx/CVE-2024-51989.json index 9831358f272..5a077e6b11c 100644 --- a/2024/51xxx/CVE-2024-51989.json +++ b/2024/51xxx/CVE-2024-51989.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51989", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting (XSS) vulnerability was identified in the PasswordPusher application, affecting versions `v1.41.1` through and including `v.1.48.0`. The issue arises from an un-sanitized parameter which could allow attackers to inject malicious JavaScript into the application. Users who self-host and have the login system enabled are affected. Exploitation of this vulnerability could expose user data, access to user sessions or take unintended actions on behalf of users. To exploit this vulnerability, an attacker would need to convince a user to click a malicious account confirmation link. It is highly recommended to update to version `v1.48.1` or later to mitigate this risk. There are no known workarounds for this vulnerability.\n\n### Solution\n\nUpdate to version `v1.48.1` or later where input sanitization has been applied to the account confirmation process. If updating is not immediately possible," + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pglombardo", + "product": { + "product_data": [ + { + "product_name": "PasswordPusher", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.41.1, <= 1.48.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pglombardo/PasswordPusher/security/advisories/GHSA-5chg-cq29-gfqf", + "refsource": "MISC", + "name": "https://github.com/pglombardo/PasswordPusher/security/advisories/GHSA-5chg-cq29-gfqf" + } + ] + }, + "source": { + "advisory": "GHSA-5chg-cq29-gfqf", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/51xxx/CVE-2024-51993.json b/2024/51xxx/CVE-2024-51993.json index 1f63952d597..8886c180899 100644 --- a/2024/51xxx/CVE-2024-51993.json +++ b/2024/51xxx/CVE-2024-51993.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51993", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their backups independently of the iTop application.\n\n### Patches\nSanitize parameter\n\n### References\nN\u00b07631 - Password is stored in clear in the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312: Cleartext Storage of Sensitive Information", + "cweId": "CWE-312" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Combodo", + "product": { + "product_data": [ + { + "product_name": "iTop", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-9mq5-349x-x427", + "refsource": "MISC", + "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-9mq5-349x-x427" + } + ] + }, + "source": { + "advisory": "GHSA-9mq5-349x-x427", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.4, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" } ] } diff --git a/2024/51xxx/CVE-2024-51994.json b/2024/51xxx/CVE-2024-51994.json index 76384444ec6..ab36fa560c5 100644 --- a/2024/51xxx/CVE-2024-51994.json +++ b/2024/51xxx/CVE-2024-51994.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51994", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Combodo iTop is a web based IT Service Management tool. In affected versions uploading a text file containing some java script in the portal will trigger an Cross-site Scripting (XSS) vulnerability. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Combodo", + "product": { + "product_data": [ + { + "product_name": "iTop", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-jjph-c25g-5c7g", + "refsource": "MISC", + "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-jjph-c25g-5c7g" + } + ] + }, + "source": { + "advisory": "GHSA-jjph-c25g-5c7g", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" } ] } diff --git a/2024/51xxx/CVE-2024-51995.json b/2024/51xxx/CVE-2024-51995.json index d5e650481b4..d646ef7f384 100644 --- a/2024/51xxx/CVE-2024-51995.json +++ b/2024/51xxx/CVE-2024-51995.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51995", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Combodo iTop is a web based IT Service Management tool. An attacker can request any `route` we want as long as we specify an `operation` that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in `UI.php` to the `ajax.render.php` page which does not allow arbitrary `routes` to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Combodo", + "product": { + "product_data": [ + { + "product_name": "iTop", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9", + "refsource": "MISC", + "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-3mxr-8r3j-j2j9" + } + ] + }, + "source": { + "advisory": "GHSA-3mxr-8r3j-j2j9", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", + "version": "3.0" } ] }