From 3c23c76d18073ef328d9aaf33ec0c25c88acfff4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 26 Jun 2024 16:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/25xxx/CVE-2024-25637.json | 76 +++++++++++++++++++++++++++-- 2024/28xxx/CVE-2024-28948.json | 18 +++++++ 2024/34xxx/CVE-2024-34542.json | 18 +++++++ 2024/37xxx/CVE-2024-37187.json | 18 +++++++ 2024/38xxx/CVE-2024-38271.json | 66 +++++++++++++++++++++++-- 2024/38xxx/CVE-2024-38272.json | 66 +++++++++++++++++++++++-- 2024/38xxx/CVE-2024-38308.json | 18 +++++++ 2024/39xxx/CVE-2024-39275.json | 18 +++++++ 2024/39xxx/CVE-2024-39364.json | 18 +++++++ 2024/4xxx/CVE-2024-4604.json | 89 ++++++++++++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6353.json | 18 +++++++ 11 files changed, 407 insertions(+), 16 deletions(-) create mode 100644 2024/28xxx/CVE-2024-28948.json create mode 100644 2024/34xxx/CVE-2024-34542.json create mode 100644 2024/37xxx/CVE-2024-37187.json create mode 100644 2024/38xxx/CVE-2024-38308.json create mode 100644 2024/39xxx/CVE-2024-39275.json create mode 100644 2024/39xxx/CVE-2024-39364.json create mode 100644 2024/6xxx/CVE-2024-6353.json diff --git a/2024/25xxx/CVE-2024-25637.json b/2024/25xxx/CVE-2024-25637.json index ef32e5ed4dc..76c6d4235dd 100644 --- a/2024/25xxx/CVE-2024-25637.json +++ b/2024/25xxx/CVE-2024-25637.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy interception tool. This issue has been patched in version 3.5.15.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "octobercms", + "product": { + "product_data": [ + { + "product_name": "october", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.2, < 3.5.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/octobercms/october/security/advisories/GHSA-rjw8-v7rr-r563", + "refsource": "MISC", + "name": "https://github.com/octobercms/october/security/advisories/GHSA-rjw8-v7rr-r563" + } + ] + }, + "source": { + "advisory": "GHSA-rjw8-v7rr-r563", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28948.json b/2024/28xxx/CVE-2024-28948.json new file mode 100644 index 00000000000..d92d7e8ccd8 --- /dev/null +++ b/2024/28xxx/CVE-2024-28948.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28948", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34542.json b/2024/34xxx/CVE-2024-34542.json new file mode 100644 index 00000000000..81e72dabd7f --- /dev/null +++ b/2024/34xxx/CVE-2024-34542.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34542", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/37xxx/CVE-2024-37187.json b/2024/37xxx/CVE-2024-37187.json new file mode 100644 index 00000000000..528004b3fca --- /dev/null +++ b/2024/37xxx/CVE-2024-37187.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-37187", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38271.json b/2024/38xxx/CVE-2024-38271.json index 4ce3c5e4e2d..fb818f380e1 100644 --- a/2024/38xxx/CVE-2024-38271.json +++ b/2024/38xxx/CVE-2024-38271.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38271", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There exists a vulnerability in Quickshare/Nearby where an attacker can force the a victim to stay connected to a temporary hotspot created for the share. As part of the sequence of packets in a QuickShare connection over Bluetooth, the attacker forces the victim to connect to the attacker\u2019s WiFi network and then sends an OfflineFrame that crashes Quick Share.\nThis makes the Wifi connection to the attacker\u2019s network last instead of returning to the old network when the Quick Share session is done allowing the attacker to be a MiTM. We recommend upgrading to version\u00a01.0.1724.0 of Quickshare or above" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Improper Resource Shutdown or Release", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Nearby", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.0.1724.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/google/nearby/pull/2433", + "refsource": "MISC", + "name": "https://github.com/google/nearby/pull/2433" + }, + { + "url": "https://github.com/google/nearby/pull/2435", + "refsource": "MISC", + "name": "https://github.com/google/nearby/pull/2435" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38272.json b/2024/38xxx/CVE-2024-38272.json index c0f2c83a78d..ecdb1cfd603 100644 --- a/2024/38xxx/CVE-2024-38272.json +++ b/2024/38xxx/CVE-2024-38272.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38272", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file dialog on QuickShare Windows.\u00a0Normally in QuickShare Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode.\u00a0We recommend upgrading to version 1.0.1724.0 of Quickshare or above" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-294 Authentication Bypass by Capture-replay", + "cweId": "CWE-294" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Nearby", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.0.1724.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/google/nearby/pull/2589", + "refsource": "MISC", + "name": "https://github.com/google/nearby/pull/2589" + }, + { + "url": "https://github.com/google/nearby/pull/2402", + "refsource": "MISC", + "name": "https://github.com/google/nearby/pull/2402" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38308.json b/2024/38xxx/CVE-2024-38308.json new file mode 100644 index 00000000000..47ab0d1ca62 --- /dev/null +++ b/2024/38xxx/CVE-2024-38308.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38308", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39275.json b/2024/39xxx/CVE-2024-39275.json new file mode 100644 index 00000000000..eb725026215 --- /dev/null +++ b/2024/39xxx/CVE-2024-39275.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39275", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39364.json b/2024/39xxx/CVE-2024-39364.json new file mode 100644 index 00000000000..44089e46133 --- /dev/null +++ b/2024/39xxx/CVE-2024-39364.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39364", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4604.json b/2024/4xxx/CVE-2024-4604.json index bf186b56489..144926caefa 100644 --- a/2024/4xxx/CVE-2024-4604.json +++ b/2024/4xxx/CVE-2024-4604.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magarsus Consultancy SSO (Single Sign On) allows Manipulating Hidden Fields.This issue affects SSO (Single Sign On): from 1.0 before 1.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Magarsus Consultancy", + "product": { + "product_data": [ + { + "product_name": "SSO (Single Sign On)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0", + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-0800", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-24-0800" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TR-24-0800", + "defect": [ + "TR-24-0800" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "\u00d6mer Bar\u0131\u015f EREN" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/6xxx/CVE-2024-6353.json b/2024/6xxx/CVE-2024-6353.json new file mode 100644 index 00000000000..7ad6b26a4cb --- /dev/null +++ b/2024/6xxx/CVE-2024-6353.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6353", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file