From 3f85b3051a8e8c090e61fa08e3d5bff059bb663b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 17 Jun 2024 15:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/1xxx/CVE-2024-1469.json | 8 ++-- 2024/36xxx/CVE-2024-36582.json | 56 ++++++++++++++++++++--- 2024/37xxx/CVE-2024-37158.json | 81 ++++++++++++++++++++++++++++++++-- 2024/37xxx/CVE-2024-37159.json | 81 ++++++++++++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6069.json | 18 ++++++++ 2024/6xxx/CVE-2024-6070.json | 18 ++++++++ 6 files changed, 244 insertions(+), 18 deletions(-) create mode 100644 2024/6xxx/CVE-2024-6069.json create mode 100644 2024/6xxx/CVE-2024-6070.json diff --git a/2024/1xxx/CVE-2024-1469.json b/2024/1xxx/CVE-2024-1469.json index 1c514201bb5..4b39af31840 100644 --- a/2024/1xxx/CVE-2024-1469.json +++ b/2024/1xxx/CVE-2024-1469.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1469", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Duplicate assignment. Please use CVE-2024-0845 instead." } ] } diff --git a/2024/36xxx/CVE-2024-36582.json b/2024/36xxx/CVE-2024-36582.json index 2268f724f19..b601385f1ef 100644 --- a/2024/36xxx/CVE-2024-36582.json +++ b/2024/36xxx/CVE-2024-36582.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36582", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36582", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://gist.github.com/mestrtee/9fe4d3a862c62ce6b2b0d20d4c5fd346", + "url": "https://gist.github.com/mestrtee/9fe4d3a862c62ce6b2b0d20d4c5fd346" } ] } diff --git a/2024/37xxx/CVE-2024-37158.json b/2024/37xxx/CVE-2024-37158.json index f0023cbda9d..91583e8f67e 100644 --- a/2024/37xxx/CVE-2024-37158.json +++ b/2024/37xxx/CVE-2024-37158.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37158", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks performed on the two implementation are different. The vulnerability discovered allowed a clawback account to bypass Cosmos ante handler checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos SDK module. This vulnerability is fixed in 18.0.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-691: Insufficient Control Flow Management", + "cweId": "CWE-691" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "evmos", + "product": { + "product_data": [ + { + "product_name": "evmos", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 18.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v", + "refsource": "MISC", + "name": "https://github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v" + }, + { + "url": "https://github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb", + "refsource": "MISC", + "name": "https://github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb" + } + ] + }, + "source": { + "advisory": "GHSA-ggwx-q94m-rg27", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/37xxx/CVE-2024-37159.json b/2024/37xxx/CVE-2024-37159.json index 02aff4c6667..b91e511ef3c 100644 --- a/2024/37xxx/CVE-2024-37159.json +++ b/2024/37xxx/CVE-2024-37159.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37159", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. This vulnerability allowed a user to create a validator using vested tokens to deposit the self-bond. This vulnerability is fixed in 18.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "evmos", + "product": { + "product_data": [ + { + "product_name": "evmos", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 18.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v", + "refsource": "MISC", + "name": "https://github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v" + }, + { + "url": "https://github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb", + "refsource": "MISC", + "name": "https://github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb" + } + ] + }, + "source": { + "advisory": "GHSA-7279-5h9p-4288", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/6xxx/CVE-2024-6069.json b/2024/6xxx/CVE-2024-6069.json new file mode 100644 index 00000000000..5cf8580e161 --- /dev/null +++ b/2024/6xxx/CVE-2024-6069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6070.json b/2024/6xxx/CVE-2024-6070.json new file mode 100644 index 00000000000..8c5b33c7fbb --- /dev/null +++ b/2024/6xxx/CVE-2024-6070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file