From 4999370a36ecacb15f48f368f74af13b811a901e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 23 Aug 2024 14:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/2xxx/CVE-2023-2414.json | 12 ++- 2024/36xxx/CVE-2024-36514.json | 79 +++++++++++++++++- 2024/36xxx/CVE-2024-36515.json | 79 +++++++++++++++++- 2024/36xxx/CVE-2024-36516.json | 79 +++++++++++++++++- 2024/36xxx/CVE-2024-36517.json | 79 +++++++++++++++++- 2024/43xxx/CVE-2024-43883.json | 148 ++++++++++++++++++++++++++++++++- 2024/5xxx/CVE-2024-5142.json | 4 +- 2024/5xxx/CVE-2024-5466.json | 79 +++++++++++++++++- 2024/5xxx/CVE-2024-5467.json | 79 +++++++++++++++++- 2024/5xxx/CVE-2024-5490.json | 79 +++++++++++++++++- 2024/5xxx/CVE-2024-5556.json | 79 +++++++++++++++++- 2024/5xxx/CVE-2024-5586.json | 79 +++++++++++++++++- 2024/8xxx/CVE-2024-8116.json | 18 ++++ 2024/8xxx/CVE-2024-8117.json | 18 ++++ 2024/8xxx/CVE-2024-8118.json | 18 ++++ 15 files changed, 884 insertions(+), 45 deletions(-) create mode 100644 2024/8xxx/CVE-2024-8116.json create mode 100644 2024/8xxx/CVE-2024-8117.json create mode 100644 2024/8xxx/CVE-2024-8118.json diff --git a/2023/2xxx/CVE-2023-2414.json b/2023/2xxx/CVE-2023-2414.json index fccb2251d19..c1a4ed190e5 100644 --- a/2023/2xxx/CVE-2023-2414.json +++ b/2023/2xxx/CVE-2023-2414.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload media files, and inject malicious JavaScript." + "value": "The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.4.6. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload arbitrary files, and inject malicious JavaScript (before 4.3.2)." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-862 Missing Authorization" + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" } ] } @@ -41,7 +42,7 @@ { "version_affected": "<=", "version_name": "*", - "version_value": "4.2.10" + "version_value": "4.4.6" } ] } @@ -68,6 +69,11 @@ "url": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita", "refsource": "MISC", "name": "https://blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2933915/meeting-scheduler-by-vcita/trunk/vcita-ajax-function.php?contextall=1&old=2924763&old_path=%2Fmeeting-scheduler-by-vcita%2Ftrunk%2Fvcita-ajax-function.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2933915/meeting-scheduler-by-vcita/trunk/vcita-ajax-function.php?contextall=1&old=2924763&old_path=%2Fmeeting-scheduler-by-vcita%2Ftrunk%2Fvcita-ajax-function.php" } ] }, diff --git a/2024/36xxx/CVE-2024-36514.json b/2024/36xxx/CVE-2024-36514.json index 3ebe8129cc0..60cf6449d2c 100644 --- a/2024/36xxx/CVE-2024-36514.json +++ b/2024/36xxx/CVE-2024-36514.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-36514", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@manageengine.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08000 are vulnerable to the authenticated SQL injection in file summary option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ManageEngine", + "product": { + "product_data": [ + { + "product_name": "ADAudit Plus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "8000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-36514.html", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/active-directory-audit/cve-2024-36514.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/36xxx/CVE-2024-36515.json b/2024/36xxx/CVE-2024-36515.json index cfbe1361d69..7085b4c1d21 100644 --- a/2024/36xxx/CVE-2024-36515.json +++ b/2024/36xxx/CVE-2024-36515.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-36515", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@manageengine.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08000 are vulnerable to the authenticated SQL injection in dashboard.\nNote: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ManageEngine", + "product": { + "product_data": [ + { + "product_name": "ADAudit Plus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "8000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-36515.html", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/active-directory-audit/cve-2024-36515.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/36xxx/CVE-2024-36516.json b/2024/36xxx/CVE-2024-36516.json index e19ecea03d0..5e2afe17c93 100644 --- a/2024/36xxx/CVE-2024-36516.json +++ b/2024/36xxx/CVE-2024-36516.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-36516", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@manageengine.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08000 are vulnerable to the authenticated SQL injection in dashboard.\nNote: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ManageEngine", + "product": { + "product_data": [ + { + "product_name": "ADAudit Plus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "8000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-36516.html", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/active-directory-audit/cve-2024-36516.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/36xxx/CVE-2024-36517.json b/2024/36xxx/CVE-2024-36517.json index 39a96ccca8d..e2920ce20cd 100644 --- a/2024/36xxx/CVE-2024-36517.json +++ b/2024/36xxx/CVE-2024-36517.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-36517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@manageengine.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08000 are vulnerable to the authenticated SQL injection in alerts module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ManageEngine", + "product": { + "product_data": [ + { + "product_name": "ADAudit Plus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "8000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-36517.html", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/active-directory-audit/cve-2024-36517.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/43xxx/CVE-2024-43883.json b/2024/43xxx/CVE-2024-43883.json index 00e53d9cf0c..9a199d7b250 100644 --- a/2024/43xxx/CVE-2024-43883.json +++ b/2024/43xxx/CVE-2024-43883.json @@ -1,18 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-43883", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "5a3c473b28ae" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.19.320", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.282", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.224", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.165", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.105", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.46", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10.5", + "lessThanOrEqual": "6.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.11-rc3", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89" + }, + { + "url": "https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80" + }, + { + "url": "https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174" + }, + { + "url": "https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2" + }, + { + "url": "https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14" + }, + { + "url": "https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37" + }, + { + "url": "https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54" + }, + { + "url": "https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a" + } + ] + }, + "generator": { + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5142.json b/2024/5xxx/CVE-2024-5142.json index 5dc990922fd..c712facad76 100644 --- a/2024/5xxx/CVE-2024-5142.json +++ b/2024/5xxx/CVE-2024-5142.json @@ -56,9 +56,9 @@ "references": { "reference_data": [ { - "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2024-5142/", + "url": "https://product.m-files.com/security-advisories/cve-2024-5142/", "refsource": "MISC", - "name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2024-5142/" + "name": "https://product.m-files.com/security-advisories/cve-2024-5142/" } ] }, diff --git a/2024/5xxx/CVE-2024-5466.json b/2024/5xxx/CVE-2024-5466.json index 3750a99781f..1c0df37b46f 100644 --- a/2024/5xxx/CVE-2024-5466.json +++ b/2024/5xxx/CVE-2024-5466.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5466", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@manageengine.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zohocorp ManageEngine OpManager and\u00a0Remote Monitoring and Management versions\u00a0128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ManageEngine", + "product": { + "product_data": [ + { + "product_name": "OpManager, Remote Monitoring and Management", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "128329" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/itom/advisory/cve-2024-5466.html", + "refsource": "MISC", + "name": "https://www.manageengine.com/itom/advisory/cve-2024-5466.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/5xxx/CVE-2024-5467.json b/2024/5xxx/CVE-2024-5467.json index ed2f97ef3b3..602e92fca3f 100644 --- a/2024/5xxx/CVE-2024-5467.json +++ b/2024/5xxx/CVE-2024-5467.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5467", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@manageengine.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08121 are vulnerable to the authenticated SQL injection in account lockout report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ManageEngine", + "product": { + "product_data": [ + { + "product_name": "ADAudit Plus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "8121" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5467.html", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5467.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/5xxx/CVE-2024-5490.json b/2024/5xxx/CVE-2024-5490.json index 76aea93d0e9..0c7c893c8f4 100644 --- a/2024/5xxx/CVE-2024-5490.json +++ b/2024/5xxx/CVE-2024-5490.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5490", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@manageengine.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08000 are vulnerable to the authenticated SQL injection in aggregate reports option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ManageEngine", + "product": { + "product_data": [ + { + "product_name": "ADAudit Plus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "8000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5490.html", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5490.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/5xxx/CVE-2024-5556.json b/2024/5xxx/CVE-2024-5556.json index 09ba4192c9d..40e04891881 100644 --- a/2024/5xxx/CVE-2024-5556.json +++ b/2024/5xxx/CVE-2024-5556.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5556", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@manageengine.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08000 are vulnerable to the authenticated SQL injection in\u00a0reports\u00a0module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ManageEngine", + "product": { + "product_data": [ + { + "product_name": "ADAudit Plus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "8000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5556.html", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5556.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/5xxx/CVE-2024-5586.json b/2024/5xxx/CVE-2024-5586.json index 6df18dbc3c7..8137ddd1887 100644 --- a/2024/5xxx/CVE-2024-5586.json +++ b/2024/5xxx/CVE-2024-5586.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@manageengine.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zohocorp\u00a0ManageEngine\u00a0ADAudit Plus versions below\u00a08121 are vulnerable to the authenticated SQL injection in\u00a0extranet lockouts report\u00a0option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ManageEngine", + "product": { + "product_data": [ + { + "product_name": "ADAudit Plus", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "8000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5586.html", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/active-directory-audit/cve-2024-5586.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8116.json b/2024/8xxx/CVE-2024-8116.json new file mode 100644 index 00000000000..0de5595c45d --- /dev/null +++ b/2024/8xxx/CVE-2024-8116.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8116", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8117.json b/2024/8xxx/CVE-2024-8117.json new file mode 100644 index 00000000000..e9df355b4a3 --- /dev/null +++ b/2024/8xxx/CVE-2024-8117.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8117", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8118.json b/2024/8xxx/CVE-2024-8118.json new file mode 100644 index 00000000000..40e34a0c691 --- /dev/null +++ b/2024/8xxx/CVE-2024-8118.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8118", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file