diff --git a/2024/11xxx/CVE-2024-11723.json b/2024/11xxx/CVE-2024-11723.json new file mode 100644 index 00000000000..a8661dbbdda --- /dev/null +++ b/2024/11xxx/CVE-2024-11723.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11723", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11724.json b/2024/11xxx/CVE-2024-11724.json new file mode 100644 index 00000000000..20ffbd1d215 --- /dev/null +++ b/2024/11xxx/CVE-2024-11724.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11724", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11725.json b/2024/11xxx/CVE-2024-11725.json new file mode 100644 index 00000000000..879e23dd0e9 --- /dev/null +++ b/2024/11xxx/CVE-2024-11725.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11725", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11726.json b/2024/11xxx/CVE-2024-11726.json new file mode 100644 index 00000000000..94bbffa63cb --- /dev/null +++ b/2024/11xxx/CVE-2024-11726.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11726", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50671.json b/2024/50xxx/CVE-2024-50671.json index c62288c16c8..2bebda12eb9 100644 --- a/2024/50xxx/CVE-2024-50671.json +++ b/2024/50xxx/CVE-2024-50671.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-50671", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-50671", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the \"Get users\" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs grants unintended access to endpoints restricted to users with Super Admin roles. This makes it possible for attackers to disclose the email addresses of all users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/adaptlearning/adapt_authoring", + "refsource": "MISC", + "name": "https://github.com/adaptlearning/adapt_authoring" + }, + { + "refsource": "MISC", + "name": "https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-50671", + "url": "https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-50671" } ] } diff --git a/2024/50xxx/CVE-2024-50672.json b/2024/50xxx/CVE-2024-50672.json index e11d61717bd..fdd617a3c7e 100644 --- a/2024/50xxx/CVE-2024-50672.json +++ b/2024/50xxx/CVE-2024-50672.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-50672", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-50672", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the \"Reset password\" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in Mongoose's find() function. This makes it possible for attackers to perform a full takeover of the administrator account. Attackers can then use the newly gained administrative privileges to upload a custom plugin to perform remote code execution (RCE) on the server hosting the web application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/adaptlearning/adapt_authoring", + "refsource": "MISC", + "name": "https://github.com/adaptlearning/adapt_authoring" + }, + { + "refsource": "MISC", + "name": "https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-50672", + "url": "https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-50672" } ] } diff --git a/2024/53xxx/CVE-2024-53556.json b/2024/53xxx/CVE-2024-53556.json index 3cdcc2a3989..b24d14dda72 100644 --- a/2024/53xxx/CVE-2024-53556.json +++ b/2024/53xxx/CVE-2024-53556.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53556", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53556", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websites via appending a crafted link to /login?next= in the login page URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1CIr8oHSF4JaqOn51wIhyZyvsCtlX0Q_e/view?usp=drive_link", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1CIr8oHSF4JaqOn51wIhyZyvsCtlX0Q_e/view?usp=drive_link" + }, + { + "refsource": "MISC", + "name": "https://gist.githubusercontent.com/Tommywarren/b42479a048aa8ef11a63a76d14403443/raw/e24c1003accf8daf2e840b7c67d2f0ab30bdd3e6/CVE-2024-53556", + "url": "https://gist.githubusercontent.com/Tommywarren/b42479a048aa8ef11a63a76d14403443/raw/e24c1003accf8daf2e840b7c67d2f0ab30bdd3e6/CVE-2024-53556" } ] } diff --git a/2024/53xxx/CVE-2024-53977.json b/2024/53xxx/CVE-2024-53977.json new file mode 100644 index 00000000000..69eaad3d89d --- /dev/null +++ b/2024/53xxx/CVE-2024-53977.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53977", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file