From 49d62c3eef521fec699319e57ed8ef4f35dfe1fc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 24 Jun 2024 19:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/5xxx/CVE-2018-5389.json | 103 +++++++++++++++++---------------- 2021/45xxx/CVE-2021-45785.json | 56 ++++++++++++++++-- 2022/26xxx/CVE-2022-26832.json | 2 +- 2024/37xxx/CVE-2024-37732.json | 56 ++++++++++++++++-- 2024/6xxx/CVE-2024-6289.json | 18 ++++++ 2024/6xxx/CVE-2024-6290.json | 18 ++++++ 2024/6xxx/CVE-2024-6291.json | 18 ++++++ 2024/6xxx/CVE-2024-6292.json | 18 ++++++ 2024/6xxx/CVE-2024-6293.json | 18 ++++++ 9 files changed, 245 insertions(+), 62 deletions(-) create mode 100644 2024/6xxx/CVE-2024-6289.json create mode 100644 2024/6xxx/CVE-2024-6290.json create mode 100644 2024/6xxx/CVE-2024-6291.json create mode 100644 2024/6xxx/CVE-2024-6292.json create mode 100644 2024/6xxx/CVE-2024-6293.json diff --git a/2018/5xxx/CVE-2018-5389.json b/2018/5xxx/CVE-2018-5389.json index 487dba65874..9dec29c896e 100644 --- a/2018/5xxx/CVE-2018-5389.json +++ b/2018/5xxx/CVE-2018-5389.json @@ -1,44 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "cert@cert.org", - "ID": "CVE-2018-5389", - "STATE": "PUBLIC", - "TITLE": "Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Internet Key Exchange Protocol", - "version": { - "version_data": [ - { - "affected": "=", - "version_name": "Version 1", - "version_value": "Version 1 Main Mode" - } - ] - } - } - ] - }, - "vendor_name": "Internet Engineering Task Force" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Thanks to Martin Grothe, Joerg Schwenk, and Dennis Felsch of the Ruhr-University Bochum, and Adam Czubak and Marcin Szymanek of the University of Opole for reporting this vulnerability." - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-5389", + "ASSIGNER": "cert@cert.org", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -53,36 +21,73 @@ "description": [ { "lang": "eng", - "value": "CWE-323" + "value": "CWE-521 Weak Password Requirements" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-323 Reusing a Nonce, Key Pair in Encryption" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "strongSwan", + "product": { + "product_data": [ + { + "product_name": "Strongswan", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.5.1" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html", + "url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf", "refsource": "MISC", - "url": "https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html" + "name": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf" }, { - "name": "VU#857035", - "refsource": "CERT-VN", - "url": "https://www.kb.cert.org/vuls/id/857035" + "url": "https://www.kb.cert.org/vuls/id/857035", + "refsource": "MISC", + "name": "https://www.kb.cert.org/vuls/id/857035" }, { - "name": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf", + "url": "https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html", "refsource": "MISC", - "url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf" + "name": "https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html" }, { - "name": "https://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key", + "url": "https://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key", "refsource": "MISC", - "url": "https://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key" + "name": "https://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key" } ] }, + "generator": { + "engine": "VINCE 3.0.4", + "env": "prod", + "origin": "https://cveawg.mitre.org/api/cve/CVE-2018-5389" + }, "source": { "discovery": "UNKNOWN" } diff --git a/2021/45xxx/CVE-2021-45785.json b/2021/45xxx/CVE-2021-45785.json index 347d5164c77..49fb45f148d 100644 --- a/2021/45xxx/CVE-2021-45785.json +++ b/2021/45xxx/CVE-2021-45785.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-45785", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-45785", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://1d8.github.io/cves/cve_2021_45785/", + "url": "https://1d8.github.io/cves/cve_2021_45785/" } ] } diff --git a/2022/26xxx/CVE-2022-26832.json b/2022/26xxx/CVE-2022-26832.json index 53391081722..55f7da5f29d 100644 --- a/2022/26xxx/CVE-2022-26832.json +++ b/2022/26xxx/CVE-2022-26832.json @@ -161,7 +161,7 @@ { "version_affected": "<", "version_name": "3.5.0", - "version_value": "50727.8962" + "version_value": "6.1.50727.8962" } ] } diff --git a/2024/37xxx/CVE-2024-37732.json b/2024/37xxx/CVE-2024-37732.json index 5a925780dde..8e14ead7b04 100644 --- a/2024/37xxx/CVE-2024-37732.json +++ b/2024/37xxx/CVE-2024-37732.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-37732", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-37732", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitee.com/Aa272899/CHG-sec/issues/I9UO7X", + "refsource": "MISC", + "name": "https://gitee.com/Aa272899/CHG-sec/issues/I9UO7X" } ] } diff --git a/2024/6xxx/CVE-2024-6289.json b/2024/6xxx/CVE-2024-6289.json new file mode 100644 index 00000000000..8008818e440 --- /dev/null +++ b/2024/6xxx/CVE-2024-6289.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6289", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6290.json b/2024/6xxx/CVE-2024-6290.json new file mode 100644 index 00000000000..823afa393b9 --- /dev/null +++ b/2024/6xxx/CVE-2024-6290.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6290", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6291.json b/2024/6xxx/CVE-2024-6291.json new file mode 100644 index 00000000000..8f00ec15987 --- /dev/null +++ b/2024/6xxx/CVE-2024-6291.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6291", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6292.json b/2024/6xxx/CVE-2024-6292.json new file mode 100644 index 00000000000..64c86998c87 --- /dev/null +++ b/2024/6xxx/CVE-2024-6292.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6292", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6293.json b/2024/6xxx/CVE-2024-6293.json new file mode 100644 index 00000000000..41fccf3608c --- /dev/null +++ b/2024/6xxx/CVE-2024-6293.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6293", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file