diff --git a/2021/42xxx/CVE-2021-42718.json b/2021/42xxx/CVE-2021-42718.json index c3d64fbca24..d7ba5c738e9 100644 --- a/2021/42xxx/CVE-2021-42718.json +++ b/2021/42xxx/CVE-2021-42718.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@replicated.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions with environment variables through the Admin Console API on port 8800.\n\nThis CVE was originally reserved in 2021 and later publicly disclosed by Replicated on their website on 21 October 2021. However, it mistakenly remained in the Reserved But Public (RBP) status with the CVE Numbering Authority (CNA). Please note that this product reached its end of life on 31 December 2024. Publishing this CVE with the CNA was required to comply with CNA rules, despite the fact that the issue was disclosed and fixed four years ago, and the affected product is no longer supported as of 2024.\n\nSummary of VulnerabilityThis advisory discloses a low severity security vulnerability in the versions of Replicated Classic listed above (\u201cAffected Replicated Classic Versions\u201d)\n\nDescriptionReplicated Classic versions prior to 2.53.1 have an authenticated API from the Replicated Admin Console that may expose sensitive data including application secrets, depending on how the application manifests are written. A user with valid credentials and access to the Admin Console port (8800) on the Replicated Classic server can retrieve container definitions including environment variables which may contain passwords and other secrets depending on how the application is configured.\n\nThis data is shared over authenticated sessions to the Admin Console only, and was never displayed or used in the application processing. To remediate this issue, we removed the sensitive data from the API, sending only the data to the Admin Console that was needed.\n\nTimelineThis issue was discovered during a security review on 16 September 2021.\nPatched versions were released on 23 September 2021.\nThis advisory was published on 21 October 2021.\n\n\nThe CVE Numbering Authority (CNA) notified Replicated on 23 January 2025 that the CVE was still in Reserved But Public (RBP) status. Upon discovering the oversight in updating the status to published with the CNA, Replicated submitted the updated report on the same day, 23 January 2025." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Replicated", + "product": { + "product_data": [ + { + "product_name": "Replicated Classic", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.53.0", + "version_value": "2.53.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.replicated.com/cve-2021-42718", + "refsource": "MISC", + "name": "https://www.replicated.com/cve-2021-42718" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2023/46xxx/CVE-2023-46400.json b/2023/46xxx/CVE-2023-46400.json index e7bf65d5797..361d3b3668a 100644 --- a/2023/46xxx/CVE-2023-46400.json +++ b/2023/46xxx/CVE-2023-46400.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46400", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46400", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/6en6ar/5d39374d6ced8acbe489e0b1b932d056", + "url": "https://gist.github.com/6en6ar/5d39374d6ced8acbe489e0b1b932d056" } ] } diff --git a/2023/46xxx/CVE-2023-46401.json b/2023/46xxx/CVE-2023-46401.json index 0d1d9e19838..d690b7fb9d2 100644 --- a/2023/46xxx/CVE-2023-46401.json +++ b/2023/46xxx/CVE-2023-46401.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46401", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46401", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/6en6ar/5d39374d6ced8acbe489e0b1b932d056", + "url": "https://gist.github.com/6en6ar/5d39374d6ced8acbe489e0b1b932d056" } ] } diff --git a/2024/50xxx/CVE-2024-50664.json b/2024/50xxx/CVE-2024-50664.json index 786106dc7e9..10ece7dffa8 100644 --- a/2024/50xxx/CVE-2024-50664.json +++ b/2024/50xxx/CVE-2024-50664.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-50664", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-50664", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gpac/gpac/issues/2988", + "refsource": "MISC", + "name": "https://github.com/gpac/gpac/issues/2988" } ] } diff --git a/2024/50xxx/CVE-2024-50665.json b/2024/50xxx/CVE-2024-50665.json index d36ac25b84c..46c4e09d385 100644 --- a/2024/50xxx/CVE-2024-50665.json +++ b/2024/50xxx/CVE-2024-50665.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-50665", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-50665", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gpac/gpac/issues/2987", + "refsource": "MISC", + "name": "https://github.com/gpac/gpac/issues/2987" } ] } diff --git a/2024/53xxx/CVE-2024-53379.json b/2024/53xxx/CVE-2024-53379.json index b510f54fc50..fa6e2e66d74 100644 --- a/2024/53xxx/CVE-2024-53379.json +++ b/2024/53xxx/CVE-2024-53379.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53379", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53379", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC's SharkSSL version (from 05/05/24) commit 64808a5e12c83b38f85c943dee0112e428dc2a43 allows a remote attacker to trigger a Denial-of-Service via a malformed Client-Hello message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.telekom.com/resource/blob/1086326/e6e800ec1e4e675ca0d8fdafab86ea8c/dl-250122-cve-2024-53379-data.pdf", + "url": "https://www.telekom.com/resource/blob/1086326/e6e800ec1e4e675ca0d8fdafab86ea8c/dl-250122-cve-2024-53379-data.pdf" } ] } diff --git a/2024/53xxx/CVE-2024-53923.json b/2024/53xxx/CVE-2024-53923.json index d7c7de97d5a..c1ac55a9fde 100644 --- a/2024/53xxx/CVE-2024-53923.json +++ b/2024/53xxx/CVE-2024-53923.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53923", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53923", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to achieve SQL injection in the form to upload media." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/releases", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/releases" + }, + { + "refsource": "CONFIRM", + "name": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-53923-centreon-web-critical-severity-4265", + "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-53923-centreon-web-critical-severity-4265" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2024/55xxx/CVE-2024-55192.json b/2024/55xxx/CVE-2024-55192.json index ce0c42297fa..8af698010c4 100644 --- a/2024/55xxx/CVE-2024-55192.json +++ b/2024/55xxx/CVE-2024-55192.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55192", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55192", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4550", + "refsource": "MISC", + "name": "https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4550" } ] } diff --git a/2024/55xxx/CVE-2024-55193.json b/2024/55xxx/CVE-2024-55193.json index 343d59b3cf8..2778fb48449 100644 --- a/2024/55xxx/CVE-2024-55193.json +++ b/2024/55xxx/CVE-2024-55193.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55193", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55193", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4551", + "refsource": "MISC", + "name": "https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4551" } ] } diff --git a/2024/55xxx/CVE-2024-55194.json b/2024/55xxx/CVE-2024-55194.json index 58d0a89f3ac..6960855b966 100644 --- a/2024/55xxx/CVE-2024-55194.json +++ b/2024/55xxx/CVE-2024-55194.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55194", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55194", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4552", + "refsource": "MISC", + "name": "https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4552" } ] } diff --git a/2024/55xxx/CVE-2024-55195.json b/2024/55xxx/CVE-2024-55195.json index 637d8b66d1e..f88855ba84c 100644 --- a/2024/55xxx/CVE-2024-55195.json +++ b/2024/55xxx/CVE-2024-55195.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55195", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55195", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4553", + "refsource": "MISC", + "name": "https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4553" } ] } diff --git a/2024/55xxx/CVE-2024-55573.json b/2024/55xxx/CVE-2024-55573.json index 9eaa36b83e9..cf3cb68f3e5 100644 --- a/2024/55xxx/CVE-2024-55573.json +++ b/2024/55xxx/CVE-2024-55573.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55573", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55573", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL into the form used to create virtual metrics." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/centreon/centreon/releases", + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/releases" + }, + { + "refsource": "CONFIRM", + "name": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55573-centreon-web-critical-severity-4264", + "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55573-centreon-web-critical-severity-4264" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N", + "version": "3.1" + } } } \ No newline at end of file