From 4e7161e67b698a0a28931363283083795c4ebc5b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 11 Oct 2024 19:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/43xxx/CVE-2024-43483.json | 2 +- 2024/43xxx/CVE-2024-43484.json | 2 +- 2024/47xxx/CVE-2024-47331.json | 113 +++++++++++++++++++++++++++++++-- 2024/47xxx/CVE-2024-47353.json | 113 +++++++++++++++++++++++++++++++-- 2024/48xxx/CVE-2024-48020.json | 113 +++++++++++++++++++++++++++++++-- 2024/48xxx/CVE-2024-48033.json | 85 +++++++++++++++++++++++-- 2024/48xxx/CVE-2024-48040.json | 113 +++++++++++++++++++++++++++++++-- 2024/48xxx/CVE-2024-48041.json | 113 +++++++++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8912.json | 101 +++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9876.json | 18 ++++++ 2024/9xxx/CVE-2024-9877.json | 18 ++++++ 2024/9xxx/CVE-2024-9878.json | 18 ++++++ 2024/9xxx/CVE-2024-9879.json | 18 ++++++ 2024/9xxx/CVE-2024-9880.json | 18 ++++++ 2024/9xxx/CVE-2024-9881.json | 18 ++++++ 2024/9xxx/CVE-2024-9882.json | 18 ++++++ 2024/9xxx/CVE-2024-9883.json | 18 ++++++ 2024/9xxx/CVE-2024-9884.json | 18 ++++++ 2024/9xxx/CVE-2024-9885.json | 18 ++++++ 19 files changed, 905 insertions(+), 30 deletions(-) create mode 100644 2024/9xxx/CVE-2024-9876.json create mode 100644 2024/9xxx/CVE-2024-9877.json create mode 100644 2024/9xxx/CVE-2024-9878.json create mode 100644 2024/9xxx/CVE-2024-9879.json create mode 100644 2024/9xxx/CVE-2024-9880.json create mode 100644 2024/9xxx/CVE-2024-9881.json create mode 100644 2024/9xxx/CVE-2024-9882.json create mode 100644 2024/9xxx/CVE-2024-9883.json create mode 100644 2024/9xxx/CVE-2024-9884.json create mode 100644 2024/9xxx/CVE-2024-9885.json diff --git a/2024/43xxx/CVE-2024-43483.json b/2024/43xxx/CVE-2024-43483.json index 8181269ad02..79c6c7a0b47 100644 --- a/2024/43xxx/CVE-2024-43483.json +++ b/2024/43xxx/CVE-2024-43483.json @@ -138,7 +138,7 @@ { "version_affected": "<", "version_name": "4.7.0", - "version_value": "3,5,04115.01" + "version_value": "3.5.04115.01" } ] } diff --git a/2024/43xxx/CVE-2024-43484.json b/2024/43xxx/CVE-2024-43484.json index 65500dc8159..26ecfa6ac4d 100644 --- a/2024/43xxx/CVE-2024-43484.json +++ b/2024/43xxx/CVE-2024-43484.json @@ -119,7 +119,7 @@ { "version_affected": "<", "version_name": "4.7.0", - "version_value": "3,5,04115.01" + "version_value": "3.5.04115.01" } ] } diff --git a/2024/47xxx/CVE-2024-47331.json b/2024/47xxx/CVE-2024-47331.json index ce6a6eca585..d43ae3c1cd7 100644 --- a/2024/47xxx/CVE-2024-47331.json +++ b/2024/47xxx/CVE-2024-47331.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47331", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NinjaTeam", + "product": { + "product_data": [ + { + "product_name": "Multi Step for Contact Form", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.7.8", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.7.7", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/cf7-multi-step/wordpress-multi-step-for-contact-form-plugin-2-7-7-unauthenticated-sql-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/cf7-multi-step/wordpress-multi-step-for-contact-form-plugin-2-7-7-unauthenticated-sql-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.7.8 or a higher version." + } + ], + "value": "Update to 2.7.8 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Hakiduck (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/47xxx/CVE-2024-47353.json b/2024/47xxx/CVE-2024-47353.json index 852f5e17206..1c56aa25d8b 100644 --- a/2024/47xxx/CVE-2024-47353.json +++ b/2024/47xxx/CVE-2024-47353.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47353", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QuomodoSoft", + "product": { + "product_data": [ + { + "product_name": "ElementsReady Addons for Elementor", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.4.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "6.4.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/element-ready-lite/wordpress-elementsready-addons-for-elementor-plugin-6-4-2-open-redirection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/element-ready-lite/wordpress-elementsready-addons-for-elementor-plugin-6-4-2-open-redirection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 6.4.3 or a higher version." + } + ], + "value": "Update to 6.4.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Muhamad Agil Fachrian (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/48xxx/CVE-2024-48020.json b/2024/48xxx/CVE-2024-48020.json index 54c73ddd679..34c6b278cab 100644 --- a/2024/48xxx/CVE-2024-48020.json +++ b/2024/48xxx/CVE-2024-48020.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48020", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Revmakx Backup and Staging by WP Time Capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Revmakx", + "product": { + "product_data": [ + { + "product_name": "Backup and Staging by WP Time Capsule", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.22.22", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.22.21", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-time-capsule/wordpress-backup-and-staging-by-wp-time-capsule-plugin-1-22-21-sql-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-time-capsule/wordpress-backup-and-staging-by-wp-time-capsule-plugin-1-22-21-sql-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.22.22 or a higher version." + } + ], + "value": "Update to 1.22.22 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Hakiduck (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/48xxx/CVE-2024-48033.json b/2024/48xxx/CVE-2024-48033.json index ce0aa20835a..9640a6b127f 100644 --- a/2024/48xxx/CVE-2024-48033.json +++ b/2024/48xxx/CVE-2024-48033.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48033", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in Elie Burstein, Baptiste Gourdin Talkback allows Object Injection.This issue affects Talkback: from n/a through 1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elie Burstein, Baptiste Gourdin", + "product": { + "product_data": [ + { + "product_name": "Talkback", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/talkback-secure-linkback-protocol/wordpress-talkback-plugin-1-0-php-object-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/talkback-secure-linkback-protocol/wordpress-talkback-plugin-1-0-php-object-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "LVT-tholv2k (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/48xxx/CVE-2024-48040.json b/2024/48xxx/CVE-2024-48040.json index bfde4f1aed7..13fc6c1d7c1 100644 --- a/2024/48xxx/CVE-2024-48040.json +++ b/2024/48xxx/CVE-2024-48040.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48040", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tainacan.Org Tainacan allows SQL Injection.This issue affects Tainacan: from n/a through 0.21.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tainacan.org", + "product": { + "product_data": [ + { + "product_name": "Tainacan", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "0.21.9", + "status": "unaffected" + } + ], + "lessThanOrEqual": "0.21.8", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/tainacan/wordpress-tainacan-plugin-0-21-8-sql-injection-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/tainacan/wordpress-tainacan-plugin-0-21-8-sql-injection-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 0.21.9 or a higher version." + } + ], + "value": "Update to 0.21.9 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac / truonghuuphuc (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/48xxx/CVE-2024-48041.json b/2024/48xxx/CVE-2024-48041.json index 661739f5bdd..2fc0a6a07e2 100644 --- a/2024/48xxx/CVE-2024-48041.json +++ b/2024/48xxx/CVE-2024-48041.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48041", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CreativeMindsSolutions", + "product": { + "product_data": [ + { + "product_name": "CM Tooltip Glossary", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.3.11", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.3.9", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/enhanced-tooltipglossary/wordpress-cm-tooltip-glossary-plugin-4-3-9-privilege-escalation-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/enhanced-tooltipglossary/wordpress-cm-tooltip-glossary-plugin-4-3-9-privilege-escalation-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.3.11 or a higher version." + } + ], + "value": "Update to 4.3.11 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Robert DeVore (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8912.json b/2024/8xxx/CVE-2024-8912.json index 991dc0cdddc..4a01d861aba 100644 --- a/2024/8xxx/CVE-2024-8912.json +++ b/2024/8xxx/CVE-2024-8912.json @@ -1,18 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8912", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users.\n\nThere are two Looker versions that are hosted by Looker:\n\n * Looker (Google Cloud core) was found to be vulnerable. This issue has already been mitigated and our investigation has found no signs of exploitation.\n * Looker (original) was not vulnerable to this issue.\n\n\nCustomer-hosted Looker instances were found to be vulnerable and must be upgraded.\n\nThis vulnerability has been patched in all supported versions of customer-hosted Looker, which are available on the Looker download page https://download.looker.com/ .\n\nFor Looker customer-hosted instances, please update to the latest supported version of Looker as soon as possible. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page:\n\n * 23.12 -> 23.12.123+\n * 23.18 -> 23.18.117+\n * 24.0 -> 24.0.92+\n * 24.6 -> 24.6.77+\n * 24.8 -> 24.8.66+\n * 24.10 -> 24.10.78+\n * 24.12 -> 24.12.56+\n * 24.14 -> 24.14.37+" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", + "cweId": "CWE-444" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Looker", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "23.12.0", + "version_value": "23.12.123" + }, + { + "version_affected": "<", + "version_name": "23.18.0", + "version_value": "23.18.117" + }, + { + "version_affected": "<", + "version_name": "24.0.0", + "version_value": "24.0.92" + }, + { + "version_affected": "<", + "version_name": "24.6.0", + "version_value": "24.6.77" + }, + { + "version_affected": "<", + "version_name": "24.8.0", + "version_value": "24.8.66" + }, + { + "version_affected": "<", + "version_name": "24.10.0", + "version_value": "24.10.78" + }, + { + "version_affected": "<", + "version_name": "24.12.0", + "version_value": "24.12.56" + }, + { + "version_affected": "<", + "version_name": "24.14.0", + "version_value": "24.14.37" + }, + { + "version_affected": "<=", + "version_name": "23.6", + "version_value": "24.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cloud.google.com/looker/docs/best-practices/security-bulletin-09-16-24", + "refsource": "MISC", + "name": "https://cloud.google.com/looker/docs/best-practices/security-bulletin-09-16-24" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9876.json b/2024/9xxx/CVE-2024-9876.json new file mode 100644 index 00000000000..ea320690b40 --- /dev/null +++ b/2024/9xxx/CVE-2024-9876.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9876", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9877.json b/2024/9xxx/CVE-2024-9877.json new file mode 100644 index 00000000000..df636dee311 --- /dev/null +++ b/2024/9xxx/CVE-2024-9877.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9877", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9878.json b/2024/9xxx/CVE-2024-9878.json new file mode 100644 index 00000000000..0f80730e532 --- /dev/null +++ b/2024/9xxx/CVE-2024-9878.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9878", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9879.json b/2024/9xxx/CVE-2024-9879.json new file mode 100644 index 00000000000..37ffc58a232 --- /dev/null +++ b/2024/9xxx/CVE-2024-9879.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9879", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9880.json b/2024/9xxx/CVE-2024-9880.json new file mode 100644 index 00000000000..2cb1ae06f3a --- /dev/null +++ b/2024/9xxx/CVE-2024-9880.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9880", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9881.json b/2024/9xxx/CVE-2024-9881.json new file mode 100644 index 00000000000..06adb077b53 --- /dev/null +++ b/2024/9xxx/CVE-2024-9881.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9881", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9882.json b/2024/9xxx/CVE-2024-9882.json new file mode 100644 index 00000000000..c70868795a2 --- /dev/null +++ b/2024/9xxx/CVE-2024-9882.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9882", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9883.json b/2024/9xxx/CVE-2024-9883.json new file mode 100644 index 00000000000..fa7601c189b --- /dev/null +++ b/2024/9xxx/CVE-2024-9883.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9883", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9884.json b/2024/9xxx/CVE-2024-9884.json new file mode 100644 index 00000000000..24c0a4d3b16 --- /dev/null +++ b/2024/9xxx/CVE-2024-9884.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9884", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9885.json b/2024/9xxx/CVE-2024-9885.json new file mode 100644 index 00000000000..c32e5fdd65b --- /dev/null +++ b/2024/9xxx/CVE-2024-9885.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9885", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file