From 60d4b7538a10d88fb3aa73ee409c3745aadc5d92 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 15 Oct 2024 16:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/47xxx/CVE-2024-47771.json | 68 ++++++++++- 2024/47xxx/CVE-2024-47779.json | 63 +++++++++- 2024/47xxx/CVE-2024-47824.json | 68 ++++++++++- 2024/47xxx/CVE-2024-47874.json | 63 +++++++++- 2024/47xxx/CVE-2024-47876.json | 77 ++++++++++++- 2024/48xxx/CVE-2024-48622.json | 56 ++++++++- 2024/48xxx/CVE-2024-48623.json | 56 ++++++++- 2024/48xxx/CVE-2024-48624.json | 56 ++++++++- 2024/48xxx/CVE-2024-48913.json | 86 +++++++++++++- 2024/49xxx/CVE-2024-49507.json | 18 +++ 2024/49xxx/CVE-2024-49508.json | 18 +++ 2024/49xxx/CVE-2024-49509.json | 18 +++ 2024/49xxx/CVE-2024-49510.json | 18 +++ 2024/49xxx/CVE-2024-49511.json | 18 +++ 2024/49xxx/CVE-2024-49512.json | 18 +++ 2024/49xxx/CVE-2024-49513.json | 18 +++ 2024/49xxx/CVE-2024-49514.json | 18 +++ 2024/49xxx/CVE-2024-49515.json | 18 +++ 2024/49xxx/CVE-2024-49516.json | 18 +++ 2024/49xxx/CVE-2024-49517.json | 18 +++ 2024/49xxx/CVE-2024-49518.json | 18 +++ 2024/49xxx/CVE-2024-49519.json | 18 +++ 2024/49xxx/CVE-2024-49520.json | 18 +++ 2024/49xxx/CVE-2024-49521.json | 18 +++ 2024/49xxx/CVE-2024-49522.json | 18 +++ 2024/49xxx/CVE-2024-49523.json | 18 +++ 2024/49xxx/CVE-2024-49524.json | 18 +++ 2024/49xxx/CVE-2024-49525.json | 18 +++ 2024/49xxx/CVE-2024-49526.json | 18 +++ 2024/49xxx/CVE-2024-49527.json | 18 +++ 2024/49xxx/CVE-2024-49528.json | 18 +++ 2024/49xxx/CVE-2024-49529.json | 18 +++ 2024/49xxx/CVE-2024-49530.json | 18 +++ 2024/49xxx/CVE-2024-49531.json | 18 +++ 2024/49xxx/CVE-2024-49532.json | 18 +++ 2024/49xxx/CVE-2024-49533.json | 18 +++ 2024/49xxx/CVE-2024-49534.json | 18 +++ 2024/49xxx/CVE-2024-49535.json | 18 +++ 2024/49xxx/CVE-2024-49536.json | 18 +++ 2024/49xxx/CVE-2024-49537.json | 18 +++ 2024/49xxx/CVE-2024-49538.json | 18 +++ 2024/49xxx/CVE-2024-49539.json | 18 +++ 2024/49xxx/CVE-2024-49540.json | 18 +++ 2024/49xxx/CVE-2024-49541.json | 18 +++ 2024/49xxx/CVE-2024-49542.json | 18 +++ 2024/49xxx/CVE-2024-49543.json | 18 +++ 2024/49xxx/CVE-2024-49544.json | 18 +++ 2024/49xxx/CVE-2024-49545.json | 18 +++ 2024/49xxx/CVE-2024-49546.json | 18 +++ 2024/49xxx/CVE-2024-49547.json | 18 +++ 2024/49xxx/CVE-2024-49548.json | 18 +++ 2024/49xxx/CVE-2024-49549.json | 18 +++ 2024/49xxx/CVE-2024-49550.json | 18 +++ 2024/49xxx/CVE-2024-49551.json | 18 +++ 2024/49xxx/CVE-2024-49552.json | 18 +++ 2024/49xxx/CVE-2024-49553.json | 18 +++ 2024/49xxx/CVE-2024-49554.json | 18 +++ 2024/49xxx/CVE-2024-49555.json | 18 +++ 2024/49xxx/CVE-2024-49556.json | 18 +++ 2024/6xxx/CVE-2024-6485.json | 2 +- 2024/9xxx/CVE-2024-9506.json | 85 +++++++++++++- 2024/9xxx/CVE-2024-9676.json | 204 ++++++++++++++++++++++++++++++++- 2024/9xxx/CVE-2024-9953.json | 6 +- 63 files changed, 1736 insertions(+), 54 deletions(-) create mode 100644 2024/49xxx/CVE-2024-49507.json create mode 100644 2024/49xxx/CVE-2024-49508.json create mode 100644 2024/49xxx/CVE-2024-49509.json create mode 100644 2024/49xxx/CVE-2024-49510.json create mode 100644 2024/49xxx/CVE-2024-49511.json create mode 100644 2024/49xxx/CVE-2024-49512.json create mode 100644 2024/49xxx/CVE-2024-49513.json create mode 100644 2024/49xxx/CVE-2024-49514.json create mode 100644 2024/49xxx/CVE-2024-49515.json create mode 100644 2024/49xxx/CVE-2024-49516.json create mode 100644 2024/49xxx/CVE-2024-49517.json create mode 100644 2024/49xxx/CVE-2024-49518.json create mode 100644 2024/49xxx/CVE-2024-49519.json create mode 100644 2024/49xxx/CVE-2024-49520.json create mode 100644 2024/49xxx/CVE-2024-49521.json create mode 100644 2024/49xxx/CVE-2024-49522.json create mode 100644 2024/49xxx/CVE-2024-49523.json create mode 100644 2024/49xxx/CVE-2024-49524.json create mode 100644 2024/49xxx/CVE-2024-49525.json create mode 100644 2024/49xxx/CVE-2024-49526.json create mode 100644 2024/49xxx/CVE-2024-49527.json create mode 100644 2024/49xxx/CVE-2024-49528.json create mode 100644 2024/49xxx/CVE-2024-49529.json create mode 100644 2024/49xxx/CVE-2024-49530.json create mode 100644 2024/49xxx/CVE-2024-49531.json create mode 100644 2024/49xxx/CVE-2024-49532.json create mode 100644 2024/49xxx/CVE-2024-49533.json create mode 100644 2024/49xxx/CVE-2024-49534.json create mode 100644 2024/49xxx/CVE-2024-49535.json create mode 100644 2024/49xxx/CVE-2024-49536.json create mode 100644 2024/49xxx/CVE-2024-49537.json create mode 100644 2024/49xxx/CVE-2024-49538.json create mode 100644 2024/49xxx/CVE-2024-49539.json create mode 100644 2024/49xxx/CVE-2024-49540.json create mode 100644 2024/49xxx/CVE-2024-49541.json create mode 100644 2024/49xxx/CVE-2024-49542.json create mode 100644 2024/49xxx/CVE-2024-49543.json create mode 100644 2024/49xxx/CVE-2024-49544.json create mode 100644 2024/49xxx/CVE-2024-49545.json create mode 100644 2024/49xxx/CVE-2024-49546.json create mode 100644 2024/49xxx/CVE-2024-49547.json create mode 100644 2024/49xxx/CVE-2024-49548.json create mode 100644 2024/49xxx/CVE-2024-49549.json create mode 100644 2024/49xxx/CVE-2024-49550.json create mode 100644 2024/49xxx/CVE-2024-49551.json create mode 100644 2024/49xxx/CVE-2024-49552.json create mode 100644 2024/49xxx/CVE-2024-49553.json create mode 100644 2024/49xxx/CVE-2024-49554.json create mode 100644 2024/49xxx/CVE-2024-49555.json create mode 100644 2024/49xxx/CVE-2024-49556.json diff --git a/2024/47xxx/CVE-2024-47771.json b/2024/47xxx/CVE-2024-47771.json index f47f438e671..727c9bbd6fc 100644 --- a/2024/47xxx/CVE-2024-47771.json +++ b/2024/47xxx/CVE-2024-47771.json @@ -1,18 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47771", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "element-hq", + "product": { + "product_data": [ + { + "product_name": "element-desktop", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.11.70, < 1.11.81" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/element-hq/element-desktop/security/advisories/GHSA-963w-49j9-gxj6", + "refsource": "MISC", + "name": "https://github.com/element-hq/element-desktop/security/advisories/GHSA-963w-49j9-gxj6" + }, + { + "url": "https://github.com/element-hq/element-desktop/commit/6c78684e84ba7f460aedba6f017760e2323fdf4b", + "refsource": "MISC", + "name": "https://github.com/element-hq/element-desktop/commit/6c78684e84ba7f460aedba6f017760e2323fdf4b" + }, + { + "url": "https://github.com/element-hq/element-web/commit/63c8550791a0221189f495d6458fee7db601c789", + "refsource": "MISC", + "name": "https://github.com/element-hq/element-web/commit/63c8550791a0221189f495d6458fee7db601c789" + } + ] + }, + "source": { + "advisory": "GHSA-963w-49j9-gxj6", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47779.json b/2024/47xxx/CVE-2024-47779.json index 3c6d56bc671..ac8104c1a15 100644 --- a/2024/47xxx/CVE-2024-47779.json +++ b/2024/47xxx/CVE-2024-47779.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47779", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Element is a Matrix web client built using the Matrix React SDK .Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Note that despite superficial similarity to CVE-2024-47771, this is an entirely separate vulnerability, caused by a separate piece of code included only in Element Web. Element Web and Element Desktop share most but not all, of their code and this vulnerability exists in the part of the code base which is not shared between the projects. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "element-hq", + "product": { + "product_data": [ + { + "product_name": "element-web", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.11.70, < 1.11.81" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/element-hq/element-web/security/advisories/GHSA-3jm3-x98c-r34x", + "refsource": "MISC", + "name": "https://github.com/element-hq/element-web/security/advisories/GHSA-3jm3-x98c-r34x" + }, + { + "url": "https://github.com/element-hq/element-web/commit/8d7f2b5c1301129a488d3597f3839bd74203ee62", + "refsource": "MISC", + "name": "https://github.com/element-hq/element-web/commit/8d7f2b5c1301129a488d3597f3839bd74203ee62" + } + ] + }, + "source": { + "advisory": "GHSA-3jm3-x98c-r34x", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47824.json b/2024/47xxx/CVE-2024-47824.json index 6a230bfee86..6029305a8fb 100644 --- a/2024/47xxx/CVE-2024-47824.json +++ b/2024/47xxx/CVE-2024-47824.json @@ -1,18 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47824", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room, via injection of a malicious device controlled by the homeserver. This is possible because matrix-react-sdk before 3.102.0 shared historical message keys on invite. Version 3.102.0 fixes this issue by disabling sharing message keys on invite by removing calls to the vulnerable functionality. No known workarounds are available." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "matrix-org", + "product": { + "product_data": [ + { + "product_name": "matrix-react-sdk", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.18.0, < 3.102.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-qcvh-p9jq-wp8v", + "refsource": "MISC", + "name": "https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-qcvh-p9jq-wp8v" + }, + { + "url": "https://github.com/matrix-org/matrix-react-sdk/pull/12618", + "refsource": "MISC", + "name": "https://github.com/matrix-org/matrix-react-sdk/pull/12618" + }, + { + "url": "https://github.com/matrix-org/matrix-react-sdk/commit/6fc9d7641c51ca3db8225cf58b9d6e6fdd2d6556", + "refsource": "MISC", + "name": "https://github.com/matrix-org/matrix-react-sdk/commit/6fc9d7641c51ca3db8225cf58b9d6e6fdd2d6556" + } + ] + }, + "source": { + "advisory": "GHSA-qcvh-p9jq-wp8v", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47874.json b/2024/47xxx/CVE-2024-47874.json index a1073534433..d73964d0389 100644 --- a/2024/47xxx/CVE-2024-47874.json +++ b/2024/47xxx/CVE-2024-47874.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47874", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down significantly due to excessive memory allocations and copy operations, and also consume more and more memory until the server starts swapping and grinds to a halt, or the OS terminates the server process with an OOM error. Uploading multiple such requests in parallel may be enough to render a service practically unusable, even if reasonable request size limits are enforced by a reverse proxy in front of Starlette. This Denial of service (DoS) vulnerability affects all applications built with Starlette (or FastAPI) accepting form requests. Verison 0.40.0 fixes this issue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "encode", + "product": { + "product_data": [ + { + "product_name": "starlette", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.40.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw", + "refsource": "MISC", + "name": "https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw" + }, + { + "url": "https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733", + "refsource": "MISC", + "name": "https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733" + } + ] + }, + "source": { + "advisory": "GHSA-f96h-pmfr-66vw", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47876.json b/2024/47xxx/CVE-2024-47876.json index ce057add7cb..42b4577c7d0 100644 --- a/2024/47xxx/CVE-2024-47876.json +++ b/2024/47xxx/CVE-2024-47876.json @@ -1,18 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47876", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization", + "cweId": "CWE-285" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "sakaiproject", + "product": { + "product_data": [ + { + "product_name": "sakai", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 23.0, < 23.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sakaiproject/sakai/security/advisories/GHSA-cx95-q6gx-w4qp", + "refsource": "MISC", + "name": "https://github.com/sakaiproject/sakai/security/advisories/GHSA-cx95-q6gx-w4qp" + }, + { + "url": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41", + "refsource": "MISC", + "name": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41" + }, + { + "url": "https://sakaiproject.atlassian.net/browse/SAK-50571", + "refsource": "MISC", + "name": "https://sakaiproject.atlassian.net/browse/SAK-50571" + } + ] + }, + "source": { + "advisory": "GHSA-cx95-q6gx-w4qp", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/48xxx/CVE-2024-48622.json b/2024/48xxx/CVE-2024-48622.json index 320769809be..740b6189554 100644 --- a/2024/48xxx/CVE-2024-48622.json +++ b/2024/48xxx/CVE-2024-48622.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48622", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48622", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/domainmod/domainmod/issues/174", + "refsource": "MISC", + "name": "https://github.com/domainmod/domainmod/issues/174" } ] } diff --git a/2024/48xxx/CVE-2024-48623.json b/2024/48xxx/CVE-2024-48623.json index 338a744446b..6fd5cd881ae 100644 --- a/2024/48xxx/CVE-2024-48623.json +++ b/2024/48xxx/CVE-2024-48623.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48623", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48623", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In queue\\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/domainmod/domainmod/issues/176", + "refsource": "MISC", + "name": "https://github.com/domainmod/domainmod/issues/176" } ] } diff --git a/2024/48xxx/CVE-2024-48624.json b/2024/48xxx/CVE-2024-48624.json index 5e54a1e1a0a..761a25167aa 100644 --- a/2024/48xxx/CVE-2024-48624.json +++ b/2024/48xxx/CVE-2024-48624.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48624", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48624", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In segments\\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/domainmod/domainmod/issues/175", + "refsource": "MISC", + "name": "https://github.com/domainmod/domainmod/issues/175" } ] } diff --git a/2024/48xxx/CVE-2024-48913.json b/2024/48xxx/CVE-2024-48913.json index 4cf65a0dccb..944ef87d7c3 100644 --- a/2024/48xxx/CVE-2024-48913.json +++ b/2024/48xxx/CVE-2024-48913.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48913", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. This can allow an attacker to bypass CSRF protection implemented with Hono CSRF middleware. Version 4.6.5 fixes this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "honojs", + "product": { + "product_data": [ + { + "product_name": "hono", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.6.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/honojs/hono/security/advisories/GHSA-2234-fmw7-43wr", + "refsource": "MISC", + "name": "https://github.com/honojs/hono/security/advisories/GHSA-2234-fmw7-43wr" + }, + { + "url": "https://github.com/honojs/hono/commit/aa50e0ab77b5af8c53c50fe3b271892f8eeeea82", + "refsource": "MISC", + "name": "https://github.com/honojs/hono/commit/aa50e0ab77b5af8c53c50fe3b271892f8eeeea82" + }, + { + "url": "https://github.com/honojs/hono/blob/cebf4e87f3984a6a034e60a43f542b4c5225b668/src/middleware/csrf/index.ts#L76-L89", + "refsource": "MISC", + "name": "https://github.com/honojs/hono/blob/cebf4e87f3984a6a034e60a43f542b4c5225b668/src/middleware/csrf/index.ts#L76-L89" + } + ] + }, + "source": { + "advisory": "GHSA-2234-fmw7-43wr", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/49xxx/CVE-2024-49507.json b/2024/49xxx/CVE-2024-49507.json new file mode 100644 index 00000000000..fe573f44f82 --- /dev/null +++ b/2024/49xxx/CVE-2024-49507.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49507", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49508.json b/2024/49xxx/CVE-2024-49508.json new file mode 100644 index 00000000000..405e2ebf9f7 --- /dev/null +++ b/2024/49xxx/CVE-2024-49508.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49508", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49509.json b/2024/49xxx/CVE-2024-49509.json new file mode 100644 index 00000000000..0188404af0c --- /dev/null +++ b/2024/49xxx/CVE-2024-49509.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49509", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49510.json b/2024/49xxx/CVE-2024-49510.json new file mode 100644 index 00000000000..a87dc0a49fa --- /dev/null +++ b/2024/49xxx/CVE-2024-49510.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49510", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49511.json b/2024/49xxx/CVE-2024-49511.json new file mode 100644 index 00000000000..1fa7c9c3fc6 --- /dev/null +++ b/2024/49xxx/CVE-2024-49511.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49511", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49512.json b/2024/49xxx/CVE-2024-49512.json new file mode 100644 index 00000000000..661b7ad7c13 --- /dev/null +++ b/2024/49xxx/CVE-2024-49512.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49512", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49513.json b/2024/49xxx/CVE-2024-49513.json new file mode 100644 index 00000000000..04306175da9 --- /dev/null +++ b/2024/49xxx/CVE-2024-49513.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49513", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49514.json b/2024/49xxx/CVE-2024-49514.json new file mode 100644 index 00000000000..e6517a5ad6d --- /dev/null +++ b/2024/49xxx/CVE-2024-49514.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49514", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49515.json b/2024/49xxx/CVE-2024-49515.json new file mode 100644 index 00000000000..44c2f3124dc --- /dev/null +++ b/2024/49xxx/CVE-2024-49515.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49515", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49516.json b/2024/49xxx/CVE-2024-49516.json new file mode 100644 index 00000000000..6665da89e41 --- /dev/null +++ b/2024/49xxx/CVE-2024-49516.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49516", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49517.json b/2024/49xxx/CVE-2024-49517.json new file mode 100644 index 00000000000..480115cdc32 --- /dev/null +++ b/2024/49xxx/CVE-2024-49517.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49517", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49518.json b/2024/49xxx/CVE-2024-49518.json new file mode 100644 index 00000000000..ffe0714ae95 --- /dev/null +++ b/2024/49xxx/CVE-2024-49518.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49518", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49519.json b/2024/49xxx/CVE-2024-49519.json new file mode 100644 index 00000000000..4def56b2426 --- /dev/null +++ b/2024/49xxx/CVE-2024-49519.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49519", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49520.json b/2024/49xxx/CVE-2024-49520.json new file mode 100644 index 00000000000..9feb63fb459 --- /dev/null +++ b/2024/49xxx/CVE-2024-49520.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49520", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49521.json b/2024/49xxx/CVE-2024-49521.json new file mode 100644 index 00000000000..c82bde178af --- /dev/null +++ b/2024/49xxx/CVE-2024-49521.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49521", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49522.json b/2024/49xxx/CVE-2024-49522.json new file mode 100644 index 00000000000..106815ccdb3 --- /dev/null +++ b/2024/49xxx/CVE-2024-49522.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49522", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49523.json b/2024/49xxx/CVE-2024-49523.json new file mode 100644 index 00000000000..a2494f28e84 --- /dev/null +++ b/2024/49xxx/CVE-2024-49523.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49523", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49524.json b/2024/49xxx/CVE-2024-49524.json new file mode 100644 index 00000000000..ee76ddcd19e --- /dev/null +++ b/2024/49xxx/CVE-2024-49524.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49524", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49525.json b/2024/49xxx/CVE-2024-49525.json new file mode 100644 index 00000000000..fd92e6936fa --- /dev/null +++ b/2024/49xxx/CVE-2024-49525.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49525", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49526.json b/2024/49xxx/CVE-2024-49526.json new file mode 100644 index 00000000000..9dff2841cdb --- /dev/null +++ b/2024/49xxx/CVE-2024-49526.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49526", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49527.json b/2024/49xxx/CVE-2024-49527.json new file mode 100644 index 00000000000..ded4b699679 --- /dev/null +++ b/2024/49xxx/CVE-2024-49527.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49527", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49528.json b/2024/49xxx/CVE-2024-49528.json new file mode 100644 index 00000000000..b4a7d47ab71 --- /dev/null +++ b/2024/49xxx/CVE-2024-49528.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49528", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49529.json b/2024/49xxx/CVE-2024-49529.json new file mode 100644 index 00000000000..3391e962d76 --- /dev/null +++ b/2024/49xxx/CVE-2024-49529.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49529", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49530.json b/2024/49xxx/CVE-2024-49530.json new file mode 100644 index 00000000000..8aefe805db6 --- /dev/null +++ b/2024/49xxx/CVE-2024-49530.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49530", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49531.json b/2024/49xxx/CVE-2024-49531.json new file mode 100644 index 00000000000..30cc24093fb --- /dev/null +++ b/2024/49xxx/CVE-2024-49531.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49531", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49532.json b/2024/49xxx/CVE-2024-49532.json new file mode 100644 index 00000000000..323521e2ab7 --- /dev/null +++ b/2024/49xxx/CVE-2024-49532.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49532", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49533.json b/2024/49xxx/CVE-2024-49533.json new file mode 100644 index 00000000000..ea5d5159e4f --- /dev/null +++ b/2024/49xxx/CVE-2024-49533.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49533", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49534.json b/2024/49xxx/CVE-2024-49534.json new file mode 100644 index 00000000000..3bf0a52061d --- /dev/null +++ b/2024/49xxx/CVE-2024-49534.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49534", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49535.json b/2024/49xxx/CVE-2024-49535.json new file mode 100644 index 00000000000..efd2629ad8e --- /dev/null +++ b/2024/49xxx/CVE-2024-49535.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49535", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49536.json b/2024/49xxx/CVE-2024-49536.json new file mode 100644 index 00000000000..555cc9e838d --- /dev/null +++ b/2024/49xxx/CVE-2024-49536.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49536", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49537.json b/2024/49xxx/CVE-2024-49537.json new file mode 100644 index 00000000000..d2501a5d90c --- /dev/null +++ b/2024/49xxx/CVE-2024-49537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49537", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49538.json b/2024/49xxx/CVE-2024-49538.json new file mode 100644 index 00000000000..c94ac6d8f34 --- /dev/null +++ b/2024/49xxx/CVE-2024-49538.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49538", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49539.json b/2024/49xxx/CVE-2024-49539.json new file mode 100644 index 00000000000..07115a2cf60 --- /dev/null +++ b/2024/49xxx/CVE-2024-49539.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49539", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49540.json b/2024/49xxx/CVE-2024-49540.json new file mode 100644 index 00000000000..44ecfa51dcc --- /dev/null +++ b/2024/49xxx/CVE-2024-49540.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49540", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49541.json b/2024/49xxx/CVE-2024-49541.json new file mode 100644 index 00000000000..293d0c434cd --- /dev/null +++ b/2024/49xxx/CVE-2024-49541.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49541", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49542.json b/2024/49xxx/CVE-2024-49542.json new file mode 100644 index 00000000000..2e949864fb0 --- /dev/null +++ b/2024/49xxx/CVE-2024-49542.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49542", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49543.json b/2024/49xxx/CVE-2024-49543.json new file mode 100644 index 00000000000..43e510bdf35 --- /dev/null +++ b/2024/49xxx/CVE-2024-49543.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49543", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49544.json b/2024/49xxx/CVE-2024-49544.json new file mode 100644 index 00000000000..3b8dc75cdf4 --- /dev/null +++ b/2024/49xxx/CVE-2024-49544.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49544", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49545.json b/2024/49xxx/CVE-2024-49545.json new file mode 100644 index 00000000000..97d2e3ffb90 --- /dev/null +++ b/2024/49xxx/CVE-2024-49545.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49545", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49546.json b/2024/49xxx/CVE-2024-49546.json new file mode 100644 index 00000000000..39dde26f992 --- /dev/null +++ b/2024/49xxx/CVE-2024-49546.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49546", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49547.json b/2024/49xxx/CVE-2024-49547.json new file mode 100644 index 00000000000..81f63aef2ec --- /dev/null +++ b/2024/49xxx/CVE-2024-49547.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49547", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49548.json b/2024/49xxx/CVE-2024-49548.json new file mode 100644 index 00000000000..244a6251198 --- /dev/null +++ b/2024/49xxx/CVE-2024-49548.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49548", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49549.json b/2024/49xxx/CVE-2024-49549.json new file mode 100644 index 00000000000..4e813e591ba --- /dev/null +++ b/2024/49xxx/CVE-2024-49549.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49549", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49550.json b/2024/49xxx/CVE-2024-49550.json new file mode 100644 index 00000000000..b397cb60268 --- /dev/null +++ b/2024/49xxx/CVE-2024-49550.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49550", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49551.json b/2024/49xxx/CVE-2024-49551.json new file mode 100644 index 00000000000..09c01521b4a --- /dev/null +++ b/2024/49xxx/CVE-2024-49551.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49551", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49552.json b/2024/49xxx/CVE-2024-49552.json new file mode 100644 index 00000000000..12eb5abb634 --- /dev/null +++ b/2024/49xxx/CVE-2024-49552.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49552", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49553.json b/2024/49xxx/CVE-2024-49553.json new file mode 100644 index 00000000000..314d28b816b --- /dev/null +++ b/2024/49xxx/CVE-2024-49553.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49553", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49554.json b/2024/49xxx/CVE-2024-49554.json new file mode 100644 index 00000000000..a3245789044 --- /dev/null +++ b/2024/49xxx/CVE-2024-49554.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49554", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49555.json b/2024/49xxx/CVE-2024-49555.json new file mode 100644 index 00000000000..58f127a1089 --- /dev/null +++ b/2024/49xxx/CVE-2024-49555.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49555", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/49xxx/CVE-2024-49556.json b/2024/49xxx/CVE-2024-49556.json new file mode 100644 index 00000000000..ad0d4418886 --- /dev/null +++ b/2024/49xxx/CVE-2024-49556.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-49556", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6485.json b/2024/6xxx/CVE-2024-6485.json index 9f4550143be..91feeaa951a 100644 --- a/2024/6xxx/CVE-2024-6485.json +++ b/2024/6xxx/CVE-2024-6485.json @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "<=", - "version_name": "2.0.0", + "version_name": "1.4.0", "version_value": "3.4.1" } ] diff --git a/2024/9xxx/CVE-2024-9506.json b/2024/9xxx/CVE-2024-9506.json index 8fc9539fa20..c28f0667f8f 100644 --- a/2024/9xxx/CVE-2024-9506.json +++ b/2024/9xxx/CVE-2024-9506.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9506", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclosures@herodevs.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vue", + "product": { + "product_data": [ + { + "product_name": "vue", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.0.0", + "version_value": "2.7.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.herodevs.com/vulnerability-directory/cve-2024-9506", + "refsource": "MISC", + "name": "https://www.herodevs.com/vulnerability-directory/cve-2024-9506" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "K" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/9xxx/CVE-2024-9676.json b/2024/9xxx/CVE-2024-9676.json index 29f370ba1d8..f61f0e6dd37 100644 --- a/2024/9xxx/CVE-2024-9676.json +++ b/2024/9xxx/CVE-2024-9676.json @@ -1,17 +1,213 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9676", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "OpenShift Developer Tools and Services", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Quay 3", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-9676", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-9676" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317467", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2317467" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/9xxx/CVE-2024-9953.json b/2024/9xxx/CVE-2024-9953.json index ecfdc7ab9e5..b81d4919a12 100644 --- a/2024/9xxx/CVE-2024-9953.json +++ b/2024/9xxx/CVE-2024-9953.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A Potential DOS Vulnerability exists in CERT VINCE software prior to version 3.0.8. An authenticated administrative user can inject an arbitrary pickle object as part of a user's profile. This can lead to a potential DoS on the server when the user's profile is accessed. Django server does restrict unpickling from crashing the server." + "value": "A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user\u2019s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restricts unpickling to prevent server crashes, this vulnerability could still disrupt operations." } ] }, @@ -36,7 +36,7 @@ "product": { "product_data": [ { - "product_name": "VINCE - The Vulnerability Information and Coordination Environment", + "product_name": "VINCE - Vulnerability Information and Coordination Environment", "version": { "version_data": [ { @@ -71,7 +71,7 @@ "credits": [ { "lang": "en", - "value": "Thanks to security reporter @coldwaterhq https://github.com/coldwaterq who reported teh vulnerbaility and followed responsible CVD process." + "value": "Thanks to security researcher @coldwaterhq (https://github.com/coldwaterhq) for reporting this vulnerability and adhering to the responsible disclosure process." } ] } \ No newline at end of file