From 63a95513cc61d78b93a0763ac4b373fc5b44b747 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 27 Feb 2024 01:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/1xxx/CVE-2024-1886.json | 2 +- 2024/24xxx/CVE-2024-24720.json | 56 +++++++++++++++++++++++++++---- 2024/25xxx/CVE-2024-25166.json | 56 +++++++++++++++++++++++++++---- 2024/27xxx/CVE-2024-27356.json | 61 ++++++++++++++++++++++++++++++---- 4 files changed, 156 insertions(+), 19 deletions(-) diff --git a/2024/1xxx/CVE-2024-1886.json b/2024/1xxx/CVE-2024-1886.json index f24c1e478a1..ec4f7737426 100644 --- a/2024/1xxx/CVE-2024-1886.json +++ b/2024/1xxx/CVE-2024-1886.json @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-35", + "value": "CWE-35 Path Traversal", "cweId": "CWE-35" } ] diff --git a/2024/24xxx/CVE-2024-24720.json b/2024/24xxx/CVE-2024-24720.json index 41616d3ae12..8c4d3377323 100644 --- a/2024/24xxx/CVE-2024-24720.json +++ b/2024/24xxx/CVE-2024-24720.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24720", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24720", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Innovaphone PBX before 14r1 devices. It provides different responses to incoming requests in a way that reveals information to an attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2024-24720", + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/CVE-2024-24720" } ] } diff --git a/2024/25xxx/CVE-2024-25166.json b/2024/25xxx/CVE-2024-25166.json index 74706872854..7588e292f15 100644 --- a/2024/25xxx/CVE-2024-25166.json +++ b/2024/25xxx/CVE-2024-25166.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25166", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25166", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xiaocheng-keji/71cms/issues/1", + "refsource": "MISC", + "name": "https://github.com/xiaocheng-keji/71cms/issues/1" } ] } diff --git a/2024/27xxx/CVE-2024-27356.json b/2024/27xxx/CVE-2024-27356.json index d9860473c5c..0093638baf3 100644 --- a/2024/27xxx/CVE-2024-27356.json +++ b/2024/27xxx/CVE-2024-27356.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-27356", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-27356", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gl-inet.com", + "refsource": "MISC", + "name": "https://gl-inet.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md", + "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md" } ] }