From 6a614d2f496196190ccd7d22700911795b3a9b50 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Feb 2024 00:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/40xxx/CVE-2023-40072.json | 13 +++- 2024/21xxx/CVE-2024-21798.json | 102 ++++++++++++++++++++++++++-- 2024/23xxx/CVE-2024-23910.json | 102 ++++++++++++++++++++++++++-- 2024/25xxx/CVE-2024-25126.json | 100 ++++++++++++++++++++++++++-- 2024/25xxx/CVE-2024-25422.json | 56 ++++++++++++++-- 2024/25xxx/CVE-2024-25579.json | 102 ++++++++++++++++++++++++++-- 2024/26xxx/CVE-2024-26141.json | 100 ++++++++++++++++++++++++++-- 2024/26xxx/CVE-2024-26146.json | 118 +++++++++++++++++++++++++++++++-- 2024/27xxx/CVE-2024-27974.json | 18 +++++ 2024/2xxx/CVE-2024-2000.json | 18 +++++ 10 files changed, 698 insertions(+), 31 deletions(-) create mode 100644 2024/27xxx/CVE-2024-27974.json create mode 100644 2024/2xxx/CVE-2024-2000.json diff --git a/2023/40xxx/CVE-2023-40072.json b/2023/40xxx/CVE-2023-40072.json index c8f8e21ec8e..2f007a8c298 100644 --- a/2023/40xxx/CVE-2023-40072.json +++ b/2023/40xxx/CVE-2023-40072.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, and WAB-S1167 v1.0.7 and earlier." + "value": "OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier." } ] }, @@ -88,6 +88,17 @@ } ] } + }, + { + "product_name": "WAB-M2133", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.3.22 and earlier" + } + ] + } } ] } diff --git a/2024/21xxx/CVE-2024-21798.json b/2024/21xxx/CVE-2024-21798.json index bea8323b9bf..31af89f8c5c 100644 --- a/2024/21xxx/CVE-2024-21798.json +++ b/2024/21xxx/CVE-2024-21798.json @@ -1,17 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21798", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ELECOM CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "WRC-1167GS2-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.67 and earlier" + } + ] + } + }, + { + "product_name": "WRC-1167GS2H-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.67 and earlier" + } + ] + } + }, + { + "product_name": "WRC-2533GS2-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.62 and earlier" + } + ] + } + }, + { + "product_name": "WRC-2533GS2-W", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.62 and earlier" + } + ] + } + }, + { + "product_name": "WRC-2533GS2V-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.62 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20240220-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20240220-01/" + }, + { + "url": "https://jvn.jp/en/jp/JVN44166658/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN44166658/" } ] } diff --git a/2024/23xxx/CVE-2024-23910.json b/2024/23xxx/CVE-2024-23910.json index 805663811b6..e5531ce2f50 100644 --- a/2024/23xxx/CVE-2024-23910.json +++ b/2024/23xxx/CVE-2024-23910.json @@ -1,17 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23910", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ELECOM CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "WRC-1167GS2-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.67 and earlier" + } + ] + } + }, + { + "product_name": "WRC-1167GS2H-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.67 and earlier" + } + ] + } + }, + { + "product_name": "WRC-2533GS2-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.62 and earlier" + } + ] + } + }, + { + "product_name": "WRC-2533GS2-W", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.62 and earlier" + } + ] + } + }, + { + "product_name": "WRC-2533GS2V-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.62 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20240220-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20240220-01/" + }, + { + "url": "https://jvn.jp/en/jp/JVN44166658/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN44166658/" } ] } diff --git a/2024/25xxx/CVE-2024-25126.json b/2024/25xxx/CVE-2024-25126.json index 8cb4b4de5bb..fcc806a15b6 100644 --- a/2024/25xxx/CVE-2024-25126.json +++ b/2024/25xxx/CVE-2024-25126.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack\u2019s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333: Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rack", + "product": { + "product_data": [ + { + "product_name": "rack", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.0.0, < 3.0.9.1" + }, + { + "version_affected": "=", + "version_value": ">= 0.4, < 2.2.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx", + "refsource": "MISC", + "name": "https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx" + }, + { + "url": "https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462", + "refsource": "MISC", + "name": "https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462" + }, + { + "url": "https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49", + "refsource": "MISC", + "name": "https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49" + }, + { + "url": "https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941", + "refsource": "MISC", + "name": "https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941" + }, + { + "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml", + "refsource": "MISC", + "name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml" + } + ] + }, + "source": { + "advisory": "GHSA-22f2-v57c-j9cx", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/25xxx/CVE-2024-25422.json b/2024/25xxx/CVE-2024-25422.json index edaa1527c68..e086e0eb2c7 100644 --- a/2024/25xxx/CVE-2024-25422.json +++ b/2024/25xxx/CVE-2024-25422.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25422", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25422", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tzyyyyyyy/semcms", + "refsource": "MISC", + "name": "https://github.com/tzyyyyyyy/semcms" } ] } diff --git a/2024/25xxx/CVE-2024-25579.json b/2024/25xxx/CVE-2024-25579.json index f4f8969b912..57c387e325f 100644 --- a/2024/25xxx/CVE-2024-25579.json +++ b/2024/25xxx/CVE-2024-25579.json @@ -1,17 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ELECOM CO.,LTD.", + "product": { + "product_data": [ + { + "product_name": "WRC-1167GS2-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.67 and earlier" + } + ] + } + }, + { + "product_name": "WRC-1167GS2H-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.67 and earlier" + } + ] + } + }, + { + "product_name": "WRC-2533GS2-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.62 and earlier" + } + ] + } + }, + { + "product_name": "WRC-2533GS2-W", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.62 and earlier" + } + ] + } + }, + { + "product_name": "WRC-2533GS2V-B", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v1.62 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.elecom.co.jp/news/security/20240220-01/", + "refsource": "MISC", + "name": "https://www.elecom.co.jp/news/security/20240220-01/" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU99444194/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU99444194/" } ] } diff --git a/2024/26xxx/CVE-2024-26141.json b/2024/26xxx/CVE-2024-26141.json index 81bac8b4de3..f620c12ae2d 100644 --- a/2024/26xxx/CVE-2024-26141.json +++ b/2024/26xxx/CVE-2024-26141.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26141", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rack", + "product": { + "product_data": [ + { + "product_name": "rack", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.0.0, < 3.0.9.1" + }, + { + "version_affected": "=", + "version_value": ">= 1.3.0, < 2.2.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6", + "refsource": "MISC", + "name": "https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6" + }, + { + "url": "https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9", + "refsource": "MISC", + "name": "https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9" + }, + { + "url": "https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b", + "refsource": "MISC", + "name": "https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b" + }, + { + "url": "https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944", + "refsource": "MISC", + "name": "https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944" + }, + { + "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml", + "refsource": "MISC", + "name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml" + } + ] + }, + "source": { + "advisory": "GHSA-xj5v-6v4g-jfw6", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/26xxx/CVE-2024-26146.json b/2024/26xxx/CVE-2024-26146.json index ee8aea40d96..f6e0abeee2c 100644 --- a/2024/26xxx/CVE-2024-26146.json +++ b/2024/26xxx/CVE-2024-26146.json @@ -1,17 +1,127 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26146", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333: Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rack", + "product": { + "product_data": [ + { + "product_name": "rack", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.0.0, < 3.0.9.1" + }, + { + "version_affected": "=", + "version_value": ">= 2.2.0, < 2.2.8.1" + }, + { + "version_affected": "=", + "version_value": ">= 2.1.0, < 2.1.4.4" + }, + { + "version_affected": "=", + "version_value": "< 2.0.9.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f", + "refsource": "MISC", + "name": "https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f" + }, + { + "url": "https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716", + "refsource": "MISC", + "name": "https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716" + }, + { + "url": "https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582", + "refsource": "MISC", + "name": "https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582" + }, + { + "url": "https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f", + "refsource": "MISC", + "name": "https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f" + }, + { + "url": "https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd", + "refsource": "MISC", + "name": "https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd" + }, + { + "url": "https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942", + "refsource": "MISC", + "name": "https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942" + }, + { + "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml", + "refsource": "MISC", + "name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml" + } + ] + }, + "source": { + "advisory": "GHSA-54rr-7fvw-6x8f", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27974.json b/2024/27xxx/CVE-2024-27974.json new file mode 100644 index 00000000000..ab89b2f8a5d --- /dev/null +++ b/2024/27xxx/CVE-2024-27974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-27974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2000.json b/2024/2xxx/CVE-2024-2000.json new file mode 100644 index 00000000000..99c3a055ea1 --- /dev/null +++ b/2024/2xxx/CVE-2024-2000.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2000", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file