diff --git a/2023/40xxx/CVE-2023-40191.json b/2023/40xxx/CVE-2023-40191.json index 7521358d548..8bc83fdde18 100644 --- a/2023/40xxx/CVE-2023-40191.json +++ b/2023/40xxx/CVE-2023-40191.json @@ -1,17 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40191", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@liferay.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the \u201cBlocked Email Domains\u201d text field" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Liferay", + "product": { + "product_data": [ + { + "product_name": "Portal", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.4.3.44", + "version_value": "7.4.3.97" + } + ] + } + }, + { + "product_name": "DXP", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2023.q3.1", + "version_value": "2023.q3.5" + }, + { + "version_affected": "<=", + "version_name": "7.4.13.u44", + "version_value": "7.4.13.u92" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-40191", + "refsource": "MISC", + "name": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-40191" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Amin ACHOUR" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49295.json b/2023/49xxx/CVE-2023-49295.json index 7660f210f8b..4868351d09e 100644 --- a/2023/49xxx/CVE-2023-49295.json +++ b/2023/49xxx/CVE-2023-49295.json @@ -115,6 +115,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G5RSHDTVMYAIGYVVFGKTMFHAZJMA3EVV/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G5RSHDTVMYAIGYVVFGKTMFHAZJMA3EVV/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE7IOKXX5AATU2WR3V76X5Y3A44QAATG/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE7IOKXX5AATU2WR3V76X5Y3A44QAATG/" } ] }, diff --git a/2023/6xxx/CVE-2023-6546.json b/2023/6xxx/CVE-2023-6546.json index 3043062c70d..afa7c8512ca 100644 --- a/2023/6xxx/CVE-2023-6546.json +++ b/2023/6xxx/CVE-2023-6546.json @@ -60,6 +60,48 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.93.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-372.93.1.el8_6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -96,12 +138,6 @@ "product_name": "Red Hat Enterprise Linux 8", "version": { "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, { "version_value": "not down converted", "x_cve_json_5_version_data": { @@ -158,6 +194,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0930", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0930" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6546", "refsource": "MISC", @@ -189,17 +230,17 @@ "impact": { "cvss": [ { - "attackComplexity": "LOW", + "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", - "baseScore": 7.8, + "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ] diff --git a/2024/1xxx/CVE-2024-1108.json b/2024/1xxx/CVE-2024-1108.json index 3e2fb15ba78..5554e196853 100644 --- a/2024/1xxx/CVE-2024-1108.json +++ b/2024/1xxx/CVE-2024-1108.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1108", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "desertsnowman", + "product": { + "product_data": [ + { + "product_name": "Plugin Groups", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8298f1fb-3165-40e3-9192-805a07c14cae?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8298f1fb-3165-40e3-9192-805a07c14cae?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3036754/plugin-groups/trunk/classes/class-plugin-groups.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3036754/plugin-groups/trunk/classes/class-plugin-groups.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/1xxx/CVE-2024-1501.json b/2024/1xxx/CVE-2024-1501.json index ce53d720ecf..89a87671f15 100644 --- a/2024/1xxx/CVE-2024-1501.json +++ b/2024/1xxx/CVE-2024-1501.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1501", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "webfactory", + "product": { + "product_data": [ + { + "product_name": "Database Reset", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.22" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e493cf-d022-404d-a501-a6671e6116f4?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e493cf-d022-404d-a501-a6671e6116f4?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wordpress-database-reset/trunk/class-db-reset-admin.php#L127", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wordpress-database-reset/trunk/class-db-reset-admin.php#L127" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037742%40wordpress-database-reset&new=3037742%40wordpress-database-reset&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037742%40wordpress-database-reset&new=3037742%40wordpress-database-reset&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lucio S\u00e1" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/1xxx/CVE-2024-1562.json b/2024/1xxx/CVE-2024-1562.json index 8edeef75dfb..e73f38d9087 100644 --- a/2024/1xxx/CVE-2024-1562.json +++ b/2024/1xxx/CVE-2024-1562.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1562", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "westerndeal", + "product": { + "product_data": [ + { + "product_name": "WooCommerce Google Sheet Connector", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.3.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e36df7b7-fcbc-4e5d-812c-861bfe8abb55?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e36df7b7-fcbc-4e5d-812c-861bfe8abb55?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038517%40wc-gsheetconnector&new=3038517%40wc-gsheetconnector&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038517%40wc-gsheetconnector&new=3038517%40wc-gsheetconnector&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/1xxx/CVE-2024-1669.json b/2024/1xxx/CVE-2024-1669.json index 3e5bd33e914..9dd1a32a815 100644 --- a/2024/1xxx/CVE-2024-1669.json +++ b/2024/1xxx/CVE-2024-1669.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds memory access" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "122.0.6261.57", + "version_value": "122.0.6261.57" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html" + }, + { + "url": "https://issues.chromium.org/issues/41495060", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/41495060" } ] } diff --git a/2024/1xxx/CVE-2024-1670.json b/2024/1xxx/CVE-2024-1670.json index 498cb981904..1e5ce164150 100644 --- a/2024/1xxx/CVE-2024-1670.json +++ b/2024/1xxx/CVE-2024-1670.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "122.0.6261.57", + "version_value": "122.0.6261.57" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html" + }, + { + "url": "https://issues.chromium.org/issues/41481374", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/41481374" } ] } diff --git a/2024/1xxx/CVE-2024-1671.json b/2024/1xxx/CVE-2024-1671.json index 73cec475ead..6fadf3daec1 100644 --- a/2024/1xxx/CVE-2024-1671.json +++ b/2024/1xxx/CVE-2024-1671.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1671", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "122.0.6261.57", + "version_value": "122.0.6261.57" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html" + }, + { + "url": "https://issues.chromium.org/issues/41487933", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/41487933" } ] } diff --git a/2024/1xxx/CVE-2024-1672.json b/2024/1xxx/CVE-2024-1672.json index be44a8a1a0c..8d70b416fdc 100644 --- a/2024/1xxx/CVE-2024-1672.json +++ b/2024/1xxx/CVE-2024-1672.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1672", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "122.0.6261.57", + "version_value": "122.0.6261.57" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html" + }, + { + "url": "https://issues.chromium.org/issues/41485789", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/41485789" } ] } diff --git a/2024/1xxx/CVE-2024-1673.json b/2024/1xxx/CVE-2024-1673.json index 9fa5a78ea11..0d145603066 100644 --- a/2024/1xxx/CVE-2024-1673.json +++ b/2024/1xxx/CVE-2024-1673.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1673", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "122.0.6261.57", + "version_value": "122.0.6261.57" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html" + }, + { + "url": "https://issues.chromium.org/issues/41490491", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/41490491" } ] } diff --git a/2024/1xxx/CVE-2024-1674.json b/2024/1xxx/CVE-2024-1674.json index 8b59abd254a..657fdc98bbd 100644 --- a/2024/1xxx/CVE-2024-1674.json +++ b/2024/1xxx/CVE-2024-1674.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1674", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "122.0.6261.57", + "version_value": "122.0.6261.57" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html" + }, + { + "url": "https://issues.chromium.org/issues/40095183", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/40095183" } ] } diff --git a/2024/1xxx/CVE-2024-1675.json b/2024/1xxx/CVE-2024-1675.json index a518236dbd9..b58450025fb 100644 --- a/2024/1xxx/CVE-2024-1675.json +++ b/2024/1xxx/CVE-2024-1675.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1675", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "122.0.6261.57", + "version_value": "122.0.6261.57" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html" + }, + { + "url": "https://issues.chromium.org/issues/41486208", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/41486208" } ] } diff --git a/2024/1xxx/CVE-2024-1676.json b/2024/1xxx/CVE-2024-1676.json index 3cc15f3d9e3..cb973a77a4b 100644 --- a/2024/1xxx/CVE-2024-1676.json +++ b/2024/1xxx/CVE-2024-1676.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1676", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "122.0.6261.57", + "version_value": "122.0.6261.57" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html" + }, + { + "url": "https://issues.chromium.org/issues/40944847", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/40944847" } ] } diff --git a/2024/1xxx/CVE-2024-1699.json b/2024/1xxx/CVE-2024-1699.json new file mode 100644 index 00000000000..ed865431239 --- /dev/null +++ b/2024/1xxx/CVE-2024-1699.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1699", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/23xxx/CVE-2024-23301.json b/2024/23xxx/CVE-2024-23301.json index c4b33f74475..6f1880fb179 100644 --- a/2024/23xxx/CVE-2024-23301.json +++ b/2024/23xxx/CVE-2024-23301.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2024-a2f6e5ddb8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-49ddbf447d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHKMPXJNXEJJE6EVYE5HM7EKEJFQMBN7/" } ] } diff --git a/2024/24xxx/CVE-2024-24258.json b/2024/24xxx/CVE-2024-24258.json index bd802362567..72157c0908c 100644 --- a/2024/24xxx/CVE-2024-24258.json +++ b/2024/24xxx/CVE-2024-24258.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2024-b69a4d75a1", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-0356803680", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/" } ] } diff --git a/2024/24xxx/CVE-2024-24259.json b/2024/24xxx/CVE-2024-24259.json index 71ac61ea2f6..811eed0c008 100644 --- a/2024/24xxx/CVE-2024-24259.json +++ b/2024/24xxx/CVE-2024-24259.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2024-b69a4d75a1", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-0356803680", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/" } ] } diff --git a/2024/25xxx/CVE-2024-25151.json b/2024/25xxx/CVE-2024-25151.json index c75bdb3dec8..a0a0901d740 100644 --- a/2024/25xxx/CVE-2024-25151.json +++ b/2024/25xxx/CVE-2024-25151.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25151", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@liferay.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Liferay", + "product": { + "product_data": [ + { + "product_name": "Portal", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.4.2" + } + ] + } + }, + { + "product_name": "DXP", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.3.10", + "version_value": "7.3.10-dxp-2" + }, + { + "version_affected": "<=", + "version_name": "7.2.10", + "version_value": "7.2.10-dxp-14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25151", + "refsource": "MISC", + "name": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25151" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/26xxx/CVE-2024-26268.json b/2024/26xxx/CVE-2024-26268.json index 9801f4b9019..339c400f669 100644 --- a/2024/26xxx/CVE-2024-26268.json +++ b/2024/26xxx/CVE-2024-26268.json @@ -90,6 +90,12 @@ "source": { "discovery": "UNKNOWN" }, + "credits": [ + { + "lang": "en", + "value": "Barnab\u00e1s Horv\u00e1th (T4r0)" + } + ], "impact": { "cvss": [ { diff --git a/2024/27xxx/CVE-2024-27181.json b/2024/27xxx/CVE-2024-27181.json new file mode 100644 index 00000000000..4e8e65bc802 --- /dev/null +++ b/2024/27xxx/CVE-2024-27181.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-27181", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/27xxx/CVE-2024-27182.json b/2024/27xxx/CVE-2024-27182.json new file mode 100644 index 00000000000..5d9717e0420 --- /dev/null +++ b/2024/27xxx/CVE-2024-27182.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-27182", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file