From 7092c9167fc54a9cdfeb5026f51e1f61bd30baac Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 22 Jul 2024 19:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/2xxx/CVE-2024-2961.json | 5 +++ 2024/33xxx/CVE-2024-33599.json | 5 +++ 2024/33xxx/CVE-2024-33600.json | 5 +++ 2024/33xxx/CVE-2024-33601.json | 5 +++ 2024/33xxx/CVE-2024-33602.json | 5 +++ 2024/37xxx/CVE-2024-37380.json | 64 +++++++++++++++++++++++++++++++--- 2024/38xxx/CVE-2024-38944.json | 56 +++++++++++++++++++++++++---- 2024/40xxx/CVE-2024-40075.json | 56 +++++++++++++++++++++++++---- 2024/41xxx/CVE-2024-41880.json | 62 ++++++++++++++++++++++++++++++++ 9 files changed, 247 insertions(+), 16 deletions(-) create mode 100644 2024/41xxx/CVE-2024-41880.json diff --git a/2024/2xxx/CVE-2024-2961.json b/2024/2xxx/CVE-2024-2961.json index 7694b225d14..9ac244f7269 100644 --- a/2024/2xxx/CVE-2024-2961.json +++ b/2024/2xxx/CVE-2024-2961.json @@ -129,6 +129,11 @@ "url": "https://security.netapp.com/advisory/ntap-20240531-0002/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20240531-0002/" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ] }, diff --git a/2024/33xxx/CVE-2024-33599.json b/2024/33xxx/CVE-2024-33599.json index 24d24a94a9e..caa2cb313fd 100644 --- a/2024/33xxx/CVE-2024-33599.json +++ b/2024/33xxx/CVE-2024-33599.json @@ -69,6 +69,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ] }, diff --git a/2024/33xxx/CVE-2024-33600.json b/2024/33xxx/CVE-2024-33600.json index e54829c4a79..0d2b3efc93f 100644 --- a/2024/33xxx/CVE-2024-33600.json +++ b/2024/33xxx/CVE-2024-33600.json @@ -69,6 +69,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ] }, diff --git a/2024/33xxx/CVE-2024-33601.json b/2024/33xxx/CVE-2024-33601.json index 669b87b9a5e..f8f39c0aa4e 100644 --- a/2024/33xxx/CVE-2024-33601.json +++ b/2024/33xxx/CVE-2024-33601.json @@ -69,6 +69,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ] }, diff --git a/2024/33xxx/CVE-2024-33602.json b/2024/33xxx/CVE-2024-33602.json index f4f3516455c..82476c8f965 100644 --- a/2024/33xxx/CVE-2024-33602.json +++ b/2024/33xxx/CVE-2024-33602.json @@ -69,6 +69,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/07/22/5" } ] }, diff --git a/2024/37xxx/CVE-2024-37380.json b/2024/37xxx/CVE-2024-37380.json index 2b2683da690..eead8b10026 100644 --- a/2024/37xxx/CVE-2024-37380.json +++ b/2024/37xxx/CVE-2024-37380.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37380", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A misconfiguration on UniFi U6+ Access Point could cause an incorrect VLAN traffic forwarding to APs meshed to UniFi U6+ Access Point.\n\n\nAffected Products:\nUniFi U6+ Access Point (Version 6.6.65 and earlier) \n\n \nMitigation:\nUpdate your UniFi U6+ Access Point to Version 6.6.74 or later.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ubiquiti", + "product": { + "product_data": [ + { + "product_name": "UniFi U6+ Access Point", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.6.74", + "version_value": "6.6.74" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-041-041/df92860f-0379-4002-be47-6819a25a73a1", + "refsource": "MISC", + "name": "https://community.ui.com/releases/Security-Advisory-Bulletin-041-041/df92860f-0379-4002-be47-6819a25a73a1" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/38xxx/CVE-2024-38944.json b/2024/38xxx/CVE-2024-38944.json index 50bde3d7943..8b6c945c4bc 100644 --- a/2024/38xxx/CVE-2024-38944.json +++ b/2024/38xxx/CVE-2024-38944.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-38944", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-38944", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://gist.github.com/LemonSec/6aaea8320187a38e1a398fa321f12303", + "url": "https://gist.github.com/LemonSec/6aaea8320187a38e1a398fa321f12303" } ] } diff --git a/2024/40xxx/CVE-2024-40075.json b/2024/40xxx/CVE-2024-40075.json index 59d378fceaa..a0a3613803d 100644 --- a/2024/40xxx/CVE-2024-40075.json +++ b/2024/40xxx/CVE-2024-40075.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40075", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40075", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Laravel v11.x was discovered to contain an XML External Entity (XXE) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://gitee.com/Q16G/laravel_bug/blob/master/laravelBug.md", + "url": "https://gitee.com/Q16G/laravel_bug/blob/master/laravelBug.md" } ] } diff --git a/2024/41xxx/CVE-2024-41880.json b/2024/41xxx/CVE-2024-41880.json new file mode 100644 index 00000000000..44eb2c5ee19 --- /dev/null +++ b/2024/41xxx/CVE-2024-41880.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-41880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In veilid-core in Veilid before 0.3.4, the protocol's ping function can be misused in a way that decreases the effectiveness of safety and private routes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/veilid/veilid/-/issues/395", + "refsource": "MISC", + "name": "https://gitlab.com/veilid/veilid/-/issues/395" + } + ] + } +} \ No newline at end of file