diff --git a/2024/10xxx/CVE-2024-10914.json b/2024/10xxx/CVE-2024-10914.json new file mode 100644 index 00000000000..3cfe449b53e --- /dev/null +++ b/2024/10xxx/CVE-2024-10914.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10914", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10915.json b/2024/10xxx/CVE-2024-10915.json new file mode 100644 index 00000000000..7ca5a41ee8f --- /dev/null +++ b/2024/10xxx/CVE-2024-10915.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10915", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10916.json b/2024/10xxx/CVE-2024-10916.json new file mode 100644 index 00000000000..97303179d18 --- /dev/null +++ b/2024/10xxx/CVE-2024-10916.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10916", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/52xxx/CVE-2024-52043.json b/2024/52xxx/CVE-2024-52043.json index 3cf58e5d726..f30cd9f6590 100644 --- a/2024/52xxx/CVE-2024-52043.json +++ b/2024/52xxx/CVE-2024-52043.json @@ -1,18 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52043", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Observable Response Discrepancy vulnerability in HumHub GmbH & Co. KG - HumHub on Linux allows: Excavation (user enumeration).This issue affects all released HumHub versions: through 1.16.2." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-204: Observable Response Discrepancy", + "cweId": "CWE-204" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HumHub GmbH & Co. KG", + "product": { + "product_data": [ + { + "product_name": "HumHub", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.16.2", + "status": "affected", + "version": "0", + "versionType": "git" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.vulsec.org/advisories", + "refsource": "MISC", + "name": "https://www.vulsec.org/advisories" + }, + { + "url": "https://github.com/humhub/humhub/security", + "refsource": "MISC", + "name": "https://github.com/humhub/humhub/security" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Erez Kalman" + } + ] } \ No newline at end of file diff --git a/2024/52xxx/CVE-2024-52268.json b/2024/52xxx/CVE-2024-52268.json new file mode 100644 index 00000000000..c88aece421e --- /dev/null +++ b/2024/52xxx/CVE-2024-52268.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-52268", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9681.json b/2024/9xxx/CVE-2024-9681.json index d7a3de89c2b..f1e509661fd 100644 --- a/2024/9xxx/CVE-2024-9681.json +++ b/2024/9xxx/CVE-2024-9681.json @@ -1,18 +1,264 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9681", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@curl.se", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1025 Comparison Using Wrong Factors" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "curl", + "product": { + "product_data": [ + { + "product_name": "curl", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "8.10.1", + "version_value": "8.10.1" + }, + { + "version_affected": "<=", + "version_name": "8.10.0", + "version_value": "8.10.0" + }, + { + "version_affected": "<=", + "version_name": "8.9.1", + "version_value": "8.9.1" + }, + { + "version_affected": "<=", + "version_name": "8.9.0", + "version_value": "8.9.0" + }, + { + "version_affected": "<=", + "version_name": "8.8.0", + "version_value": "8.8.0" + }, + { + "version_affected": "<=", + "version_name": "8.7.1", + "version_value": "8.7.1" + }, + { + "version_affected": "<=", + "version_name": "8.7.0", + "version_value": "8.7.0" + }, + { + "version_affected": "<=", + "version_name": "8.6.0", + "version_value": "8.6.0" + }, + { + "version_affected": "<=", + "version_name": "8.5.0", + "version_value": "8.5.0" + }, + { + "version_affected": "<=", + "version_name": "8.4.0", + "version_value": "8.4.0" + }, + { + "version_affected": "<=", + "version_name": "8.3.0", + "version_value": "8.3.0" + }, + { + "version_affected": "<=", + "version_name": "8.2.1", + "version_value": "8.2.1" + }, + { + "version_affected": "<=", + "version_name": "8.2.0", + "version_value": "8.2.0" + }, + { + "version_affected": "<=", + "version_name": "8.1.2", + "version_value": "8.1.2" + }, + { + "version_affected": "<=", + "version_name": "8.1.1", + "version_value": "8.1.1" + }, + { + "version_affected": "<=", + "version_name": "8.1.0", + "version_value": "8.1.0" + }, + { + "version_affected": "<=", + "version_name": "8.0.1", + "version_value": "8.0.1" + }, + { + "version_affected": "<=", + "version_name": "8.0.0", + "version_value": "8.0.0" + }, + { + "version_affected": "<=", + "version_name": "7.88.1", + "version_value": "7.88.1" + }, + { + "version_affected": "<=", + "version_name": "7.88.0", + "version_value": "7.88.0" + }, + { + "version_affected": "<=", + "version_name": "7.87.0", + "version_value": "7.87.0" + }, + { + "version_affected": "<=", + "version_name": "7.86.0", + "version_value": "7.86.0" + }, + { + "version_affected": "<=", + "version_name": "7.85.0", + "version_value": "7.85.0" + }, + { + "version_affected": "<=", + "version_name": "7.84.0", + "version_value": "7.84.0" + }, + { + "version_affected": "<=", + "version_name": "7.83.1", + "version_value": "7.83.1" + }, + { + "version_affected": "<=", + "version_name": "7.83.0", + "version_value": "7.83.0" + }, + { + "version_affected": "<=", + "version_name": "7.82.0", + "version_value": "7.82.0" + }, + { + "version_affected": "<=", + "version_name": "7.81.0", + "version_value": "7.81.0" + }, + { + "version_affected": "<=", + "version_name": "7.80.0", + "version_value": "7.80.0" + }, + { + "version_affected": "<=", + "version_name": "7.79.1", + "version_value": "7.79.1" + }, + { + "version_affected": "<=", + "version_name": "7.79.0", + "version_value": "7.79.0" + }, + { + "version_affected": "<=", + "version_name": "7.78.0", + "version_value": "7.78.0" + }, + { + "version_affected": "<=", + "version_name": "7.77.0", + "version_value": "7.77.0" + }, + { + "version_affected": "<=", + "version_name": "7.76.1", + "version_value": "7.76.1" + }, + { + "version_affected": "<=", + "version_name": "7.76.0", + "version_value": "7.76.0" + }, + { + "version_affected": "<=", + "version_name": "7.75.0", + "version_value": "7.75.0" + }, + { + "version_affected": "<=", + "version_name": "7.74.0", + "version_value": "7.74.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://curl.se/docs/CVE-2024-9681.json", + "refsource": "MISC", + "name": "https://curl.se/docs/CVE-2024-9681.json" + }, + { + "url": "https://curl.se/docs/CVE-2024-9681.html", + "refsource": "MISC", + "name": "https://curl.se/docs/CVE-2024-9681.html" + }, + { + "url": "https://hackerone.com/reports/2764830", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2764830" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "newfunction" + }, + { + "lang": "en", + "value": "Daniel Stenberg" + } + ] } \ No newline at end of file