diff --git a/2022/48xxx/CVE-2022-48655.json b/2022/48xxx/CVE-2022-48655.json index 46086c36322..4496486fd27 100644 --- a/2022/48xxx/CVE-2022-48655.json +++ b/2022/48xxx/CVE-2022-48655.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "95a15d80aa0d", - "version_value": "1f08a1b26cfc" + "version_value": "7184491fc515" }, { "version_value": "not down converted", @@ -57,6 +57,18 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "5.4.277", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.218", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "5.15.71", "lessThanOrEqual": "5.15.*", @@ -90,6 +102,16 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/7184491fc515f391afba23d0e9b690caaea72daf", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7184491fc515f391afba23d0e9b690caaea72daf" + }, + { + "url": "https://git.kernel.org/stable/c/f2277d9e2a0d092c13bae7ee82d75432bb8b5108", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f2277d9e2a0d092c13bae7ee82d75432bb8b5108" + }, { "url": "https://git.kernel.org/stable/c/1f08a1b26cfc53b7715abc46857c6023bb1b87de", "refsource": "MISC", diff --git a/2023/52xxx/CVE-2023-52434.json b/2023/52xxx/CVE-2023-52434.json index 0ccb34cd0f6..36f58b5d43b 100644 --- a/2023/52xxx/CVE-2023-52434.json +++ b/2023/52xxx/CVE-2023-52434.json @@ -41,12 +41,18 @@ { "version_affected": "<", "version_name": "1da177e4c3f4", - "version_value": "13fb0fc49176" + "version_value": "6726429c18c6" }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ + { + "version": "5.4.277", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "5.10.211", "lessThanOrEqual": "5.10.*", @@ -92,6 +98,11 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/6726429c18c62dbf5e96ebbd522f262e016553fb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6726429c18c62dbf5e96ebbd522f262e016553fb" + }, { "url": "https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5", "refsource": "MISC", @@ -120,6 +131,6 @@ ] }, "generator": { - "engine": "bippy-4986f5686161" + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52585.json b/2023/52xxx/CVE-2023-52585.json index 01b79397b85..df31fd718d7 100644 --- a/2023/52xxx/CVE-2023-52585.json +++ b/2023/52xxx/CVE-2023-52585.json @@ -41,12 +41,42 @@ { "version_affected": "<", "version_name": "1da177e4c3f4", - "version_value": "195a6289282e" + "version_value": "467139546f3f" }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ + { + "version": "5.4.277", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.218", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.160", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.92", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.32", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.7.4", "lessThanOrEqual": "6.7.*", @@ -74,6 +104,31 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/467139546f3fb93913de064461b1a43a212d7626" + }, + { + "url": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0eb296233f86750102aa43b97879b8d8311f249a" + }, + { + "url": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7e6d6f27522bcd037856234b720ff607b9c4a09b" + }, + { + "url": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/92cb363d16ac1e41c9764cdb513d0e89a6ff4915" + }, + { + "url": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c364e7a34c85c2154fb2e47561965d5b5a0b69b1" + }, { "url": "https://git.kernel.org/stable/c/195a6289282e039024ad30ba66e6f94a4d0fbe49", "refsource": "MISC", @@ -87,6 +142,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26583.json b/2024/26xxx/CVE-2024-26583.json index 12e4205ce59..fb9b41a1bf9 100644 --- a/2024/26xxx/CVE-2024-26583.json +++ b/2024/26xxx/CVE-2024-26583.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "0cada33241d9", - "version_value": "7a3ca06d04d5" + "version_value": "f17d21ea7391" }, { "version_value": "not down converted", @@ -57,6 +57,12 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "5.15.160", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.1.79", "lessThanOrEqual": "6.1.*", @@ -96,6 +102,11 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7" + }, { "url": "https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01", "refsource": "MISC", @@ -119,6 +130,6 @@ ] }, "generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26584.json b/2024/26xxx/CVE-2024-26584.json index e36b52cc29c..79bde9d44d0 100644 --- a/2024/26xxx/CVE-2024-26584.json +++ b/2024/26xxx/CVE-2024-26584.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "a54667f6728c", - "version_value": "cd1bbca03f3c" + "version_value": "3ade391adc58" }, { "version_value": "not down converted", @@ -57,6 +57,12 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "5.15.160", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.1.84", "lessThanOrEqual": "6.1.*", @@ -96,6 +102,11 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/3ade391adc584f17b5570fd205de3ad029090368", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3ade391adc584f17b5570fd205de3ad029090368" + }, { "url": "https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72", "refsource": "MISC", @@ -119,6 +130,6 @@ ] }, "generator": { - "engine": "bippy-5f0117140d9a" + "engine": "bippy-d175d3acf727" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26952.json b/2024/26xxx/CVE-2024-26952.json index efdc4c52ea2..5a8266e683a 100644 --- a/2024/26xxx/CVE-2024-26952.json +++ b/2024/26xxx/CVE-2024-26952.json @@ -41,12 +41,18 @@ { "version_affected": "<", "version_name": "1da177e4c3f4", - "version_value": "2dcda336b6e8" + "version_value": "39bdc4197acf" }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ + { + "version": "6.6.32", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.7.12", "lessThanOrEqual": "6.7.*", @@ -80,6 +86,11 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/39bdc4197acf2ed13269167ccf093ee28cfa2a4e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/39bdc4197acf2ed13269167ccf093ee28cfa2a4e" + }, { "url": "https://git.kernel.org/stable/c/2dcda336b6e80b72d58d30d40f2fad9724e5fe63", "refsource": "MISC", diff --git a/2024/36xxx/CVE-2024-36013.json b/2024/36xxx/CVE-2024-36013.json index af26ff0240a..bc82828ae93 100644 --- a/2024/36xxx/CVE-2024-36013.json +++ b/2024/36xxx/CVE-2024-36013.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "73ffa904b782", - "version_value": "4d7b41c0e439" + "version_value": "cfe560c7050b" }, { "version_value": "not down converted", @@ -57,6 +57,18 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.6.32", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.11", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.9", "lessThanOrEqual": "*", @@ -78,6 +90,16 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5" + }, + { + "url": "https://git.kernel.org/stable/c/826af9d2f69567c646ff46d10393d47e30ad23c6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/826af9d2f69567c646ff46d10393d47e30ad23c6" + }, { "url": "https://git.kernel.org/stable/c/4d7b41c0e43995b0e992b9f8903109275744b658", "refsource": "MISC", diff --git a/2024/5xxx/CVE-2024-5336.json b/2024/5xxx/CVE-2024-5336.json index 36fb4047f33..23e8c63b179 100644 --- a/2024/5xxx/CVE-2024-5336.json +++ b/2024/5xxx/CVE-2024-5336.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5336", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Ruijie RG-UAC up to 20240516 and classified as critical. This vulnerability affects the function addVlan of the file /view/networkConfig/vlan/vlan_add_commit.php. The manipulation of the argument phyport leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266242 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Ruijie RG-UAC bis 20240516 wurde eine kritische Schwachstelle gefunden. Betroffen ist die Funktion addVlan der Datei /view/networkConfig/vlan/vlan_add_commit.php. Durch das Beeinflussen des Arguments phyport mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ruijie", + "product": { + "product_data": [ + { + "product_name": "RG-UAC", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20240516" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.266242", + "refsource": "MISC", + "name": "https://vuldb.com/?id.266242" + }, + { + "url": "https://vuldb.com/?ctiid.266242", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.266242" + }, + { + "url": "https://vuldb.com/?submit.336031", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.336031" + }, + { + "url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-vlan%3Avlan_add_commit.php.pdf", + "refsource": "MISC", + "name": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-vlan%3Avlan_add_commit.php.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "H0e4a0r1t (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2024/5xxx/CVE-2024-5337.json b/2024/5xxx/CVE-2024-5337.json index bf3e7e3c419..742488ec379 100644 --- a/2024/5xxx/CVE-2024-5337.json +++ b/2024/5xxx/CVE-2024-5337.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5337", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Ruijie RG-UAC up to 20240516 and classified as critical. This issue affects some unknown processing of the file /view/systemConfig/sys_user/user_commit.php. The manipulation of the argument email2/user_name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Ruijie RG-UAC bis 20240516 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /view/systemConfig/sys_user/user_commit.php. Durch Beeinflussen des Arguments email2/user_name mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ruijie", + "product": { + "product_data": [ + { + "product_name": "RG-UAC", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20240516" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.266243", + "refsource": "MISC", + "name": "https://vuldb.com/?id.266243" + }, + { + "url": "https://vuldb.com/?ctiid.266243", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.266243" + }, + { + "url": "https://vuldb.com/?submit.336032", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.336032" + }, + { + "url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-sys_user%3Auser_commit.php.pdf", + "refsource": "MISC", + "name": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/z%7CYVDv%7CHKA)*%5CdK!/Ruijie%20RG-UAC%20Unified%20Internet%20Behavior%20Management%20Audit%20System%20Backend%20RCE%20Vulnerability-sys_user%3Auser_commit.php.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "H0e4a0r1t (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] }