From 8483e986408db6e4fe74b13bde88ab43995b385a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 9 Oct 2024 07:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/46xxx/CVE-2023-46586.json | 71 +++++++++++++++++++++++--- 2024/39xxx/CVE-2024-39436.json | 63 +++++++++++++++++++++-- 2024/39xxx/CVE-2024-39437.json | 63 +++++++++++++++++++++-- 2024/39xxx/CVE-2024-39438.json | 63 +++++++++++++++++++++-- 2024/39xxx/CVE-2024-39439.json | 63 +++++++++++++++++++++-- 2024/39xxx/CVE-2024-39440.json | 63 +++++++++++++++++++++-- 2024/39xxx/CVE-2024-39586.json | 85 +++++++++++++++++++++++++++++-- 2024/48xxx/CVE-2024-48883.json | 18 +++++++ 2024/9xxx/CVE-2024-9449.json | 91 ++++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9678.json | 18 +++++++ 2024/9xxx/CVE-2024-9679.json | 18 +++++++ 2024/9xxx/CVE-2024-9680.json | 18 +++++++ 12 files changed, 600 insertions(+), 34 deletions(-) create mode 100644 2024/48xxx/CVE-2024-48883.json create mode 100644 2024/9xxx/CVE-2024-9678.json create mode 100644 2024/9xxx/CVE-2024-9679.json create mode 100644 2024/9xxx/CVE-2024-9680.json diff --git a/2023/46xxx/CVE-2023-46586.json b/2023/46xxx/CVE-2023-46586.json index 5b5bf0b52eb..5f06625f162 100644 --- a/2023/46xxx/CVE-2023-46586.json +++ b/2023/46xxx/CVE-2023-46586.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46586", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46586", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\\0' termination of the path for CGI scripts because strncpy is misused." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/ltworf/weborf/pull/88", + "url": "https://github.com/ltworf/weborf/pull/88" + }, + { + "refsource": "MISC", + "name": "https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d", + "url": "https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d" + }, + { + "refsource": "MISC", + "name": "https://github.com/ltworf/weborf/commit/6f83c3e9ceed8b0d93608fd5d42b53c081057991", + "url": "https://github.com/ltworf/weborf/commit/6f83c3e9ceed8b0d93608fd5d42b53c081057991" + }, + { + "refsource": "MISC", + "name": "https://github.com/ltworf/weborf/pull/88/commits/7057d254b734dfc9cfb58983f901aa6ec3c94fd4", + "url": "https://github.com/ltworf/weborf/pull/88/commits/7057d254b734dfc9cfb58983f901aa6ec3c94fd4" } ] } diff --git a/2024/39xxx/CVE-2024-39436.json b/2024/39xxx/CVE-2024-39436.json index 1311f5936d5..33efea47a49 100644 --- a/2024/39xxx/CVE-2024-39436.json +++ b/2024/39xxx/CVE-2024-39436.json @@ -1,17 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39436", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@unisoc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cwe-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd.", + "product": { + "product_data": [ + { + "product_name": "SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android13/Android14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897", + "refsource": "MISC", + "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" } ] } diff --git a/2024/39xxx/CVE-2024-39437.json b/2024/39xxx/CVE-2024-39437.json index e28244cc47b..364e0b06e62 100644 --- a/2024/39xxx/CVE-2024-39437.json +++ b/2024/39xxx/CVE-2024-39437.json @@ -1,17 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39437", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@unisoc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cwe-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd.", + "product": { + "product_data": [ + { + "product_name": "SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android13/Android14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897", + "refsource": "MISC", + "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" } ] } diff --git a/2024/39xxx/CVE-2024-39438.json b/2024/39xxx/CVE-2024-39438.json index 480136dcc77..8c62cfac247 100644 --- a/2024/39xxx/CVE-2024-39438.json +++ b/2024/39xxx/CVE-2024-39438.json @@ -1,17 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39438", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@unisoc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cwe-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd.", + "product": { + "product_data": [ + { + "product_name": "SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android13/Android14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897", + "refsource": "MISC", + "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" } ] } diff --git a/2024/39xxx/CVE-2024-39439.json b/2024/39xxx/CVE-2024-39439.json index 089a8503f4f..34a3f14044a 100644 --- a/2024/39xxx/CVE-2024-39439.json +++ b/2024/39xxx/CVE-2024-39439.json @@ -1,17 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39439", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@unisoc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cwe-787 Out-of-bounds Write" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd.", + "product": { + "product_data": [ + { + "product_name": "T606/T612/T616/T610/T618/T760/T770/T820/S8000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android13/Android14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897", + "refsource": "MISC", + "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ] } diff --git a/2024/39xxx/CVE-2024-39440.json b/2024/39xxx/CVE-2024-39440.json index 6ea7dad793f..da324866510 100644 --- a/2024/39xxx/CVE-2024-39440.json +++ b/2024/39xxx/CVE-2024-39440.json @@ -1,17 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39440", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@unisoc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cwe-476 NULL Pointer Dereference" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unisoc (Shanghai) Technologies Co., Ltd.", + "product": { + "product_data": [ + { + "product_name": "T606/T612/T616/T610/T618/T760/T770/T820/S8000", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android13/Android14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897", + "refsource": "MISC", + "name": "https://www.unisoc.com/en_us/secy/announcementDetail/1843898270204624897" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ] } diff --git a/2024/39xxx/CVE-2024-39586.json b/2024/39xxx/CVE-2024-39586.json index 382ff5cf094..2a970cceaa3 100644 --- a/2024/39xxx/CVE-2024-39586.json +++ b/2024/39xxx/CVE-2024-39586.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611: Improper Restriction of XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "AppSync", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.3.0.0", + "version_value": "4.6.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000234216/dsa-2024-420-security-update-for-dell-emc-appsync-for-multiple-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000234216/dsa-2024-420-security-update-for-dell-emc-appsync-for-multiple-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Dell would like to thank B4gpipe for reporting this issue" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 2.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/48xxx/CVE-2024-48883.json b/2024/48xxx/CVE-2024-48883.json new file mode 100644 index 00000000000..36b5afb1850 --- /dev/null +++ b/2024/48xxx/CVE-2024-48883.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-48883", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9449.json b/2024/9xxx/CVE-2024-9449.json index 4aa7487bb80..ec32cf79f48 100644 --- a/2024/9xxx/CVE-2024-9449.json +++ b/2024/9xxx/CVE-2024-9449.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9449", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gregross", + "product": { + "product_data": [ + { + "product_name": "Auto iFrame", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a09dcc4-37ee-425d-b824-a593c22d711f?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1a09dcc4-37ee-425d-b824-a593c22d711f?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/auto-iframe/trunk/auto-iframe.php#L127", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/auto-iframe/trunk/auto-iframe.php#L127" + }, + { + "url": "https://wordpress.org/plugins/auto-iframe/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/auto-iframe/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/auto-iframe/trunk/auto-iframe.php#L173", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/auto-iframe/trunk/auto-iframe.php#L173" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3164574/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3164574/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Christofer Roth" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/9xxx/CVE-2024-9678.json b/2024/9xxx/CVE-2024-9678.json new file mode 100644 index 00000000000..100607a82e2 --- /dev/null +++ b/2024/9xxx/CVE-2024-9678.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9678", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9679.json b/2024/9xxx/CVE-2024-9679.json new file mode 100644 index 00000000000..7d5efecdba2 --- /dev/null +++ b/2024/9xxx/CVE-2024-9679.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9679", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9680.json b/2024/9xxx/CVE-2024-9680.json new file mode 100644 index 00000000000..341fb8ed327 --- /dev/null +++ b/2024/9xxx/CVE-2024-9680.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9680", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file