From 848e300bcd7ee577e7423cf47a447b1ba6f889cd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 8 May 2024 22:00:30 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/10xxx/CVE-2018-10172.json | 2 +- 2019/14xxx/CVE-2019-14771.json | 2 +- 2021/30xxx/CVE-2021-30080.json | 7 ++- 2022/38xxx/CVE-2022-38164.json | 2 +- 2022/42xxx/CVE-2022-42092.json | 2 +- 2022/43xxx/CVE-2022-43279.json | 7 ++- 2022/43xxx/CVE-2022-43747.json | 7 ++- 2023/40xxx/CVE-2023-40533.json | 79 +--------------------------------- 2024/26xxx/CVE-2024-26517.json | 61 +++++++++++++++++++++++--- 2024/26xxx/CVE-2024-26579.json | 5 +++ 2024/27xxx/CVE-2024-27280.json | 61 +++++++++++++++++++++++--- 2024/27xxx/CVE-2024-27281.json | 61 +++++++++++++++++++++++--- 2024/27xxx/CVE-2024-27282.json | 61 +++++++++++++++++++++++--- 2024/28xxx/CVE-2024-28759.json | 75 +++++++++++++++++++++++++++++--- 2024/29xxx/CVE-2024-29145.json | 18 ++++++++ 2024/31xxx/CVE-2024-31075.json | 18 ++++++++ 2024/33xxx/CVE-2024-33613.json | 18 ++++++++ 2024/34xxx/CVE-2024-34196.json | 56 +++++++++++++++++++++--- 2024/34xxx/CVE-2024-34308.json | 56 +++++++++++++++++++++--- 2024/34xxx/CVE-2024-34517.json | 5 +++ 2024/34xxx/CVE-2024-34774.json | 18 ++++++++ 2024/34xxx/CVE-2024-34775.json | 18 ++++++++ 2024/3xxx/CVE-2024-3661.json | 5 +++ 2024/4xxx/CVE-2024-4664.json | 18 ++++++++ 2024/4xxx/CVE-2024-4665.json | 18 ++++++++ 25 files changed, 554 insertions(+), 126 deletions(-) create mode 100644 2024/29xxx/CVE-2024-29145.json create mode 100644 2024/31xxx/CVE-2024-31075.json create mode 100644 2024/33xxx/CVE-2024-33613.json create mode 100644 2024/34xxx/CVE-2024-34774.json create mode 100644 2024/34xxx/CVE-2024-34775.json create mode 100644 2024/4xxx/CVE-2024-4664.json create mode 100644 2024/4xxx/CVE-2024-4665.json diff --git a/2018/10xxx/CVE-2018-10172.json b/2018/10xxx/CVE-2018-10172.json index a8aac3f464f..65340842221 100644 --- a/2018/10xxx/CVE-2018-10172.json +++ b/2018/10xxx/CVE-2018-10172.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "7-Zip through 18.01 on Windows implements the \"Large memory pages\" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process." + "value": "** DISPUTED ** 7-Zip through 18.01 on Windows implements the \"Large memory pages\" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows." } ] }, diff --git a/2019/14xxx/CVE-2019-14771.json b/2019/14xxx/CVE-2019-14771.json index 7f6d33ea383..de54ba7990b 100644 --- a/2019/14xxx/CVE-2019-14771.json +++ b/2019/14xxx/CVE-2019-14771.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the server. (This attack is mitigated by the attacker needing the \"Synchronize, import, and export configuration\" permission, a permission that only trusted administrators should be given. Other preventative measures in Backdrop CMS prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.)" + "value": "** DISPUTED ** Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the server. (This attack is mitigated by the attacker needing the \"Synchronize, import, and export configuration\" permission, a permission that only trusted administrators should be given. Other preventative measures in Backdrop CMS prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.) Note: This has been disputed by multiple 3rd parties due to advanced permissions that are needed to exploit." } ] }, diff --git a/2021/30xxx/CVE-2021-30080.json b/2021/30xxx/CVE-2021-30080.json index 16f8602f985..f0505f18a46 100644 --- a/2021/30xxx/CVE-2021-30080.json +++ b/2021/30xxx/CVE-2021-30080.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control." + "value": "An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control." } ] }, @@ -56,6 +56,11 @@ "url": "https://github.com/beego/beego/commit/d5df5e470d0a8ed291930ae802fd7e6b95226519", "refsource": "MISC", "name": "https://github.com/beego/beego/commit/d5df5e470d0a8ed291930ae802fd7e6b95226519" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/beego/beego/releases/tag/v1.12.11", + "url": "https://github.com/beego/beego/releases/tag/v1.12.11" } ] } diff --git a/2022/38xxx/CVE-2022-38164.json b/2022/38xxx/CVE-2022-38164.json index 37a16bf9f28..18f57739a75 100644 --- a/2022/38xxx/CVE-2022-38164.json +++ b/2022/38xxx/CVE-2022-38164.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 3 of 5)." + "value": "A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. A maliciously crafted website could make a phishing attack with URL spoofing as the browser only display certain part of the entire URL." } ] }, diff --git a/2022/42xxx/CVE-2022-42092.json b/2022/42xxx/CVE-2022-42092.json index debb4b54677..078cbcf324f 100644 --- a/2022/42xxx/CVE-2022-42092.json +++ b/2022/42xxx/CVE-2022-42092.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution." + "value": "** DISPUTED ** Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required." } ] }, diff --git a/2022/43xxx/CVE-2022-43279.json b/2022/43xxx/CVE-2022-43279.json index f95da270a5e..9e25b168375 100644 --- a/2022/43xxx/CVE-2022-43279.json +++ b/2022/43xxx/CVE-2022-43279.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php." + "value": "LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php." } ] }, @@ -56,6 +56,11 @@ "url": "https://brick-pamphlet-d24.notion.site/LimeSurvey-V5-4-4-background-update-php-SQL-injection-50e8fd6eba4644bb941b2c8d6fb7979a", "refsource": "MISC", "name": "https://brick-pamphlet-d24.notion.site/LimeSurvey-V5-4-4-background-update-php-SQL-injection-50e8fd6eba4644bb941b2c8d6fb7979a" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/LimeSurvey/LimeSurvey/commit/42920389f99cdd25449eb7ace57f24417e83b692", + "url": "https://github.com/LimeSurvey/LimeSurvey/commit/42920389f99cdd25449eb7ace57f24417e83b692" } ] } diff --git a/2022/43xxx/CVE-2022-43747.json b/2022/43xxx/CVE-2022-43747.json index 05881d486e9..7dbafb3bc0a 100644 --- a/2022/43xxx/CVE-2022-43747.json +++ b/2022/43xxx/CVE-2022-43747.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2." + "value": "baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in security update S-2022-01, which contains fixed bMA setup files for these versions. This also is fixed in baramundi Management Suite 2022 R2." } ] }, @@ -56,6 +56,11 @@ "url": "https://www.baramundi.com/de-de/security-info/s-2022-01/", "refsource": "MISC", "name": "https://www.baramundi.com/de-de/security-info/s-2022-01/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.baramundi.com/en-us/security-info/s-2022-01/", + "url": "https://www.baramundi.com/en-us/security-info/s-2022-01/" } ] }, diff --git a/2023/40xxx/CVE-2023-40533.json b/2023/40xxx/CVE-2023-40533.json index b47b2329373..277952a68d1 100644 --- a/2023/40xxx/CVE-2023-40533.json +++ b/2023/40xxx/CVE-2023-40533.json @@ -5,88 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2023-40533", "ASSIGNER": "talos-cna@cisco.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 while parsing HTTP requests. In certain configurations, a specially crafted HTTP request can result in disclosure of data allocated on the heap, which could contain sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-457: Use of Uninitialized Variable", - "cweId": "CWE-457" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tinyproxy", - "product": { - "product_data": [ - { - "product_name": "Tinyproxy", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.11.1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1902", - "refsource": "MISC", - "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1902" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/05/07/1", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/05/07/1" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Discovered by Dimitrios Tatsis of Cisco Talos." - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "attackVector": "NETWORK", - "attackComplexity": "HIGH", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseScore": 5.9, - "baseSeverity": "MEDIUM" + "value": "** REJECT ** This CVE ID is a duplicate of CVE-2022-40468\n" } ] } diff --git a/2024/26xxx/CVE-2024-26517.json b/2024/26xxx/CVE-2024-26517.json index 725922e49e2..09abf4c4687 100644 --- a/2024/26xxx/CVE-2024-26517.json +++ b/2024/26xxx/CVE-2024-26517.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-26517", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-26517", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/16877/school-task-manager-using-php-source-code.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/16877/school-task-manager-using-php-source-code.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/unrealjbr/CVE-2024-26517", + "url": "https://github.com/unrealjbr/CVE-2024-26517" } ] } diff --git a/2024/26xxx/CVE-2024-26579.json b/2024/26xxx/CVE-2024-26579.json index 61c1b10b961..ebe23156f48 100644 --- a/2024/26xxx/CVE-2024-26579.json +++ b/2024/26xxx/CVE-2024-26579.json @@ -59,6 +59,11 @@ "url": "https://lists.apache.org/thread/d2hndtvh6bll4pkl91o2oqxyynhr54k3", "refsource": "MISC", "name": "https://lists.apache.org/thread/d2hndtvh6bll4pkl91o2oqxyynhr54k3" + }, + { + "url": "https://github.com/advisories/GHSA-fgh3-pwmp-3qw3", + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-fgh3-pwmp-3qw3" } ] }, diff --git a/2024/27xxx/CVE-2024-27280.json b/2024/27xxx/CVE-2024-27280.json index 5168b0a9271..978c8109053 100644 --- a/2024/27xxx/CVE-2024-27280.json +++ b/2024/27xxx/CVE-2024-27280.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-27280", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-27280", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/1399856", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1399856" + }, + { + "refsource": "MISC", + "name": "https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/", + "url": "https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/" } ] } diff --git a/2024/27xxx/CVE-2024-27281.json b/2024/27xxx/CVE-2024-27281.json index ed9b6a6a64d..ea7289260be 100644 --- a/2024/27xxx/CVE-2024-27281.json +++ b/2024/27xxx/CVE-2024-27281.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-27281", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-27281", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/1187477", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1187477" + }, + { + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/", + "url": "https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/" } ] } diff --git a/2024/27xxx/CVE-2024-27282.json b/2024/27xxx/CVE-2024-27282.json index ab5445179ad..46c2e8356be 100644 --- a/2024/27xxx/CVE-2024-27282.json +++ b/2024/27xxx/CVE-2024-27282.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-27282", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-27282", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/2122624", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2122624" + }, + { + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/", + "url": "https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/" } ] } diff --git a/2024/28xxx/CVE-2024-28759.json b/2024/28xxx/CVE-2024-28759.json index b567b8dba3b..d3d790eb89e 100644 --- a/2024/28xxx/CVE-2024-28759.json +++ b/2024/28xxx/CVE-2024-28759.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28759", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28759", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://windriver.com", + "refsource": "MISC", + "name": "https://windriver.com" + }, + { + "refsource": "CONFIRM", + "name": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2024-28759", + "url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2024-28759" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:A/A:L/C:N/I:N/PR:N/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29145.json b/2024/29xxx/CVE-2024-29145.json new file mode 100644 index 00000000000..e89b8f0467c --- /dev/null +++ b/2024/29xxx/CVE-2024-29145.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29145", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31075.json b/2024/31xxx/CVE-2024-31075.json new file mode 100644 index 00000000000..b34418a989a --- /dev/null +++ b/2024/31xxx/CVE-2024-31075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/33xxx/CVE-2024-33613.json b/2024/33xxx/CVE-2024-33613.json new file mode 100644 index 00000000000..8604f134a95 --- /dev/null +++ b/2024/33xxx/CVE-2024-33613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-33613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34196.json b/2024/34xxx/CVE-2024-34196.json index 04deb6ad861..5ce863f4d40 100644 --- a/2024/34xxx/CVE-2024-34196.json +++ b/2024/34xxx/CVE-2024-34196.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-34196", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-34196", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The \"boa\" program allows attackers to modify the value of the \"vwlan_idx\" field via \"formMultiAP\". This can lead to a stack overflow through the \"formWlEncrypt\" CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/Swind1er/1ec2fde42254598a72f1d716f9cfe2a1", + "refsource": "MISC", + "name": "https://gist.github.com/Swind1er/1ec2fde42254598a72f1d716f9cfe2a1" } ] } diff --git a/2024/34xxx/CVE-2024-34308.json b/2024/34xxx/CVE-2024-34308.json index 5e43000133b..4d4d9f4ac45 100644 --- a/2024/34xxx/CVE-2024-34308.json +++ b/2024/34xxx/CVE-2024-34308.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-34308", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-34308", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/README.md", + "url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/README.md" } ] } diff --git a/2024/34xxx/CVE-2024-34517.json b/2024/34xxx/CVE-2024-34517.json index 6c0ef5c8447..3bc13f47a7a 100644 --- a/2024/34xxx/CVE-2024-34517.json +++ b/2024/34xxx/CVE-2024-34517.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://github.com/neo4j/neo4j/wiki/Neo4j-5-changelog#cypher", "url": "https://github.com/neo4j/neo4j/wiki/Neo4j-5-changelog#cypher" + }, + { + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-p343-9qwp-pqxv", + "url": "https://github.com/advisories/GHSA-p343-9qwp-pqxv" } ] } diff --git a/2024/34xxx/CVE-2024-34774.json b/2024/34xxx/CVE-2024-34774.json new file mode 100644 index 00000000000..04eaca43f79 --- /dev/null +++ b/2024/34xxx/CVE-2024-34774.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34774", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34775.json b/2024/34xxx/CVE-2024-34775.json new file mode 100644 index 00000000000..64540e36903 --- /dev/null +++ b/2024/34xxx/CVE-2024-34775.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34775", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3661.json b/2024/3xxx/CVE-2024-3661.json index 733a3aa5a29..bcecee09e49 100644 --- a/2024/3xxx/CVE-2024-3661.json +++ b/2024/3xxx/CVE-2024-3661.json @@ -135,6 +135,11 @@ "url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con", "refsource": "MISC", "name": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con" + }, + { + "url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/", + "refsource": "MISC", + "name": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/" } ] }, diff --git a/2024/4xxx/CVE-2024-4664.json b/2024/4xxx/CVE-2024-4664.json new file mode 100644 index 00000000000..79ba9ad5029 --- /dev/null +++ b/2024/4xxx/CVE-2024-4664.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4664", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4665.json b/2024/4xxx/CVE-2024-4665.json new file mode 100644 index 00000000000..dd0a84b1a42 --- /dev/null +++ b/2024/4xxx/CVE-2024-4665.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4665", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file