diff --git a/2024/39xxx/CVE-2024-39755.json b/2024/39xxx/CVE-2024-39755.json new file mode 100644 index 00000000000..bccd68dd672 --- /dev/null +++ b/2024/39xxx/CVE-2024-39755.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39755", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/41xxx/CVE-2024-41163.json b/2024/41xxx/CVE-2024-41163.json new file mode 100644 index 00000000000..a682511270b --- /dev/null +++ b/2024/41xxx/CVE-2024-41163.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-41163", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/41xxx/CVE-2024-41517.json b/2024/41xxx/CVE-2024-41517.json index bd8d36678fb..411e26c6f5e 100644 --- a/2024/41xxx/CVE-2024-41517.json +++ b/2024/41xxx/CVE-2024-41517.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41517", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41517", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Incorrect Access Control vulnerability in \"/admin/benutzer/institution/rechteverwaltung/uebersicht\" in Feripro <= v2.2.3 allows remote attackers to get a list of all users and their corresponding privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://feripro.com", + "refsource": "MISC", + "name": "http://feripro.com" + }, + { + "url": "http://mecodia.com", + "refsource": "MISC", + "name": "http://mecodia.com" + }, + { + "refsource": "CONFIRM", + "name": "https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/", + "url": "https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/" } ] } diff --git a/2024/41xxx/CVE-2024-41518.json b/2024/41xxx/CVE-2024-41518.json index 12463f9115c..4da8f4e1382 100644 --- a/2024/41xxx/CVE-2024-41518.json +++ b/2024/41xxx/CVE-2024-41518.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41518", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41518", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Incorrect Access Control vulnerability in \"/admin/programm//export/statistics\" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://feripro.com", + "refsource": "MISC", + "name": "http://feripro.com" + }, + { + "url": "http://mecodia.com", + "refsource": "MISC", + "name": "http://mecodia.com" + }, + { + "refsource": "CONFIRM", + "name": "https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/", + "url": "https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/" } ] } diff --git a/2024/41xxx/CVE-2024-41519.json b/2024/41xxx/CVE-2024-41519.json index ef9a8df2a7f..d50d96965a2 100644 --- a/2024/41xxx/CVE-2024-41519.json +++ b/2024/41xxx/CVE-2024-41519.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41519", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41519", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via \"/admin/programm//zuordnung/veranstaltungen/\" through the \"school\" input field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://feripro.com", + "refsource": "MISC", + "name": "http://feripro.com" + }, + { + "url": "http://mecodia.com", + "refsource": "MISC", + "name": "http://mecodia.com" + }, + { + "refsource": "CONFIRM", + "name": "https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/", + "url": "https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/" } ] } diff --git a/2024/41xxx/CVE-2024-41922.json b/2024/41xxx/CVE-2024-41922.json new file mode 100644 index 00000000000..8ed6fd74ce5 --- /dev/null +++ b/2024/41xxx/CVE-2024-41922.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-41922", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5154.json b/2024/5xxx/CVE-2024-5154.json index 63568707889..cad27bb314a 100644 --- a/2024/5xxx/CVE-2024-5154.json +++ b/2024/5xxx/CVE-2024-5154.json @@ -65,7 +65,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.26.5-18.2.rhaos4.13.git2e90133.el8", + "version": "0:1.26.5-18.2.rhaos4.13.git2e90133.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" diff --git a/2024/5xxx/CVE-2024-5971.json b/2024/5xxx/CVE-2024-5971.json index 06fd8d98874..8f4edf6b633 100644 --- a/2024/5xxx/CVE-2024-5971.json +++ b/2024/5xxx/CVE-2024-5971.json @@ -61,19 +61,6 @@ ] } }, - { - "product_name": "Red Hat build of Apache Camel 4.0 for Spring Boot", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat build of Apache Camel for Spring Boot", "version": { diff --git a/2024/6xxx/CVE-2024-6162.json b/2024/6xxx/CVE-2024-6162.json index 94ab76e4394..26c6e37b9a9 100644 --- a/2024/6xxx/CVE-2024-6162.json +++ b/2024/6xxx/CVE-2024-6162.json @@ -48,19 +48,6 @@ ] } }, - { - "product_name": "Red Hat build of Apache Camel 4.0 for Spring Boot", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat build of Apache Camel for Spring Boot", "version": { diff --git a/2024/6xxx/CVE-2024-6409.json b/2024/6xxx/CVE-2024-6409.json index a8f1c92050c..d17be36efbf 100644 --- a/2024/6xxx/CVE-2024-6409.json +++ b/2024/6xxx/CVE-2024-6409.json @@ -70,6 +70,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:8.7p1-12.el9_0.3", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "version": { @@ -199,6 +220,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:4716" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4910", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4910" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-6409", "refsource": "MISC", diff --git a/2024/6xxx/CVE-2024-6505.json b/2024/6xxx/CVE-2024-6505.json index 93a9025b8f2..c9fb33b2668 100644 --- a/2024/6xxx/CVE-2024-6505.json +++ b/2024/6xxx/CVE-2024-6505.json @@ -126,6 +126,12 @@ } ] }, + "work_around": [ + { + "lang": "en", + "value": "A viable mitigation for this vulnerability is to disable RSS on the nic/virtio driver." + } + ], "impact": { "cvss": [ { diff --git a/2024/7xxx/CVE-2024-7079.json b/2024/7xxx/CVE-2024-7079.json index a4f9d42c316..f663af9a9ad 100644 --- a/2024/7xxx/CVE-2024-7079.json +++ b/2024/7xxx/CVE-2024-7079.json @@ -81,6 +81,12 @@ } ] }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], "credits": [ { "lang": "en", @@ -93,14 +99,14 @@ "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", - "baseScore": 5.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" } ] diff --git a/2024/7xxx/CVE-2024-7314.json b/2024/7xxx/CVE-2024-7314.json index 3c70541933c..9b10c9ffd2b 100644 --- a/2024/7xxx/CVE-2024-7314.json +++ b/2024/7xxx/CVE-2024-7314.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7314", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclosure@vulncheck.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append \";swagger-ui\" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-280 Authentication Bypass by Alternate Name", + "cweId": "CWE-280" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "anji-plus", + "product": { + "product_data": [ + { + "product_name": "AJ-Report", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vulncheck.com/advisories/aj-report-swagger", + "refsource": "MISC", + "name": "https://vulncheck.com/advisories/aj-report-swagger" + }, + { + "url": "https://gitee.com/anji-plus/report/pulls/166/files", + "refsource": "MISC", + "name": "https://gitee.com/anji-plus/report/pulls/166/files" + }, + { + "url": "https://xz.aliyun.com/t/14460", + "refsource": "MISC", + "name": "https://xz.aliyun.com/t/14460" + }, + { + "url": "https://github.com/yuebusao/AJ-REPORT-EXPLOIT", + "refsource": "MISC", + "name": "https://github.com/yuebusao/AJ-REPORT-EXPLOIT" + }, + { + "url": "https://github.com/vulhub/vulhub/tree/master/aj-report/CNVD-2024-15077", + "refsource": "MISC", + "name": "https://github.com/vulhub/vulhub/tree/master/aj-report/CNVD-2024-15077" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/7xxx/CVE-2024-7426.json b/2024/7xxx/CVE-2024-7426.json new file mode 100644 index 00000000000..d7c1af0ca85 --- /dev/null +++ b/2024/7xxx/CVE-2024-7426.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7426", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7427.json b/2024/7xxx/CVE-2024-7427.json new file mode 100644 index 00000000000..d5275621b9c --- /dev/null +++ b/2024/7xxx/CVE-2024-7427.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7427", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7428.json b/2024/7xxx/CVE-2024-7428.json new file mode 100644 index 00000000000..84fdfaf2fd2 --- /dev/null +++ b/2024/7xxx/CVE-2024-7428.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7428", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7429.json b/2024/7xxx/CVE-2024-7429.json new file mode 100644 index 00000000000..070a8cc968b --- /dev/null +++ b/2024/7xxx/CVE-2024-7429.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7429", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file