From 8aba23c164f3666ce2a081fedc293a3d8f005b95 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 15:15:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/4xxx/CVE-2007-4559.json | 5 ++ 2020/36xxx/CVE-2020-36825.json | 95 ++---------------------------- 2022/38xxx/CVE-2022-38223.json | 10 ---- 2022/48xxx/CVE-2022-48620.json | 5 ++ 2023/28xxx/CVE-2023-28746.json | 5 ++ 2023/38xxx/CVE-2023-38252.json | 5 ++ 2023/38xxx/CVE-2023-38253.json | 5 ++ 2023/39xxx/CVE-2023-39325.json | 5 ++ 2023/3xxx/CVE-2023-3966.json | 5 ++ 2023/43xxx/CVE-2023-43279.json | 5 ++ 2023/46xxx/CVE-2023-46841.json | 5 ++ 2023/47xxx/CVE-2023-47995.json | 5 ++ 2023/47xxx/CVE-2023-47997.json | 5 ++ 2023/4xxx/CVE-2023-4255.json | 10 ---- 2023/4xxx/CVE-2023-4256.json | 10 ---- 2023/52xxx/CVE-2023-52161.json | 10 ++++ 2023/5xxx/CVE-2023-5366.json | 5 ++ 2023/5xxx/CVE-2023-5388.json | 5 ++ 2023/5xxx/CVE-2023-5992.json | 5 ++ 2024/0xxx/CVE-2024-0743.json | 5 ++ 2024/1xxx/CVE-2024-1454.json | 5 ++ 2024/1xxx/CVE-2024-1580.json | 60 ------------------- 2024/1xxx/CVE-2024-1622.json | 5 ++ 2024/22xxx/CVE-2024-22871.json | 10 ---- 2024/24xxx/CVE-2024-24246.json | 5 ++ 2024/27xxx/CVE-2024-27507.json | 5 ++ 2024/28xxx/CVE-2024-28054.json | 15 +++++ 2024/28xxx/CVE-2024-28084.json | 5 ++ 2024/28xxx/CVE-2024-28176.json | 5 ++ 2024/28xxx/CVE-2024-28180.json | 5 ++ 2024/28xxx/CVE-2024-28757.json | 5 ++ 2024/28xxx/CVE-2024-28849.json | 5 ++ 2024/2xxx/CVE-2024-2044.json | 5 ++ 2024/2xxx/CVE-2024-2182.json | 5 ++ 2024/2xxx/CVE-2024-2193.json | 5 ++ 2024/2xxx/CVE-2024-2357.json | 5 ++ 2024/2xxx/CVE-2024-2468.json | 75 ++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2607.json | 5 ++ 2024/2xxx/CVE-2024-2608.json | 5 ++ 2024/2xxx/CVE-2024-2610.json | 5 ++ 2024/2xxx/CVE-2024-2612.json | 5 ++ 2024/2xxx/CVE-2024-2616.json | 5 ++ 2024/2xxx/CVE-2024-2625.json | 5 ++ 2024/2xxx/CVE-2024-2626.json | 5 ++ 2024/2xxx/CVE-2024-2627.json | 5 ++ 2024/2xxx/CVE-2024-2628.json | 5 ++ 2024/2xxx/CVE-2024-2629.json | 5 ++ 2024/2xxx/CVE-2024-2630.json | 5 ++ 2024/2xxx/CVE-2024-2631.json | 5 ++ 2024/2xxx/CVE-2024-2688.json | 79 +++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2832.json | 95 ++++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2850.json | 95 ++---------------------------- 2024/2xxx/CVE-2024-2851.json | 99 ++----------------------------- 2024/2xxx/CVE-2024-2852.json | 95 ++---------------------------- 2024/2xxx/CVE-2024-2853.json | 99 ++----------------------------- 2024/2xxx/CVE-2024-2854.json | 95 ++---------------------------- 2024/2xxx/CVE-2024-2855.json | 103 ++------------------------------ 2024/2xxx/CVE-2024-2856.json | 104 ++------------------------------- 58 files changed, 494 insertions(+), 865 deletions(-) diff --git a/2007/4xxx/CVE-2007-4559.json b/2007/4xxx/CVE-2007-4559.json index cd57b087aa3..927375a58c4 100644 --- a/2007/4xxx/CVE-2007-4559.json +++ b/2007/4xxx/CVE-2007-4559.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2024-ebb3c95344", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-46374d2703", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/" } ] } diff --git a/2020/36xxx/CVE-2020-36825.json b/2020/36xxx/CVE-2020-36825.json index 774aa78c5a6..5aa54757632 100644 --- a/2020/36xxx/CVE-2020-36825.json +++ b/2020/36xxx/CVE-2020-36825.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36825", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function download_file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The patch is identified as 0c394a795b9c10c07085361e6fcea286ee793701. It is recommended to apply a patch to fix this issue. VDB-257782 is the identifier assigned to this vulnerability." - }, - { - "lang": "deu", - "value": "In cyberaz0r WebRAT bis 20191222 wurde eine kritische Schwachstelle gefunden. Betroffen ist die Funktion download_file der Datei Server/api.php. Durch Manipulieren des Arguments name mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 0c394a795b9c10c07085361e6fcea286ee793701 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-434 Unrestricted Upload", - "cweId": "CWE-434" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "cyberaz0r", - "product": { - "product_data": [ - { - "product_name": "WebRAT", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "20191222" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.257782", - "refsource": "MISC", - "name": "https://vuldb.com/?id.257782" - }, - { - "url": "https://vuldb.com/?ctiid.257782", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.257782" - }, - { - "url": "https://github.com/cyberaz0r/WebRAT/commit/0c394a795b9c10c07085361e6fcea286ee793701", - "refsource": "MISC", - "name": "https://github.com/cyberaz0r/WebRAT/commit/0c394a795b9c10c07085361e6fcea286ee793701" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "VulDB GitHub Commit Analyzer" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2022/38xxx/CVE-2022-38223.json b/2022/38xxx/CVE-2022-38223.json index 595bf805af4..7b9846b9782 100644 --- a/2022/38xxx/CVE-2022-38223.json +++ b/2022/38xxx/CVE-2022-38223.json @@ -76,16 +76,6 @@ "refsource": "FEDORA", "name": "FEDORA-2024-aeb75f8b5b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2024-3fc66f8bf3", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2024-38c2261ca0", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/" } ] } diff --git a/2022/48xxx/CVE-2022-48620.json b/2022/48xxx/CVE-2022-48620.json index a9cbc5ac937..c6b618daac4 100644 --- a/2022/48xxx/CVE-2022-48620.json +++ b/2022/48xxx/CVE-2022-48620.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2024-d6a850992f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-40fbf3ee48", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/" } ] } diff --git a/2023/28xxx/CVE-2023-28746.json b/2023/28xxx/CVE-2023-28746.json index 90f5915fc1d..40839cf7727 100644 --- a/2023/28xxx/CVE-2023-28746.json +++ b/2023/28xxx/CVE-2023-28746.json @@ -62,6 +62,11 @@ "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "refsource": "MISC", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/" } ] }, diff --git a/2023/38xxx/CVE-2023-38252.json b/2023/38xxx/CVE-2023-38252.json index 99ef6354a95..de9b4a328ea 100644 --- a/2023/38xxx/CVE-2023-38252.json +++ b/2023/38xxx/CVE-2023-38252.json @@ -123,6 +123,11 @@ "url": "https://github.com/tats/w3m/issues/270", "refsource": "MISC", "name": "https://github.com/tats/w3m/issues/270" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/" } ] }, diff --git a/2023/38xxx/CVE-2023-38253.json b/2023/38xxx/CVE-2023-38253.json index 7c7a720a4a4..59c4a052e9d 100644 --- a/2023/38xxx/CVE-2023-38253.json +++ b/2023/38xxx/CVE-2023-38253.json @@ -123,6 +123,11 @@ "url": "https://github.com/tats/w3m/issues/271", "refsource": "MISC", "name": "https://github.com/tats/w3m/issues/271" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/" } ] }, diff --git a/2023/39xxx/CVE-2023-39325.json b/2023/39xxx/CVE-2023-39325.json index 52d144c2adc..7246a8565c6 100644 --- a/2023/39xxx/CVE-2023-39325.json +++ b/2023/39xxx/CVE-2023-39325.json @@ -272,6 +272,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/" } ] } diff --git a/2023/3xxx/CVE-2023-3966.json b/2023/3xxx/CVE-2023-3966.json index 7ae92815713..27fd9cf26f7 100644 --- a/2023/3xxx/CVE-2023-3966.json +++ b/2023/3xxx/CVE-2023-3966.json @@ -265,6 +265,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/" } ] }, diff --git a/2023/43xxx/CVE-2023-43279.json b/2023/43xxx/CVE-2023-43279.json index 1a2a8e34f5d..9b4e7ffb0b6 100644 --- a/2023/43xxx/CVE-2023-43279.json +++ b/2023/43xxx/CVE-2023-43279.json @@ -56,6 +56,11 @@ "url": "https://github.com/appneta/tcpreplay/issues/824", "refsource": "MISC", "name": "https://github.com/appneta/tcpreplay/issues/824" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-96903c39cb", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/" } ] } diff --git a/2023/46xxx/CVE-2023-46841.json b/2023/46xxx/CVE-2023-46841.json index da21674c718..cb9568a1a23 100644 --- a/2023/46xxx/CVE-2023-46841.json +++ b/2023/46xxx/CVE-2023-46841.json @@ -65,6 +65,11 @@ "url": "https://xenbits.xenproject.org/xsa/advisory-451.html", "refsource": "MISC", "name": "https://xenbits.xenproject.org/xsa/advisory-451.html" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/" } ] }, diff --git a/2023/47xxx/CVE-2023-47995.json b/2023/47xxx/CVE-2023-47995.json index ed213b01b05..a5de9c63450 100644 --- a/2023/47xxx/CVE-2023-47995.json +++ b/2023/47xxx/CVE-2023-47995.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2024-e6a35cd250", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3ZNVRL5PCTMMA3ZBDKH5WH4RT4ST3HW/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-c4d32d51c9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EDK7DSADYUHJFNVSRGJHEFJGMWRGGDLM/" } ] } diff --git a/2023/47xxx/CVE-2023-47997.json b/2023/47xxx/CVE-2023-47997.json index 7c0c6627b10..b2c3e533ed9 100644 --- a/2023/47xxx/CVE-2023-47997.json +++ b/2023/47xxx/CVE-2023-47997.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2024-e6a35cd250", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3ZNVRL5PCTMMA3ZBDKH5WH4RT4ST3HW/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-c4d32d51c9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EDK7DSADYUHJFNVSRGJHEFJGMWRGGDLM/" } ] } diff --git a/2023/4xxx/CVE-2023-4255.json b/2023/4xxx/CVE-2023-4255.json index 869234531c1..840005b0a62 100644 --- a/2023/4xxx/CVE-2023-4255.json +++ b/2023/4xxx/CVE-2023-4255.json @@ -113,16 +113,6 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/" } ] }, diff --git a/2023/4xxx/CVE-2023-4256.json b/2023/4xxx/CVE-2023-4256.json index 16817d2ec83..2f47228a21d 100644 --- a/2023/4xxx/CVE-2023-4256.json +++ b/2023/4xxx/CVE-2023-4256.json @@ -103,16 +103,6 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/" } ] }, diff --git a/2023/52xxx/CVE-2023-52161.json b/2023/52xxx/CVE-2023-52161.json index 40cfdea7989..9ca14368be3 100644 --- a/2023/52xxx/CVE-2023-52161.json +++ b/2023/52xxx/CVE-2023-52161.json @@ -81,6 +81,16 @@ "refsource": "FEDORA", "name": "FEDORA-2024-4ef5edfb2a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KSGT4IZ23CJBOQA3AFYEMBJ5OHFZBMK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-58c59bfa4c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FOQ6VEE3CPJAQLMMGMLCYDGWHVG7UCJI/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-3fa713f2e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYRPQ3OLV3GGLUCDYWBHU34DLBLM62XJ/" } ] } diff --git a/2023/5xxx/CVE-2023-5366.json b/2023/5xxx/CVE-2023-5366.json index 20e7f27b059..8b468ce8141 100644 --- a/2023/5xxx/CVE-2023-5366.json +++ b/2023/5xxx/CVE-2023-5366.json @@ -332,6 +332,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/" } ] }, diff --git a/2023/5xxx/CVE-2023-5388.json b/2023/5xxx/CVE-2023-5388.json index 8db8e70d1cb..23473801fa1 100644 --- a/2023/5xxx/CVE-2023-5388.json +++ b/2023/5xxx/CVE-2023-5388.json @@ -97,6 +97,11 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" } ] }, diff --git a/2023/5xxx/CVE-2023-5992.json b/2023/5xxx/CVE-2023-5992.json index e5180bd152f..7ced60e7d97 100644 --- a/2023/5xxx/CVE-2023-5992.json +++ b/2023/5xxx/CVE-2023-5992.json @@ -177,6 +177,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/" } ] }, diff --git a/2024/0xxx/CVE-2024-0743.json b/2024/0xxx/CVE-2024-0743.json index c95cdab618b..023944ef608 100644 --- a/2024/0xxx/CVE-2024-0743.json +++ b/2024/0xxx/CVE-2024-0743.json @@ -102,6 +102,11 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" } ] }, diff --git a/2024/1xxx/CVE-2024-1454.json b/2024/1xxx/CVE-2024-1454.json index 05da529a4b9..ea40a9ae925 100644 --- a/2024/1xxx/CVE-2024-1454.json +++ b/2024/1xxx/CVE-2024-1454.json @@ -151,6 +151,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/" } ] }, diff --git a/2024/1xxx/CVE-2024-1580.json b/2024/1xxx/CVE-2024-1580.json index 97789bf5a23..5db306f8c14 100644 --- a/2024/1xxx/CVE-2024-1580.json +++ b/2024/1xxx/CVE-2024-1580.json @@ -69,66 +69,6 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/" - }, - { - "url": "https://support.apple.com/kb/HT214098", - "refsource": "MISC", - "name": "https://support.apple.com/kb/HT214098" - }, - { - "url": "https://support.apple.com/kb/HT214097", - "refsource": "MISC", - "name": "https://support.apple.com/kb/HT214097" - }, - { - "url": "https://support.apple.com/kb/HT214095", - "refsource": "MISC", - "name": "https://support.apple.com/kb/HT214095" - }, - { - "url": "https://support.apple.com/kb/HT214093", - "refsource": "MISC", - "name": "https://support.apple.com/kb/HT214093" - }, - { - "url": "https://support.apple.com/kb/HT214096", - "refsource": "MISC", - "name": "https://support.apple.com/kb/HT214096" - }, - { - "url": "https://support.apple.com/kb/HT214094", - "refsource": "MISC", - "name": "https://support.apple.com/kb/HT214094" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/41", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/41" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/36", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/36" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/38", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/38" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/37", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/37" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/40", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/40" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/39", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/39" } ] }, diff --git a/2024/1xxx/CVE-2024-1622.json b/2024/1xxx/CVE-2024-1622.json index ca7991847f1..e5d147f0f40 100644 --- a/2024/1xxx/CVE-2024-1622.json +++ b/2024/1xxx/CVE-2024-1622.json @@ -78,6 +78,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF/" } ] }, diff --git a/2024/22xxx/CVE-2024-22871.json b/2024/22xxx/CVE-2024-22871.json index 741e4cad437..0012a07ff06 100644 --- a/2024/22xxx/CVE-2024-22871.json +++ b/2024/22xxx/CVE-2024-22871.json @@ -61,16 +61,6 @@ "refsource": "FEDORA", "name": "FEDORA-2024-f7745a5990", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWWK2SO2MH4SXPO6L444MM6LHVLVFULV/" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2024-91dab41dfa", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2024-270cd506bb", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFPGUDXMW6OXKIDGCOZFEAXO74VQIB2T/" } ] } diff --git a/2024/24xxx/CVE-2024-24246.json b/2024/24xxx/CVE-2024-24246.json index bda844b2afc..adcd9e6ab97 100644 --- a/2024/24xxx/CVE-2024-24246.json +++ b/2024/24xxx/CVE-2024-24246.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2024-8762164e47", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WLK6ICPJUMOJNHZQWXAA5MPXG5JHZZL/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-7d55be81bd", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3N6TULMEYVCLXO47Y5W4VWCJMSB72CB/" } ] } diff --git a/2024/27xxx/CVE-2024-27507.json b/2024/27xxx/CVE-2024-27507.json index a922a4139ab..23798116a67 100644 --- a/2024/27xxx/CVE-2024-27507.json +++ b/2024/27xxx/CVE-2024-27507.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2024-ef8c8a8b37", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QRV2D4GYUZNZRJHVGFSYSOSZLCETI4E/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-0a0b1533f7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2B6GZQ3WUVFNAAWFQJAQY7UM4OH5TA/" } ] } diff --git a/2024/28xxx/CVE-2024-28054.json b/2024/28xxx/CVE-2024-28054.json index 775cc0fac81..21372ef85de 100644 --- a/2024/28xxx/CVE-2024-28054.json +++ b/2024/28xxx/CVE-2024-28054.json @@ -76,6 +76,21 @@ "refsource": "MISC", "name": "https://lists.amavis.org/pipermail/amavis-users/2024-March/006811.html", "url": "https://lists.amavis.org/pipermail/amavis-users/2024-March/006811.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-1d87055861", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6J2MK2CS3KNJOS66QLW2MBJ4PIDLWJP5/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-3cf9eb64ba", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CDF6M3UXP45INVSWB4HXEDZH35CVZIJ4/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-8bbcae6af2", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQQQQPTZ5JHXTUCYUXZHY6RZJ6VOGOAJ/" } ] } diff --git a/2024/28xxx/CVE-2024-28084.json b/2024/28xxx/CVE-2024-28084.json index a8ccdd6d9dd..135cefb964a 100644 --- a/2024/28xxx/CVE-2024-28084.json +++ b/2024/28xxx/CVE-2024-28084.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2024-4ef5edfb2a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KSGT4IZ23CJBOQA3AFYEMBJ5OHFZBMK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-3fa713f2e0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYRPQ3OLV3GGLUCDYWBHU34DLBLM62XJ/" } ] } diff --git a/2024/28xxx/CVE-2024-28176.json b/2024/28xxx/CVE-2024-28176.json index 3018069077e..dd38e629ce4 100644 --- a/2024/28xxx/CVE-2024-28176.json +++ b/2024/28xxx/CVE-2024-28176.json @@ -77,6 +77,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/" } ] }, diff --git a/2024/28xxx/CVE-2024-28180.json b/2024/28xxx/CVE-2024-28180.json index 132c358cf8b..af382526022 100644 --- a/2024/28xxx/CVE-2024-28180.json +++ b/2024/28xxx/CVE-2024-28180.json @@ -86,6 +86,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/" } ] }, diff --git a/2024/28xxx/CVE-2024-28757.json b/2024/28xxx/CVE-2024-28757.json index bca8eec7bf9..0e4df20cea0 100644 --- a/2024/28xxx/CVE-2024-28757.json +++ b/2024/28xxx/CVE-2024-28757.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20240322-0001/", "url": "https://security.netapp.com/advisory/ntap-20240322-0001/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-afb73e6f62", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/" } ] } diff --git a/2024/28xxx/CVE-2024-28849.json b/2024/28xxx/CVE-2024-28849.json index 521866234fe..d22e1c94904 100644 --- a/2024/28xxx/CVE-2024-28849.json +++ b/2024/28xxx/CVE-2024-28849.json @@ -78,6 +78,11 @@ "url": "https://fetch.spec.whatwg.org/#authentication-entries", "refsource": "MISC", "name": "https://fetch.spec.whatwg.org/#authentication-entries" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOIF4EPQUCKDBEVTGRQDZ3CGTYQHPO7Z/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOIF4EPQUCKDBEVTGRQDZ3CGTYQHPO7Z/" } ] }, diff --git a/2024/2xxx/CVE-2024-2044.json b/2024/2xxx/CVE-2024-2044.json index d9c152e4646..f1d5f9455d7 100644 --- a/2024/2xxx/CVE-2024-2044.json +++ b/2024/2xxx/CVE-2024-2044.json @@ -72,6 +72,11 @@ "url": "https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/", "refsource": "MISC", "name": "https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUYN2JXKKHFSVTASH344TBRGWDH64XQV/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUYN2JXKKHFSVTASH344TBRGWDH64XQV/" } ] }, diff --git a/2024/2xxx/CVE-2024-2182.json b/2024/2xxx/CVE-2024-2182.json index ff03bf16d30..7c81954804f 100644 --- a/2024/2xxx/CVE-2024-2182.json +++ b/2024/2xxx/CVE-2024-2182.json @@ -454,6 +454,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/" } ] }, diff --git a/2024/2xxx/CVE-2024-2193.json b/2024/2xxx/CVE-2024-2193.json index 208cc05a481..f2aff06126d 100644 --- a/2024/2xxx/CVE-2024-2193.json +++ b/2024/2xxx/CVE-2024-2193.json @@ -110,6 +110,11 @@ "url": "https://www.kb.cert.org/vuls/id/488902", "refsource": "MISC", "name": "https://www.kb.cert.org/vuls/id/488902" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/" } ] }, diff --git a/2024/2xxx/CVE-2024-2357.json b/2024/2xxx/CVE-2024-2357.json index f116632a50d..28f3bbb6784 100644 --- a/2024/2xxx/CVE-2024-2357.json +++ b/2024/2xxx/CVE-2024-2357.json @@ -87,6 +87,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEM46ALKF7NG6CAUKZ7KQERVOHWQIQKY/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEM46ALKF7NG6CAUKZ7KQERVOHWQIQKY/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVQ7MZY6LFFGRWAJNTKKN2VSEFS2VPAR/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVQ7MZY6LFFGRWAJNTKKN2VSEFS2VPAR/" } ] }, diff --git a/2024/2xxx/CVE-2024-2468.json b/2024/2xxx/CVE-2024-2468.json index dc4b5595050..f4662464d00 100644 --- a/2024/2xxx/CVE-2024-2468.json +++ b/2024/2xxx/CVE-2024-2468.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2468", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpdevteam", + "product": { + "product_data": [ + { + "product_name": "EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.9.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ce3f1310-4d2e-45aa-a3ee-3972a6a31c2e?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ce3f1310-4d2e-45aa-a3ee-3972a6a31c2e?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055856%40embedpress&new=3055856%40embedpress&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055856%40embedpress&new=3055856%40embedpress&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wesley" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/2xxx/CVE-2024-2607.json b/2024/2xxx/CVE-2024-2607.json index a8f3b432f3b..58bc9953123 100644 --- a/2024/2xxx/CVE-2024-2607.json +++ b/2024/2xxx/CVE-2024-2607.json @@ -97,6 +97,11 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" } ] }, diff --git a/2024/2xxx/CVE-2024-2608.json b/2024/2xxx/CVE-2024-2608.json index 27f577df4c8..f5cf9b157cf 100644 --- a/2024/2xxx/CVE-2024-2608.json +++ b/2024/2xxx/CVE-2024-2608.json @@ -97,6 +97,11 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" } ] }, diff --git a/2024/2xxx/CVE-2024-2610.json b/2024/2xxx/CVE-2024-2610.json index 72627262746..dea14943e5a 100644 --- a/2024/2xxx/CVE-2024-2610.json +++ b/2024/2xxx/CVE-2024-2610.json @@ -97,6 +97,11 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" } ] }, diff --git a/2024/2xxx/CVE-2024-2612.json b/2024/2xxx/CVE-2024-2612.json index 7f313e191d1..208de1cb2de 100644 --- a/2024/2xxx/CVE-2024-2612.json +++ b/2024/2xxx/CVE-2024-2612.json @@ -97,6 +97,11 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" } ] }, diff --git a/2024/2xxx/CVE-2024-2616.json b/2024/2xxx/CVE-2024-2616.json index 49786daa935..701f0dca509 100644 --- a/2024/2xxx/CVE-2024-2616.json +++ b/2024/2xxx/CVE-2024-2616.json @@ -80,6 +80,11 @@ "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" } ] }, diff --git a/2024/2xxx/CVE-2024-2625.json b/2024/2xxx/CVE-2024-2625.json index c0415886e0d..5ad606b2e5c 100644 --- a/2024/2xxx/CVE-2024-2625.json +++ b/2024/2xxx/CVE-2024-2625.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/" } ] } diff --git a/2024/2xxx/CVE-2024-2626.json b/2024/2xxx/CVE-2024-2626.json index 14585d47df7..38e88cc3175 100644 --- a/2024/2xxx/CVE-2024-2626.json +++ b/2024/2xxx/CVE-2024-2626.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/" } ] } diff --git a/2024/2xxx/CVE-2024-2627.json b/2024/2xxx/CVE-2024-2627.json index e844c65a23f..193164c4afd 100644 --- a/2024/2xxx/CVE-2024-2627.json +++ b/2024/2xxx/CVE-2024-2627.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/" } ] } diff --git a/2024/2xxx/CVE-2024-2628.json b/2024/2xxx/CVE-2024-2628.json index bb2ba20ea8e..918e584b034 100644 --- a/2024/2xxx/CVE-2024-2628.json +++ b/2024/2xxx/CVE-2024-2628.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/" } ] } diff --git a/2024/2xxx/CVE-2024-2629.json b/2024/2xxx/CVE-2024-2629.json index 5da810117c2..0b48c63fee4 100644 --- a/2024/2xxx/CVE-2024-2629.json +++ b/2024/2xxx/CVE-2024-2629.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/" } ] } diff --git a/2024/2xxx/CVE-2024-2630.json b/2024/2xxx/CVE-2024-2630.json index 680845dc667..af18da21b7d 100644 --- a/2024/2xxx/CVE-2024-2630.json +++ b/2024/2xxx/CVE-2024-2630.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/" } ] } diff --git a/2024/2xxx/CVE-2024-2631.json b/2024/2xxx/CVE-2024-2631.json index 6a0611f433e..f362243c21b 100644 --- a/2024/2xxx/CVE-2024-2631.json +++ b/2024/2xxx/CVE-2024-2631.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/" } ] } diff --git a/2024/2xxx/CVE-2024-2688.json b/2024/2xxx/CVE-2024-2688.json index 3e9f5fbdfd5..2b487ae47d9 100644 --- a/2024/2xxx/CVE-2024-2688.json +++ b/2024/2xxx/CVE-2024-2688.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpdevteam", + "product": { + "product_data": [ + { + "product_name": "EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.9.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c5b67927-5993-4e21-af52-8ebe7fee48ab?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c5b67927-5993-4e21-af52-8ebe7fee48ab?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055856%40embedpress&new=3055856%40embedpress&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055856%40embedpress&new=3055856%40embedpress&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Ng\u00f4 Thi\u00ean An" + }, + { + "lang": "en", + "value": "Son Tran" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/2xxx/CVE-2024-2832.json b/2024/2xxx/CVE-2024-2832.json index c00ac93cbc9..a187a6a5c64 100644 --- a/2024/2xxx/CVE-2024-2832.json +++ b/2024/2xxx/CVE-2024-2832.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2832", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in Campcodes Online Shopping System 1.0. This vulnerability affects unknown code of the file /offersmail.php. The manipulation of the argument email leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257752." + }, + { + "lang": "deu", + "value": "In Campcodes Online Shopping System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /offersmail.php. Dank der Manipulation des Arguments email mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "Online Shopping System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257752", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257752" + }, + { + "url": "https://vuldb.com/?ctiid.257752", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257752" + }, + { + "url": "https://github.com/comeony/vuln_report/blob/main/Online%20Shopping%20System%20-%20vuln%201.pdf", + "refsource": "MISC", + "name": "https://github.com/comeony/vuln_report/blob/main/Online%20Shopping%20System%20-%20vuln%201.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "ccccyyyy (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/2xxx/CVE-2024-2850.json b/2024/2xxx/CVE-2024-2850.json index 6ca0e16e7af..f7759d9b649 100644 --- a/2024/2xxx/CVE-2024-2850.json +++ b/2024/2xxx/CVE-2024-2850.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2850", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine Schwachstelle wurde in Tenda AC15 15.03.05.18 gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion saveParentControlInfo der Datei /goform/saveParentControlInfo. Dank der Manipulation des Arguments urls mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC15", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "15.03.05.18" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.257774", - "refsource": "MISC", - "name": "https://vuldb.com/?id.257774" - }, - { - "url": "https://vuldb.com/?ctiid.257774", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.257774" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_miemie (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2851.json b/2024/2xxx/CVE-2024-2851.json index 9a348305dda..748f257ffe1 100644 --- a/2024/2xxx/CVE-2024-2851.json +++ b/2024/2xxx/CVE-2024-2851.json @@ -1,108 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2851", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine Schwachstelle in Tenda AC15 15.03.05.18/15.03.20_multi ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion formSetSambaConf der Datei /goform/setsambacfg. Dank Manipulation des Arguments usbName mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-78 OS Command Injection", - "cweId": "CWE-78" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC15", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "15.03.05.18" - }, - { - "version_affected": "=", - "version_value": "15.03.20_multi" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.257775", - "refsource": "MISC", - "name": "https://vuldb.com/?id.257775" - }, - { - "url": "https://vuldb.com/?ctiid.257775", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.257775" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_miemie (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2852.json b/2024/2xxx/CVE-2024-2852.json index d4e4335aa04..4e4bd94dd42 100644 --- a/2024/2xxx/CVE-2024-2852.json +++ b/2024/2xxx/CVE-2024-2852.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2852", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In Tenda AC15 15.03.20_multi wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion saveParentControlInfo der Datei /goform/saveParentControlInfo. Mit der Manipulation des Arguments urls mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC15", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "15.03.20_multi" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.257776", - "refsource": "MISC", - "name": "https://vuldb.com/?id.257776" - }, - { - "url": "https://vuldb.com/?ctiid.257776", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.257776" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_miemie (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2853.json b/2024/2xxx/CVE-2024-2853.json index fafc6c756d2..cba35e4734e 100644 --- a/2024/2xxx/CVE-2024-2853.json +++ b/2024/2xxx/CVE-2024-2853.json @@ -1,108 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2853", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine Schwachstelle wurde in Tenda AC10U 15.03.06.48/15.03.06.49 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion formSetSambaConf der Datei /goform/setsambacfg. Durch die Manipulation des Arguments usbName mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-78 OS Command Injection", - "cweId": "CWE-78" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC10U", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "15.03.06.48" - }, - { - "version_affected": "=", - "version_value": "15.03.06.49" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.257777", - "refsource": "MISC", - "name": "https://vuldb.com/?id.257777" - }, - { - "url": "https://vuldb.com/?ctiid.257777", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.257777" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetSambaConf.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetSambaConf.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_miemie (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2854.json b/2024/2xxx/CVE-2024-2854.json index 51076bc51aa..ce9f1cbf0d3 100644 --- a/2024/2xxx/CVE-2024-2854.json +++ b/2024/2xxx/CVE-2024-2854.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2854", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine kritische Schwachstelle in Tenda AC18 15.03.05.05 entdeckt. Dabei betrifft es die Funktion formSetSambaConf der Datei /goform/setsambacfg. Durch Manipulation des Arguments usbName mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-78 OS Command Injection", - "cweId": "CWE-78" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC18", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "15.03.05.05" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.257778", - "refsource": "MISC", - "name": "https://vuldb.com/?id.257778" - }, - { - "url": "https://vuldb.com/?ctiid.257778", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.257778" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_miemie (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2855.json b/2024/2xxx/CVE-2024-2855.json index ecae21b7442..919bd9b7585 100644 --- a/2024/2xxx/CVE-2024-2855.json +++ b/2024/2xxx/CVE-2024-2855.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2855", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In Tenda AC15 15.03.05.18/15.03.05.19/15.03.20 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion fromSetSysTime der Datei /goform/SetSysTimeCfg. Mittels dem Manipulieren des Arguments time mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC15", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "15.03.05.18" - }, - { - "version_affected": "=", - "version_value": "15.03.05.19" - }, - { - "version_affected": "=", - "version_value": "15.03.20" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.257779", - "refsource": "MISC", - "name": "https://vuldb.com/?id.257779" - }, - { - "url": "https://vuldb.com/?ctiid.257779", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.257779" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromSetSysTime.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromSetSysTime.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_miemie (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2856.json b/2024/2xxx/CVE-2024-2856.json index aaaef01a20d..2079b594762 100644 --- a/2024/2xxx/CVE-2024-2856.json +++ b/2024/2xxx/CVE-2024-2856.json @@ -1,113 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2856", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine kritische Schwachstelle wurde in Tenda AC10 16.03.10.13/16.03.10.20 entdeckt. Davon betroffen ist die Funktion fromSetSysTime der Datei /goform/SetSysTimeCfg. Mittels Manipulieren des Arguments timeZone mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC10", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "16.03.10.13" - }, - { - "version_affected": "=", - "version_value": "16.03.10.20" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.257780", - "refsource": "MISC", - "name": "https://vuldb.com/?id.257780" - }, - { - "url": "https://vuldb.com/?ctiid.257780", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.257780" - }, - { - "url": "https://vuldb.com/?submit.299741", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.299741" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wxhwxhwxh_miemie (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] }