From 8d6da3d7203db58aa5c4234ef0f0c38bfd927f3c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 8 Oct 2024 04:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/37xxx/CVE-2024-37179.json | 95 +++++++++++++++++++++++++++-- 2024/39xxx/CVE-2024-39806.json | 79 ++++++++++++++++++++++-- 2024/39xxx/CVE-2024-39831.json | 79 ++++++++++++++++++++++-- 2024/43xxx/CVE-2024-43696.json | 79 ++++++++++++++++++++++-- 2024/43xxx/CVE-2024-43697.json | 79 ++++++++++++++++++++++-- 2024/45xxx/CVE-2024-45277.json | 83 +++++++++++++++++++++++-- 2024/45xxx/CVE-2024-45278.json | 87 +++++++++++++++++++++++++-- 2024/45xxx/CVE-2024-45282.json | 107 +++++++++++++++++++++++++++++++-- 2024/45xxx/CVE-2024-45382.json | 79 ++++++++++++++++++++++-- 2024/47xxx/CVE-2024-47594.json | 83 +++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8925.json | 105 ++++++++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8926.json | 106 ++++++++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8927.json | 98 ++++++++++++++++++++++++++++-- 13 files changed, 1107 insertions(+), 52 deletions(-) diff --git a/2024/37xxx/CVE-2024-37179.json b/2024/37xxx/CVE-2024-37179.json index c14dfa3bb6e..2d4328ec6ea 100644 --- a/2024/37xxx/CVE-2024-37179.json +++ b/2024/37xxx/CVE-2024-37179.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37179", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434: Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "ENTERPRISE 420" + }, + { + "version_affected": "=", + "version_value": "430" + }, + { + "version_affected": "=", + "version_value": "2025" + }, + { + "version_affected": "=", + "version_value": "ENTERPRISECLIENTTOOLS 420" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3478615", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3478615" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/39xxx/CVE-2024-39806.json b/2024/39xxx/CVE-2024-39806.json index b38e7c2244a..fa9eedb1c9b 100644 --- a/2024/39xxx/CVE-2024-39806.json +++ b/2024/39xxx/CVE-2024-39806.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39806", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "scy@openharmony.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenHarmony", + "product": { + "product_data": [ + { + "product_name": "OpenHarmony", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "v4.0.0", + "version_value": "4.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-10.md", + "refsource": "MISC", + "name": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-10.md" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/39xxx/CVE-2024-39831.json b/2024/39xxx/CVE-2024-39831.json index 0a1351f0823..1943b68ec4e 100644 --- a/2024/39xxx/CVE-2024-39831.json +++ b/2024/39xxx/CVE-2024-39831.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39831", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "scy@openharmony.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenHarmony", + "product": { + "product_data": [ + { + "product_name": "OpenHarmony", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "v4.0.0", + "version_value": "4.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-10.md", + "refsource": "MISC", + "name": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-10.md" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/43xxx/CVE-2024-43696.json b/2024/43xxx/CVE-2024-43696.json index c801612cced..bf590b90304 100644 --- a/2024/43xxx/CVE-2024-43696.json +++ b/2024/43xxx/CVE-2024-43696.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-43696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "scy@openharmony.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-401 Missing Release of Memory after Effective Lifetime", + "cweId": "CWE-401" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenHarmony", + "product": { + "product_data": [ + { + "product_name": "OpenHarmony", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "v4.0.0", + "version_value": "4.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-10.md", + "refsource": "MISC", + "name": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-10.md" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/43xxx/CVE-2024-43697.json b/2024/43xxx/CVE-2024-43697.json index 00a828c0772..ec15aed1d1b 100644 --- a/2024/43xxx/CVE-2024-43697.json +++ b/2024/43xxx/CVE-2024-43697.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-43697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "scy@openharmony.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenHarmony", + "product": { + "product_data": [ + { + "product_name": "OpenHarmony", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "v4.0.0", + "version_value": "4.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-10.md", + "refsource": "MISC", + "name": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-10.md" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/45xxx/CVE-2024-45277.json b/2024/45xxx/CVE-2024-45277.json index 6977e099ab0..add0cb191cc 100644 --- a/2024/45xxx/CVE-2024-45277.json +++ b/2024/45xxx/CVE-2024-45277.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45277", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes", + "cweId": "CWE-1321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP HANA Client", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "HDB_CLIENT 2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3520100", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3520100" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/45xxx/CVE-2024-45278.json b/2024/45xxx/CVE-2024-45278.json index 4a3ceadb2b0..5ce6020fbc3 100644 --- a/2024/45xxx/CVE-2024-45278.json +++ b/2024/45xxx/CVE-2024-45278.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45278", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP Commerce Backoffice", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "HY_COM 2205" + }, + { + "version_affected": "=", + "version_value": "COM_CLOUD 2211" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3507545", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3507545" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/45xxx/CVE-2024-45282.json b/2024/45xxx/CVE-2024-45282.json index 1404d95fc72..3482a980a94 100644 --- a/2024/45xxx/CVE-2024-45282.json +++ b/2024/45xxx/CVE-2024-45282.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45282", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-650: Trusting HTTP Permission Methods on the Server Side", + "cweId": "CWE-650" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP S/4 HANA (Manage Bank Statements)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "S4CORE" + }, + { + "version_affected": "=", + "version_value": "102" + }, + { + "version_affected": "=", + "version_value": "103" + }, + { + "version_affected": "=", + "version_value": "104" + }, + { + "version_affected": "=", + "version_value": "105" + }, + { + "version_affected": "=", + "version_value": "106" + }, + { + "version_affected": "=", + "version_value": "107" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3251893", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3251893" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/45xxx/CVE-2024-45382.json b/2024/45xxx/CVE-2024-45382.json index 8dd0a3ca85f..25936c9a998 100644 --- a/2024/45xxx/CVE-2024-45382.json +++ b/2024/45xxx/CVE-2024-45382.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45382", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "scy@openharmony.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenHarmony", + "product": { + "product_data": [ + { + "product_name": "OpenHarmony", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "v4.0.0", + "version_value": "4.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-10.md", + "refsource": "MISC", + "name": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-10.md" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/47xxx/CVE-2024-47594.json b/2024/47xxx/CVE-2024-47594.json index d49c0a404ba..f8055138794 100644 --- a/2024/47xxx/CVE-2024-47594.json +++ b/2024/47xxx/CVE-2024-47594.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Enterprise Portal (KMC)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "KMC-BC 7.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3503462", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3503462" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8925.json b/2024/8xxx/CVE-2024-8925.json index b8d51a74f40..49695f1b23a 100644 --- a/2024/8xxx/CVE-2024-8925.json +++ b/2024/8xxx/CVE-2024-8925.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8925", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@php.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PHP versions\u00a08.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHP Group", + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "8.1.30", + "status": "affected", + "version": "8.1.*", + "versionType": "semver" + }, + { + "lessThan": "8.2.24", + "status": "affected", + "version": "8.2.*", + "versionType": "semver" + }, + { + "lessThan": "8.3.12", + "status": "affected", + "version": "8.3.*", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32", + "refsource": "MISC", + "name": "https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mihail Kirov" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8926.json b/2024/8xxx/CVE-2024-8926.json index 1242c08def6..045f50fb8e2 100644 --- a/2024/8xxx/CVE-2024-8926.json +++ b/2024/8xxx/CVE-2024-8926.json @@ -1,17 +1,115 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8926", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@php.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,\u00a0when using a certain non-standard configurations of Windows codepages, the fixes for\u00a0 CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 \u00a0may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This\u00a0may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHP Group", + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "8.1.30", + "status": "affected", + "version": "8.1.*", + "versionType": "semver" + }, + { + "lessThan": "8.2.24", + "status": "affected", + "version": "8.2.*", + "versionType": "semver" + }, + { + "lessThan": "8.3.12", + "status": "affected", + "version": "8.3.*", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/advisories/GHSA-vxpp-6299-mxw3", + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-vxpp-6299-mxw3" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "https://github.com/MortalAndTry" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8927.json b/2024/8xxx/CVE-2024-8927.json index 58758e84c8c..8eddce19d9c 100644 --- a/2024/8xxx/CVE-2024-8927.json +++ b/2024/8xxx/CVE-2024-8927.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8927", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@php.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,\u00a0HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to\u00a0cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHP Group", + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.1.*", + "version_value": "8.1.30" + }, + { + "version_affected": "<", + "version_name": "8.2.*", + "version_value": "8.2.24" + }, + { + "version_affected": "<", + "version_name": "8.3.*", + "version_value": "8.3.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp", + "refsource": "MISC", + "name": "https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Owen Gong" + }, + { + "lang": "en", + "value": "RyotaK" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] }