From 8d73b81f6566fe78ffc37973d4c15460d2ed745b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 24 Jun 2024 01:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/39xxx/CVE-2024-39339.json | 18 ++++++ 2024/39xxx/CVE-2024-39340.json | 18 ++++++ 2024/39xxx/CVE-2024-39341.json | 18 ++++++ 2024/39xxx/CVE-2024-39342.json | 18 ++++++ 2024/39xxx/CVE-2024-39343.json | 18 ++++++ 2024/3xxx/CVE-2024-3121.json | 77 ++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6274.json | 104 +++++++++++++++++++++++++++++++-- 7 files changed, 263 insertions(+), 8 deletions(-) create mode 100644 2024/39xxx/CVE-2024-39339.json create mode 100644 2024/39xxx/CVE-2024-39340.json create mode 100644 2024/39xxx/CVE-2024-39341.json create mode 100644 2024/39xxx/CVE-2024-39342.json create mode 100644 2024/39xxx/CVE-2024-39343.json diff --git a/2024/39xxx/CVE-2024-39339.json b/2024/39xxx/CVE-2024-39339.json new file mode 100644 index 00000000000..ae6ba20e135 --- /dev/null +++ b/2024/39xxx/CVE-2024-39339.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39339", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39340.json b/2024/39xxx/CVE-2024-39340.json new file mode 100644 index 00000000000..cbd495c1d8a --- /dev/null +++ b/2024/39xxx/CVE-2024-39340.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39340", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39341.json b/2024/39xxx/CVE-2024-39341.json new file mode 100644 index 00000000000..59b250f1236 --- /dev/null +++ b/2024/39xxx/CVE-2024-39341.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39341", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39342.json b/2024/39xxx/CVE-2024-39342.json new file mode 100644 index 00000000000..8e078d18014 --- /dev/null +++ b/2024/39xxx/CVE-2024-39342.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39342", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39343.json b/2024/39xxx/CVE-2024-39343.json new file mode 100644 index 00000000000..2d6847fc8a8 --- /dev/null +++ b/2024/39xxx/CVE-2024-39343.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39343", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3121.json b/2024/3xxx/CVE-2024-3121.json index 39d7455d806..7d3434c7968 100644 --- a/2024/3xxx/CVE-2024-3121.json +++ b/2024/3xxx/CVE-2024-3121.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@huntr.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "parisneo", + "product": { + "product_data": [ + { + "product_name": "parisneo/lollms", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "latest" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b", + "refsource": "MISC", + "name": "https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b" + } + ] + }, + "source": { + "advisory": "db57c343-9b80-4c1c-9ab0-9eef92c9b27b", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/6xxx/CVE-2024-6274.json b/2024/6xxx/CVE-2024-6274.json index 9b50c87cdc8..d44e0664a14 100644 --- a/2024/6xxx/CVE-2024-6274.json +++ b/2024/6xxx/CVE-2024-6274.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6274", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in lahirudanushka School Management System 1.0.0/1.0.1. This affects an unknown part of the file /attendancelist.php of the component Attendance Report Page. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269487." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in lahirudanushka School Management System 1.0.0/1.0.1 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /attendancelist.php der Komponente Attendance Report Page. Durch das Beeinflussen des Arguments aid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "lahirudanushka", + "product": { + "product_data": [ + { + "product_name": "School Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.0" + }, + { + "version_affected": "=", + "version_value": "1.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.269487", + "refsource": "MISC", + "name": "https://vuldb.com/?id.269487" + }, + { + "url": "https://vuldb.com/?ctiid.269487", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.269487" + }, + { + "url": "https://vuldb.com/?submit.362872", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.362872" + }, + { + "url": "https://powerful-bulb-c36.notion.site/sql-injection-1-6b3c66351180485ea764561a47239907", + "refsource": "MISC", + "name": "https://powerful-bulb-c36.notion.site/sql-injection-1-6b3c66351180485ea764561a47239907" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "louay khammassi (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] }