From 8f68226f847f6dbd77281c6d1354a157606e36c1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 25 Jul 2024 21:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/1xxx/CVE-2024-1023.json | 18 ++++++ 2024/1xxx/CVE-2024-1300.json | 18 ++++++ 2024/2xxx/CVE-2024-2700.json | 31 +++++----- 2024/41xxx/CVE-2024-41808.json | 76 +++++++++++++++++++++++-- 2024/41xxx/CVE-2024-41809.json | 91 ++++++++++++++++++++++++++++-- 2024/5xxx/CVE-2024-5971.json | 18 ++++++ 2024/6xxx/CVE-2024-6162.json | 18 ++++++ 2024/7xxx/CVE-2024-7105.json | 100 +++++++++++++++++++++++++++++++-- 2024/7xxx/CVE-2024-7106.json | 94 +++++++++++++++++++++++++++++-- 9 files changed, 435 insertions(+), 29 deletions(-) diff --git a/2024/1xxx/CVE-2024-1023.json b/2024/1xxx/CVE-2024-1023.json index 9def72a4315..0ad470047ac 100644 --- a/2024/1xxx/CVE-2024-1023.json +++ b/2024/1xxx/CVE-2024-1023.json @@ -173,6 +173,19 @@ ] } }, + { + "product_name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, { "product_name": "Red Hat build of Quarkus 3.2.11.Final", "version": { @@ -479,6 +492,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:3989" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4884", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4884" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-1023", "refsource": "MISC", diff --git a/2024/1xxx/CVE-2024-1300.json b/2024/1xxx/CVE-2024-1300.json index c45f6d4319f..a2586f01972 100644 --- a/2024/1xxx/CVE-2024-1300.json +++ b/2024/1xxx/CVE-2024-1300.json @@ -236,6 +236,19 @@ ] } }, + { + "product_name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, { "product_name": "Red Hat build of Quarkus 3.2.11.Final", "version": { @@ -534,6 +547,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:3989" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4884", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4884" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-1300", "refsource": "MISC", diff --git a/2024/2xxx/CVE-2024-2700.json b/2024/2xxx/CVE-2024-2700.json index 43cc8e7a57d..7bb14fd0cc5 100644 --- a/2024/2xxx/CVE-2024-2700.json +++ b/2024/2xxx/CVE-2024-2700.json @@ -48,6 +48,19 @@ ] } }, + { + "product_name": "Red Hat build of Apicurio Registry 2.6.1 GA", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, { "product_name": "Red Hat build of Quarkus 3.2.12.Final", "version": { @@ -627,19 +640,6 @@ ] } }, - { - "product_name": "Red Hat build of Apicurio Registry", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Build of Keycloak", "version": { @@ -733,6 +733,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:4028" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4873", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4873" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-2700", "refsource": "MISC", diff --git a/2024/41xxx/CVE-2024-41808.json b/2024/41xxx/CVE-2024-41808.json index 6a027da9948..db13f9801f6 100644 --- a/2024/41xxx/CVE-2024-41808.json +++ b/2024/41xxx/CVE-2024-41808.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41808", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. It has been noted that the front-end uses `DOMPurify` or Vue templating to escape cross-site scripting (XSS) extensively, however certain areas of the front end lack this XSS protection. When combining the missing protection with the insecure authentication handling that the front-end uses, a malicious user may be able to take over any victim's account provided they meet the exploitation steps. As of time of publication, no patched version is available." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "openobserve", + "product": { + "product_data": [ + { + "product_name": "openobserve", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 0.9.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76j", + "refsource": "MISC", + "name": "https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76j" + } + ] + }, + "source": { + "advisory": "GHSA-hx23-g7m8-h76j", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41809.json b/2024/41xxx/CVE-2024-41809.json index d7d96aa17a5..26844ae1144 100644 --- a/2024/41xxx/CVE-2024-41809.json +++ b/2024/41xxx/CVE-2024-41809.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41809", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of `openobserve/web/src/views/MemberSubscription.vue`. Version 0.10.0 sanitizes incoming html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "openobserve", + "product": { + "product_data": [ + { + "product_name": "openobserve", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 0.4.4, < 0.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openobserve/openobserve/security/advisories/GHSA-rw8w-37p9-mrrp", + "refsource": "MISC", + "name": "https://github.com/openobserve/openobserve/security/advisories/GHSA-rw8w-37p9-mrrp" + }, + { + "url": "https://github.com/openobserve/openobserve/commit/2334377ebc8b74beb06ab3e5712dbdb1be1eff02", + "refsource": "MISC", + "name": "https://github.com/openobserve/openobserve/commit/2334377ebc8b74beb06ab3e5712dbdb1be1eff02" + }, + { + "url": "https://github.com/openobserve/openobserve/commit/64587261968217dfb8af4c4f6054d58bbc6d331d", + "refsource": "MISC", + "name": "https://github.com/openobserve/openobserve/commit/64587261968217dfb8af4c4f6054d58bbc6d331d" + }, + { + "url": "https://github.com/openobserve/openobserve/blob/v0.5.2/web/src/views/MemberSubscription.vue#L32", + "refsource": "MISC", + "name": "https://github.com/openobserve/openobserve/blob/v0.5.2/web/src/views/MemberSubscription.vue#L32" + } + ] + }, + "source": { + "advisory": "GHSA-rw8w-37p9-mrrp", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/5xxx/CVE-2024-5971.json b/2024/5xxx/CVE-2024-5971.json index 9fa38ecee4e..06fd8d98874 100644 --- a/2024/5xxx/CVE-2024-5971.json +++ b/2024/5xxx/CVE-2024-5971.json @@ -35,6 +35,19 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, { "product_name": "Red Hat JBoss Enterprise Application Platform 8", "version": { @@ -230,6 +243,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:4392" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4884", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4884" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-5971", "refsource": "MISC", diff --git a/2024/6xxx/CVE-2024-6162.json b/2024/6xxx/CVE-2024-6162.json index ab4e14dd777..94ab76e4394 100644 --- a/2024/6xxx/CVE-2024-6162.json +++ b/2024/6xxx/CVE-2024-6162.json @@ -35,6 +35,19 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, { "product_name": "Red Hat build of Apache Camel 4.0 for Spring Boot", "version": { @@ -212,6 +225,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:4884", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4884" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-6162", "refsource": "MISC", diff --git a/2024/7xxx/CVE-2024-7105.json b/2024/7xxx/CVE-2024-7105.json index 84abeca1a05..217bf097357 100644 --- a/2024/7xxx/CVE-2024-7105.json +++ b/2024/7xxx/CVE-2024-7105.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7105", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in ForIP Tecnologia Administra\u00e7\u00e3o PABX 1.x. Affected is an unknown function of the file /detalheIdUra of the component Lista Ura Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in ForIP Tecnologia Administra\u00e7\u00e3o PABX 1.x entdeckt. Es betrifft eine unbekannte Funktion der Datei /detalheIdUra der Komponente Lista Ura Page. Durch Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ForIP Tecnologia", + "product": { + "product_data": [ + { + "product_name": "Administra\u00e7\u00e3o PABX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.272430", + "refsource": "MISC", + "name": "https://vuldb.com/?id.272430" + }, + { + "url": "https://vuldb.com/?ctiid.272430", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.272430" + }, + { + "url": "https://vuldb.com/?submit.376659", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.376659" + }, + { + "url": "https://docs.google.com/document/d/1Q3kLR-HXSmj1LFpnCAt964YHACWwdckz4O8n4ocgB1I/edit?usp=sharing", + "refsource": "MISC", + "name": "https://docs.google.com/document/d/1Q3kLR-HXSmj1LFpnCAt964YHACWwdckz4O8n4ocgB1I/edit?usp=sharing" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "gabriel (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/7xxx/CVE-2024-7106.json b/2024/7xxx/CVE-2024-7106.json index cc5185e1e9b..0c320879d37 100644 --- a/2024/7xxx/CVE-2024-7106.json +++ b/2024/7xxx/CVE-2024-7106.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/media_folders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272431. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Spina CMS 2.18.0 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /admin/media_folders. Mittels dem Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Spina", + "product": { + "product_data": [ + { + "product_name": "CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.18.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.272431", + "refsource": "MISC", + "name": "https://vuldb.com/?id.272431" + }, + { + "url": "https://vuldb.com/?ctiid.272431", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.272431" + }, + { + "url": "https://vuldb.com/?submit.376769", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.376769" + }, + { + "url": "https://github.com/topsky979/Security-Collections/blob/main/cve3/README.md", + "refsource": "MISC", + "name": "https://github.com/topsky979/Security-Collections/blob/main/cve3/README.md" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] }