From 90e9c4059d4527e1027c94573ad752efb9239d02 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 15 Apr 2024 20:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/45xxx/CVE-2023-45503.json | 61 ++++++++++++++++++-- 2024/23xxx/CVE-2024-23559.json | 12 ++-- 2024/23xxx/CVE-2024-23560.json | 77 +++++++++++++++++++++++-- 2024/30xxx/CVE-2024-30840.json | 56 ++++++++++++++++-- 2024/31xxx/CVE-2024-31990.json | 99 ++++++++++++++++++++++++++++++-- 2024/32xxx/CVE-2024-32035.json | 100 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3804.json | 100 +++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3850.json | 18 ++++++ 2024/3xxx/CVE-2024-3851.json | 18 ++++++ 9 files changed, 507 insertions(+), 34 deletions(-) create mode 100644 2024/3xxx/CVE-2024-3850.json create mode 100644 2024/3xxx/CVE-2024-3851.json diff --git a/2023/45xxx/CVE-2023-45503.json b/2023/45xxx/CVE-2023-45503.json index df597fa41ec..21169a672ae 100644 --- a/2023/45xxx/CVE-2023-45503.json +++ b/2023/45xxx/CVE-2023-45503.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-45503", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-45503", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.google.com/spreadsheets/d/1AzXspN8oBAJ80YQxfN44bpbOuNzA3PZEccQ6IGQMs5E/edit?usp=sharing", + "refsource": "MISC", + "name": "https://docs.google.com/spreadsheets/d/1AzXspN8oBAJ80YQxfN44bpbOuNzA3PZEccQ6IGQMs5E/edit?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://github.com/ally-petitt/CVE-2023-45503?tab=readme-ov-file", + "url": "https://github.com/ally-petitt/CVE-2023-45503?tab=readme-ov-file" } ] } diff --git a/2024/23xxx/CVE-2024-23559.json b/2024/23xxx/CVE-2024-23559.json index f1ab65a2f0d..fab7f66e1f6 100644 --- a/2024/23xxx/CVE-2024-23559.json +++ b/2024/23xxx/CVE-2024-23559.json @@ -71,15 +71,15 @@ { "attackComplexity": "LOW", "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.3, + "availabilityImpact": "NONE", + "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } ] diff --git a/2024/23xxx/CVE-2024-23560.json b/2024/23xxx/CVE-2024-23560.json index cc35739ebcd..65ace8dedd1 100644 --- a/2024/23xxx/CVE-2024-23560.json +++ b/2024/23xxx/CVE-2024-23560.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23560", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. \n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "DevOps Deploy / Launch", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.0 - 7.0.5.20, 7.1 - 7.1.2.16, 7.2 - 7.2.3.9, 7.3 - 7.3.2.4, 8.0 - 8.0.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111925", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111925" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30840.json b/2024/30xxx/CVE-2024-30840.json index dc9a5034005..9728b0245db 100644 --- a/2024/30xxx/CVE-2024-30840.json +++ b/2024/30xxx/CVE-2024-30840.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30840", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30840", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromDhcpListClient_list1.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromDhcpListClient_list1.md" } ] } diff --git a/2024/31xxx/CVE-2024-31990.json b/2024/31xxx/CVE-2024-31990.json index d6d562b4490..fe09e69f525 100644 --- a/2024/31xxx/CVE-2024-31990.json +++ b/2024/31xxx/CVE-2024-31990.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31990", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "argoproj", + "product": { + "product_data": [ + { + "product_name": "argo-cd", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 2.10.0, < 2.10.7" + }, + { + "version_affected": "=", + "version_value": ">= 2.9.0, < 2.9.12" + }, + { + "version_affected": "=", + "version_value": ">= 2.4.0, < 2.8.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c", + "refsource": "MISC", + "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c" + }, + { + "url": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c", + "refsource": "MISC", + "name": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c" + }, + { + "url": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5", + "refsource": "MISC", + "name": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5" + }, + { + "url": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17", + "refsource": "MISC", + "name": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17" + } + ] + }, + "source": { + "advisory": "GHSA-2gvw-w6fj-7m3c", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/32xxx/CVE-2024-32035.json b/2024/32xxx/CVE-2024-32035.json index cab33a5690f..e1396b4d98e 100644 --- a/2024/32xxx/CVE-2024-32035.json +++ b/2024/32xxx/CVE-2024-32035.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32035", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-789: Memory Allocation with Excessive Size Value", + "cweId": "CWE-789" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SixLabors", + "product": { + "product_data": [ + { + "product_name": "ImageSharp", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.1.8" + }, + { + "version_affected": "=", + "version_value": ">= 3.0.0, < 3.1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7", + "refsource": "MISC", + "name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7" + }, + { + "url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3", + "refsource": "MISC", + "name": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3" + }, + { + "url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27", + "refsource": "MISC", + "name": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27" + }, + { + "url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands", + "refsource": "MISC", + "name": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands" + }, + { + "url": "https://docs.sixlabors.com/articles/imagesharp/security.html", + "refsource": "MISC", + "name": "https://docs.sixlabors.com/articles/imagesharp/security.html" + } + ] + }, + "source": { + "advisory": "GHSA-g85r-6x2q-45w7", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3804.json b/2024/3xxx/CVE-2024-3804.json index 3b696ff04cd..8cac2969780 100644 --- a/2024/3xxx/CVE-2024-3804.json +++ b/2024/3xxx/CVE-2024-3804.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3804", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Vesystem Cloud Desktop bis 20240408 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /Public/webuploader/0.1.5/server/fileupload2.php. Dank der Manipulation des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vesystem", + "product": { + "product_data": [ + { + "product_name": "Cloud Desktop", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20240408" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.260777", + "refsource": "MISC", + "name": "https://vuldb.com/?id.260777" + }, + { + "url": "https://vuldb.com/?ctiid.260777", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.260777" + }, + { + "url": "https://vuldb.com/?submit.312318", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.312318" + }, + { + "url": "https://github.com/h0e4a0r1t/QmzrAacbbUCsUNJm/blob/main/VESYSTEM%20Cloud%20desktop%20arbitrary%20file%20upload%20vulnerability_fileupload2.php.pdf", + "refsource": "MISC", + "name": "https://github.com/h0e4a0r1t/QmzrAacbbUCsUNJm/blob/main/VESYSTEM%20Cloud%20desktop%20arbitrary%20file%20upload%20vulnerability_fileupload2.php.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "H0e4a0r1t (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3850.json b/2024/3xxx/CVE-2024-3850.json new file mode 100644 index 00000000000..749c83c98f6 --- /dev/null +++ b/2024/3xxx/CVE-2024-3850.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3850", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3851.json b/2024/3xxx/CVE-2024-3851.json new file mode 100644 index 00000000000..07944351a54 --- /dev/null +++ b/2024/3xxx/CVE-2024-3851.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3851", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file