From 997ce0ed48feab37a0a6f7c855331ce4e7b0fe5f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 12:02:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/4xxx/CVE-2023-4459.json | 87 -------------- 2023/5xxx/CVE-2023-5178.json | 11 ++ 2023/6xxx/CVE-2023-6546.json | 19 --- 2023/7xxx/CVE-2023-7192.json | 87 -------------- 2024/0xxx/CVE-2024-0044.json | 18 ++- 2024/0xxx/CVE-2024-0521.json | 2 +- 2024/0xxx/CVE-2024-0646.json | 203 --------------------------------- 2024/0xxx/CVE-2024-0815.json | 2 +- 2024/0xxx/CVE-2024-0817.json | 2 +- 2024/23xxx/CVE-2024-23300.json | 5 - 2024/26xxx/CVE-2024-26165.json | 2 +- 2024/26xxx/CVE-2024-26201.json | 2 +- 2024/28xxx/CVE-2024-28121.json | 5 - 2024/2xxx/CVE-2024-2406.json | 95 ++++++++++++++- 14 files changed, 124 insertions(+), 416 deletions(-) diff --git a/2023/4xxx/CVE-2023-4459.json b/2023/4xxx/CVE-2023-4459.json index b6f9f2f6648..3c32bd7732f 100644 --- a/2023/4xxx/CVE-2023-4459.json +++ b/2023/4xxx/CVE-2023-4459.json @@ -60,69 +60,6 @@ "vendor_name": "Red Hat", "product": { "product_data": [ - { - "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:4.18.0-305.125.1.el8_4", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:4.18.0-305.125.1.el8_4", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:4.18.0-305.125.1.el8_4", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "version": { @@ -161,20 +98,6 @@ ], "defaultStatus": "affected" } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:5.14.0-70.93.1.rt21.165.el9_0", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } } ] } @@ -302,16 +225,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1250" }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1306", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1306" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1367", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1367" - }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4459", "refsource": "MISC", diff --git a/2023/5xxx/CVE-2023-5178.json b/2023/5xxx/CVE-2023-5178.json index 346e2ee8936..fdfcf4e9e79 100644 --- a/2023/5xxx/CVE-2023-5178.json +++ b/2023/5xxx/CVE-2023-5178.json @@ -174,6 +174,12 @@ ], "defaultStatus": "affected" } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } } ] } @@ -625,6 +631,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1269" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1278", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1278" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5178", "refsource": "MISC", diff --git a/2023/6xxx/CVE-2023-6546.json b/2023/6xxx/CVE-2023-6546.json index be298a0f672..a3ffff67b81 100644 --- a/2023/6xxx/CVE-2023-6546.json +++ b/2023/6xxx/CVE-2023-6546.json @@ -105,20 +105,6 @@ "defaultStatus": "affected" } }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:5.14.0-70.93.1.rt21.165.el9_0", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - }, { "version_value": "not down converted", "x_cve_json_5_version_data": { @@ -317,11 +303,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1253" }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1306", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1306" - }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6546", "refsource": "MISC", diff --git a/2023/7xxx/CVE-2023-7192.json b/2023/7xxx/CVE-2023-7192.json index faa9bb5b180..553cff015b8 100644 --- a/2023/7xxx/CVE-2023-7192.json +++ b/2023/7xxx/CVE-2023-7192.json @@ -60,69 +60,6 @@ "vendor_name": "Red Hat", "product": { "product_data": [ - { - "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:4.18.0-305.125.1.el8_4", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:4.18.0-305.125.1.el8_4", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:4.18.0-305.125.1.el8_4", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "version": { @@ -161,20 +98,6 @@ ], "defaultStatus": "affected" } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:5.14.0-70.93.1.rt21.165.el9_0", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } } ] } @@ -347,16 +270,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1250" }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1306", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1306" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1367", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1367" - }, { "url": "https://access.redhat.com/security/cve/CVE-2023-7192", "refsource": "MISC", diff --git a/2024/0xxx/CVE-2024-0044.json b/2024/0xxx/CVE-2024-0044.json index d08ad2fc56f..00f92e49633 100644 --- a/2024/0xxx/CVE-2024-0044.json +++ b/2024/0xxx/CVE-2024-0044.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" } ] }, @@ -74,7 +74,23 @@ "url": "https://source.android.com/security/bulletin/2024-03-01", "refsource": "MISC", "name": "https://source.android.com/security/bulletin/2024-03-01" + }, + { + "url": "https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html", + "refsource": "MISC", + "name": "https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html" + }, + { + "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2", + "refsource": "MISC", + "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2" } ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/0xxx/CVE-2024-0521.json b/2024/0xxx/CVE-2024-0521.json index 8cd50b83154..d133112c056 100644 --- a/2024/0xxx/CVE-2024-0521.json +++ b/2024/0xxx/CVE-2024-0521.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-0521", - "ASSIGNER": "paddle-security@baidu.com", + "ASSIGNER": "security@huntr.com", "STATE": "PUBLIC" }, "description": { diff --git a/2024/0xxx/CVE-2024-0646.json b/2024/0xxx/CVE-2024-0646.json index c2d931f03c4..400d6fe2f1b 100644 --- a/2024/0xxx/CVE-2024-0646.json +++ b/2024/0xxx/CVE-2024-0646.json @@ -106,152 +106,6 @@ ] } }, - { - "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:4.18.0-193.128.1.el8_2", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:4.18.0-193.128.1.rt13.179.el8_2", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:4.18.0-193.128.1.el8_2", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:4.18.0-193.128.1.el8_2", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unaffected" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:4.18.0-305.125.1.el8_4", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:4.18.0-305.125.1.el8_4", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:4.18.0-305.125.1.el8_4", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "version": { @@ -279,19 +133,6 @@ ] } }, - { - "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unaffected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -357,20 +198,6 @@ "defaultStatus": "affected" } }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:5.14.0-70.93.1.rt21.165.el9_0", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - }, { "version_value": "not down converted", "x_cve_json_5_version_data": { @@ -562,36 +389,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1253" }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1268", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1268" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1269", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1269" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1278", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1278" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1306", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1306" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1367", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1367" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1368", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1368" - }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0646", "refsource": "MISC", diff --git a/2024/0xxx/CVE-2024-0815.json b/2024/0xxx/CVE-2024-0815.json index 910b4295f54..74ec57b216e 100644 --- a/2024/0xxx/CVE-2024-0815.json +++ b/2024/0xxx/CVE-2024-0815.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-0815", - "ASSIGNER": "paddle-security@baidu.com", + "ASSIGNER": "security@huntr.com", "STATE": "PUBLIC" }, "description": { diff --git a/2024/0xxx/CVE-2024-0817.json b/2024/0xxx/CVE-2024-0817.json index 1ae3c897a88..38c167e7335 100644 --- a/2024/0xxx/CVE-2024-0817.json +++ b/2024/0xxx/CVE-2024-0817.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-0817", - "ASSIGNER": "paddle-security@baidu.com", + "ASSIGNER": "security@huntr.com", "STATE": "PUBLIC" }, "description": { diff --git a/2024/23xxx/CVE-2024-23300.json b/2024/23xxx/CVE-2024-23300.json index 493cfe2e4b2..f0774948688 100644 --- a/2024/23xxx/CVE-2024-23300.json +++ b/2024/23xxx/CVE-2024-23300.json @@ -58,11 +58,6 @@ "url": "https://support.apple.com/en-us/HT214090", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214090" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/27", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/27" } ] } diff --git a/2024/26xxx/CVE-2024-26165.json b/2024/26xxx/CVE-2024-26165.json index 132afe9aeea..1a78a0f0385 100644 --- a/2024/26xxx/CVE-2024-26165.json +++ b/2024/26xxx/CVE-2024-26165.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "1.0.0", - "version_value": "1.87.2" + "version_value": "1.XX.X" } ] } diff --git a/2024/26xxx/CVE-2024-26201.json b/2024/26xxx/CVE-2024-26201.json index 5e1e0006f63..f0265cf8d78 100644 --- a/2024/26xxx/CVE-2024-26201.json +++ b/2024/26xxx/CVE-2024-26201.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "1.0.0", - "version_value": "1.2402.12" + "version_value": "2402" } ] } diff --git a/2024/28xxx/CVE-2024-28121.json b/2024/28xxx/CVE-2024-28121.json index b4faf28866c..112a2a40c98 100644 --- a/2024/28xxx/CVE-2024-28121.json +++ b/2024/28xxx/CVE-2024-28121.json @@ -82,11 +82,6 @@ "url": "https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.5.0.rc4", "refsource": "MISC", "name": "https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.5.0.rc4" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/16", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/16" } ] }, diff --git a/2024/2xxx/CVE-2024-2406.json b/2024/2xxx/CVE-2024-2406.json index 02b0f050a67..23d62ee4ec9 100644 --- a/2024/2xxx/CVE-2024-2406.json +++ b/2024/2xxx/CVE-2024-2406.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2406", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. This affects the function index of the file /app/admin/controller/Upload.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256503." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Gacjie Server bis 1.0 gefunden. Dabei betrifft es die Funktion index der Datei /app/admin/controller/Upload.php. Mittels dem Manipulieren des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Gacjie", + "product": { + "product_data": [ + { + "product_name": "Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256503", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256503" + }, + { + "url": "https://vuldb.com/?ctiid.256503", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256503" + }, + { + "url": "https://note.zhaoj.in/share/7kZiVRqSuiMx", + "refsource": "MISC", + "name": "https://note.zhaoj.in/share/7kZiVRqSuiMx" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "glzjin (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.5, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P" } ] }