From a81b9bb9686835116c4354efb0955bcd3262d778 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 2 Aug 2024 10:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/27xxx/CVE-2024-27181.json | 69 +++++++++++++++++++++++++++--- 2024/27xxx/CVE-2024-27182.json | 69 +++++++++++++++++++++++++++--- 2024/36xxx/CVE-2024-36268.json | 69 +++++++++++++++++++++++++++--- 2024/4xxx/CVE-2024-4643.json | 76 ++++++++++++++++++++++++++++++++-- 2024/7xxx/CVE-2024-7407.json | 18 ++++++++ 5 files changed, 282 insertions(+), 19 deletions(-) create mode 100644 2024/7xxx/CVE-2024-7407.json diff --git a/2024/27xxx/CVE-2024-27181.json b/2024/27xxx/CVE-2024-27181.json index 4e8e65bc802..d87aee58224 100644 --- a/2024/27xxx/CVE-2024-27181.json +++ b/2024/27xxx/CVE-2024-27181.json @@ -1,18 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27181", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Linkis <= 1.5.0,\n\nPrivilege Escalation in Basic management services where the attacking user is \n\na trusted account\n\n allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Linkis Basic management services", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.3.2", + "version_value": "1.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/hosd73l7hxb3rpt5rb0yg0ld11zph4c6", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/hosd73l7hxb3rpt5rb0yg0ld11zph4c6" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "superx" + } + ] } \ No newline at end of file diff --git a/2024/27xxx/CVE-2024-27182.json b/2024/27xxx/CVE-2024-27182.json index 5d9717e0420..b9fcc782408 100644 --- a/2024/27xxx/CVE-2024-27182.json +++ b/2024/27xxx/CVE-2024-27182.json @@ -1,18 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27182", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Linkis <= 1.5.0,\n\nArbitrary file deletion in Basic management services on \n\nA user with an administrator account could delete any file accessible by the Linkis system user\n\n.\nUsers are recommended to upgrade to version 1.6.0, which fixes this issue." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-552 Files or Directories Accessible to External Parties", + "cweId": "CWE-552" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Linkis Basic management services", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.3.2", + "version_value": "1.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/2of1p433h8rbq2bx525rtftnk19oz38h" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "superx" + } + ] } \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36268.json b/2024/36xxx/CVE-2024-36268.json index 5b45a98a1ea..f873d063ec0 100644 --- a/2024/36xxx/CVE-2024-36268.json +++ b/2024/36xxx/CVE-2024-36268.json @@ -1,18 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-36268", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.\n\nThis issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it.\n\n[1]\u00a0 https://github.com/apache/inlong/pull/10251" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache InLong TubeMQ Client", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.10.0", + "version_value": "1.12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/1w1yp1bg5sjvn46dszkf00tz1vfs0frc", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/1w1yp1bg5sjvn46dszkf00tz1vfs0frc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "X1r0z" + } + ] } \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4643.json b/2024/4xxx/CVE-2024-4643.json index 4899b1f5920..2dd6fc3d8e6 100644 --- a/2024/4xxx/CVE-2024-4643.json +++ b/2024/4xxx/CVE-2024-4643.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4643", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018end_redirect_link\u2019 parameter in versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "bdthemes", + "product": { + "product_data": [ + { + "product_name": "Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f281ef5-bb2e-42f9-be51-6f7bd3069f59?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f281ef5-bb2e-42f9-be51-6f7bd3069f59?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/countdown/widgets/countdown.php#L2501", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/countdown/widgets/countdown.php#L2501" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Craig Smith" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/7xxx/CVE-2024-7407.json b/2024/7xxx/CVE-2024-7407.json new file mode 100644 index 00000000000..8939811f465 --- /dev/null +++ b/2024/7xxx/CVE-2024-7407.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7407", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file