From aa039f7cc32bbef3de0f4c27b17f9fa86ac747b1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 18 Jun 2024 20:00:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/38xxx/CVE-2024-38273.json | 69 ++++++++++++++++++++++++++++++++-- 2024/38xxx/CVE-2024-38274.json | 69 ++++++++++++++++++++++++++++++++-- 2024/38xxx/CVE-2024-38275.json | 69 ++++++++++++++++++++++++++++++++-- 2024/38xxx/CVE-2024-38276.json | 69 ++++++++++++++++++++++++++++++++-- 2024/38xxx/CVE-2024-38277.json | 69 ++++++++++++++++++++++++++++++++-- 2024/38xxx/CVE-2024-38627.json | 18 +++++++++ 2024/38xxx/CVE-2024-38628.json | 18 +++++++++ 2024/38xxx/CVE-2024-38629.json | 18 +++++++++ 2024/38xxx/CVE-2024-38630.json | 18 +++++++++ 2024/38xxx/CVE-2024-38631.json | 18 +++++++++ 2024/38xxx/CVE-2024-38632.json | 18 +++++++++ 2024/38xxx/CVE-2024-38633.json | 18 +++++++++ 2024/38xxx/CVE-2024-38634.json | 18 +++++++++ 2024/38xxx/CVE-2024-38635.json | 18 +++++++++ 2024/38xxx/CVE-2024-38636.json | 18 +++++++++ 2024/38xxx/CVE-2024-38637.json | 18 +++++++++ 16 files changed, 523 insertions(+), 20 deletions(-) create mode 100644 2024/38xxx/CVE-2024-38627.json create mode 100644 2024/38xxx/CVE-2024-38628.json create mode 100644 2024/38xxx/CVE-2024-38629.json create mode 100644 2024/38xxx/CVE-2024-38630.json create mode 100644 2024/38xxx/CVE-2024-38631.json create mode 100644 2024/38xxx/CVE-2024-38632.json create mode 100644 2024/38xxx/CVE-2024-38633.json create mode 100644 2024/38xxx/CVE-2024-38634.json create mode 100644 2024/38xxx/CVE-2024-38635.json create mode 100644 2024/38xxx/CVE-2024-38636.json create mode 100644 2024/38xxx/CVE-2024-38637.json diff --git a/2024/38xxx/CVE-2024-38273.json b/2024/38xxx/CVE-2024-38273.json index f65ccef7ec7..d8c6c90dbf3 100644 --- a/2024/38xxx/CVE-2024-38273.json +++ b/2024/38xxx/CVE-2024-38273.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38273", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Moodle", + "product": { + "product_data": [ + { + "product_name": "Moodle", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.4" + }, + { + "version_affected": "<=", + "version_name": "4.3", + "version_value": "4.3.4" + }, + { + "version_affected": "<=", + "version_name": "4.2", + "version_value": "4.2.7" + }, + { + "version_affected": "<=", + "version_name": "4.1", + "version_value": "4.1.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://moodle.org/mod/forum/discuss.php?d=459498", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=459498" } ] } diff --git a/2024/38xxx/CVE-2024-38274.json b/2024/38xxx/CVE-2024-38274.json index dd9c705ecc3..7fb83c5b421 100644 --- a/2024/38xxx/CVE-2024-38274.json +++ b/2024/38xxx/CVE-2024-38274.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38274", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Moodle", + "product": { + "product_data": [ + { + "product_name": "Moodle", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.4" + }, + { + "version_affected": "<=", + "version_name": "4.3", + "version_value": "4.3.4" + }, + { + "version_affected": "<=", + "version_name": "4.2", + "version_value": "4.2.7" + }, + { + "version_affected": "<=", + "version_name": "4.1", + "version_value": "4.1.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://moodle.org/mod/forum/discuss.php?d=459499", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=459499" } ] } diff --git a/2024/38xxx/CVE-2024-38275.json b/2024/38xxx/CVE-2024-38275.json index bef3bf3e863..d60e9a7a8fb 100644 --- a/2024/38xxx/CVE-2024-38275.json +++ b/2024/38xxx/CVE-2024-38275.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38275", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-226", + "cweId": "CWE-226" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Moodle", + "product": { + "product_data": [ + { + "product_name": "Moodle", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.4" + }, + { + "version_affected": "<=", + "version_name": "4.3", + "version_value": "4.3.4" + }, + { + "version_affected": "<=", + "version_name": "4.2", + "version_value": "4.2.7" + }, + { + "version_affected": "<=", + "version_name": "4.1", + "version_value": "4.1.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://moodle.org/mod/forum/discuss.php?d=459500", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=459500" } ] } diff --git a/2024/38xxx/CVE-2024-38276.json b/2024/38xxx/CVE-2024-38276.json index cc4bbb8b03d..5daf8035c89 100644 --- a/2024/38xxx/CVE-2024-38276.json +++ b/2024/38xxx/CVE-2024-38276.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38276", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect CSRF token checks resulted in multiple CSRF risks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Moodle", + "product": { + "product_data": [ + { + "product_name": "Moodle", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.4" + }, + { + "version_affected": "<=", + "version_name": "4.3", + "version_value": "4.3.4" + }, + { + "version_affected": "<=", + "version_name": "4.2", + "version_value": "4.2.7" + }, + { + "version_affected": "<=", + "version_name": "4.1", + "version_value": "4.1.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://moodle.org/mod/forum/discuss.php?d=459501", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=459501" } ] } diff --git a/2024/38xxx/CVE-2024-38277.json b/2024/38xxx/CVE-2024-38277.json index 2405450ad73..56b43bba50a 100644 --- a/2024/38xxx/CVE-2024-38277.json +++ b/2024/38xxx/CVE-2024-38277.json @@ -1,17 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38277", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-324", + "cweId": "CWE-324" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Moodle", + "product": { + "product_data": [ + { + "product_name": "Moodle", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.4" + }, + { + "version_affected": "<=", + "version_name": "4.3", + "version_value": "4.3.4" + }, + { + "version_affected": "<=", + "version_name": "4.2", + "version_value": "4.2.7" + }, + { + "version_affected": "<=", + "version_name": "4.1", + "version_value": "4.1.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://moodle.org/mod/forum/discuss.php?d=459502", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=459502" } ] } diff --git a/2024/38xxx/CVE-2024-38627.json b/2024/38xxx/CVE-2024-38627.json new file mode 100644 index 00000000000..57105d93851 --- /dev/null +++ b/2024/38xxx/CVE-2024-38627.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38627", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38628.json b/2024/38xxx/CVE-2024-38628.json new file mode 100644 index 00000000000..a4992b41d51 --- /dev/null +++ b/2024/38xxx/CVE-2024-38628.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38628", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38629.json b/2024/38xxx/CVE-2024-38629.json new file mode 100644 index 00000000000..dbcce68f5c9 --- /dev/null +++ b/2024/38xxx/CVE-2024-38629.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38629", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38630.json b/2024/38xxx/CVE-2024-38630.json new file mode 100644 index 00000000000..fd263e7e87c --- /dev/null +++ b/2024/38xxx/CVE-2024-38630.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38630", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38631.json b/2024/38xxx/CVE-2024-38631.json new file mode 100644 index 00000000000..3de31f3bdbf --- /dev/null +++ b/2024/38xxx/CVE-2024-38631.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38631", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38632.json b/2024/38xxx/CVE-2024-38632.json new file mode 100644 index 00000000000..33e59e99b5a --- /dev/null +++ b/2024/38xxx/CVE-2024-38632.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38632", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38633.json b/2024/38xxx/CVE-2024-38633.json new file mode 100644 index 00000000000..738f5fe927f --- /dev/null +++ b/2024/38xxx/CVE-2024-38633.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38633", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38634.json b/2024/38xxx/CVE-2024-38634.json new file mode 100644 index 00000000000..89b5ef08c8c --- /dev/null +++ b/2024/38xxx/CVE-2024-38634.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38634", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38635.json b/2024/38xxx/CVE-2024-38635.json new file mode 100644 index 00000000000..17177c5c097 --- /dev/null +++ b/2024/38xxx/CVE-2024-38635.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38635", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38636.json b/2024/38xxx/CVE-2024-38636.json new file mode 100644 index 00000000000..b7270a8af59 --- /dev/null +++ b/2024/38xxx/CVE-2024-38636.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38636", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38637.json b/2024/38xxx/CVE-2024-38637.json new file mode 100644 index 00000000000..4a75c0d9bb7 --- /dev/null +++ b/2024/38xxx/CVE-2024-38637.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-38637", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file