diff --git a/2024/1xxx/CVE-2024-1908.json b/2024/1xxx/CVE-2024-1908.json index a0ecc291c19..2e1440a201c 100644 --- a/2024/1xxx/CVE-2024-1908.json +++ b/2024/1xxx/CVE-2024-1908.json @@ -1,17 +1,164 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1908", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-cna@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Privilege Management vulnerability\u00a0was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for GitHub Connect. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.16, 3.9.11, 3.10.8, and 3.11.6. This vulnerability was reported via the GitHub Bug Bounty program.\u00a0\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitHub", + "product": { + "product_data": [ + { + "product_name": "Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.8.16", + "status": "unaffected" + } + ], + "lessThan": "3.8.16", + "status": "affected", + "version": "3.8.0", + "versionType": "semver" + }, + { + "changes": [ + { + "at": "3.9.11", + "status": "unaffected" + } + ], + "lessThan": "3.9.11", + "status": "affected", + "version": "3.9.0", + "versionType": "semver " + }, + { + "changes": [ + { + "at": "3.10.8", + "status": "unaffected" + } + ], + "lessThan": "3.10.8", + "status": "affected", + "version": "3.10.0", + "versionType": "semver" + }, + { + "changes": [ + { + "at": "3.11.6", + "status": "unaffected" + } + ], + "lessThan": "3.11.6", + "status": "affected", + "version": "3.11.0", + "versionType": "semver" + }, + { + "status": "unaffected", + "version": "3.12.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes/#3.8.16", + "refsource": "MISC", + "name": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes/#3.8.16" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes/#3.9.11", + "refsource": "MISC", + "name": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes/#3.9.11" + }, + { + "url": "https://https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.8", + "refsource": "MISC", + "name": "https://https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.8" + }, + { + "url": "https://https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16", + "refsource": "MISC", + "name": "https://https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "ahacker1" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22319.json b/2024/22xxx/CVE-2024-22319.json index 24a611db824..6281bdd7644 100644 --- a/2024/22xxx/CVE-2024-22319.json +++ b/2024/22xxx/CVE-2024-22319.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "\nIBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.\n\n" + "value": "\n\n\nIBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.\n\n\n\n" } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.12.0.1" + "version_value": "8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1, 8.12.0.1" } ] } diff --git a/2024/22xxx/CVE-2024-22320.json b/2024/22xxx/CVE-2024-22320.json index 66cfc3354a4..a05712f73ad 100644 --- a/2024/22xxx/CVE-2024-22320.json +++ b/2024/22xxx/CVE-2024-22320.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146." + "value": "IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.12.0.1" + "version_value": "8.10.3" } ] } diff --git a/2024/25xxx/CVE-2024-25180.json b/2024/25xxx/CVE-2024-25180.json index 23746ccd309..f4d6381775e 100644 --- a/2024/25xxx/CVE-2024-25180.json +++ b/2024/25xxx/CVE-2024-25180.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25180", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25180", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the path '/pdf'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/joaoviictorti/My-CVES/blob/main/CVE-2024-25180/README.md", + "url": "https://github.com/joaoviictorti/My-CVES/blob/main/CVE-2024-25180/README.md" } ] } diff --git a/2024/25xxx/CVE-2024-25811.json b/2024/25xxx/CVE-2024-25811.json index 1368bf831e3..b5314e1628c 100644 --- a/2024/25xxx/CVE-2024-25811.json +++ b/2024/25xxx/CVE-2024-25811.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25811", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25811", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Fei123-design/vuln/blob/master/Dreamer%20CMS%20Unauthorized%20access%20vulnerability.md", + "refsource": "MISC", + "name": "https://github.com/Fei123-design/vuln/blob/master/Dreamer%20CMS%20Unauthorized%20access%20vulnerability.md" } ] } diff --git a/2024/27xxx/CVE-2024-27094.json b/2024/27xxx/CVE-2024-27094.json index cdb86e7104a..8fe3b3d1379 100644 --- a/2024/27xxx/CVE-2024-27094.json +++ b/2024/27xxx/CVE-2024-27094.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27094", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenZeppelin", + "product": { + "product_data": [ + { + "product_name": "openzeppelin-contracts", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 4.5.0, < 4.9.6" + }, + { + "version_affected": "=", + "version_value": ">= 5.0.0-rc.0, < 5.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9vx6-7xxf-x967", + "refsource": "MISC", + "name": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9vx6-7xxf-x967" + }, + { + "url": "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/2d081f24cac1a867f6f73d512f2022e1fa987854", + "refsource": "MISC", + "name": "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/2d081f24cac1a867f6f73d512f2022e1fa987854" + }, + { + "url": "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/723f8cab09cdae1aca9ec9cc1cfa040c2d4b06c1", + "refsource": "MISC", + "name": "https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/723f8cab09cdae1aca9ec9cc1cfa040c2d4b06c1" + }, + { + "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/92224533b1263772b0774eec3134e132a3d7b2a6", + "refsource": "MISC", + "name": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/92224533b1263772b0774eec3134e132a3d7b2a6" + }, + { + "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/a6286d0fded8771b3a645e5813e51993c490399c", + "refsource": "MISC", + "name": "https://github.com/OpenZeppelin/openzeppelin-contracts/commit/a6286d0fded8771b3a645e5813e51993c490399c" + } + ] + }, + "source": { + "advisory": "GHSA-9vx6-7xxf-x967", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2007.json b/2024/2xxx/CVE-2024-2007.json index dcc531e8b98..6546691c607 100644 --- a/2024/2xxx/CVE-2024-2007.json +++ b/2024/2xxx/CVE-2024-2007.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads to sandbox issue. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-255265 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In OpenBMB XAgent 1.0.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente Privileged Mode. Durch Beeinflussen mit unbekannten Daten kann eine sandbox issue-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-265 Sandbox Issue", + "cweId": "CWE-265" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenBMB", + "product": { + "product_data": [ + { + "product_name": "XAgent", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.255265", + "refsource": "MISC", + "name": "https://vuldb.com/?id.255265" + }, + { + "url": "https://vuldb.com/?ctiid.255265", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.255265" + }, + { + "url": "https://github.com/OpenBMB/XAgent/issues/386", + "refsource": "MISC", + "name": "https://github.com/OpenBMB/XAgent/issues/386" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "zznQ (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.3, + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2009.json b/2024/2xxx/CVE-2024-2009.json index 9ced4a5cbd4..0b570d80329 100644 --- a/2024/2xxx/CVE-2024-2009.json +++ b/2024/2xxx/CVE-2024-2009.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2009", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Nway Pro 9 ausgemacht. Es geht hierbei um die Funktion ajax_login_submit_form der Datei login\\index.php der Komponente Argument Handler. Dank der Manipulation des Arguments rsargs[] mit unbekannten Daten kann eine information exposure through error message-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209 Information Exposure Through Error Message", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nway Pro", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.255266", + "refsource": "MISC", + "name": "https://vuldb.com/?id.255266" + }, + { + "url": "https://vuldb.com/?ctiid.255266", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.255266" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "lorenzomoulin (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ] } diff --git a/2024/2xxx/CVE-2024-2027.json b/2024/2xxx/CVE-2024-2027.json new file mode 100644 index 00000000000..b09528a75e8 --- /dev/null +++ b/2024/2xxx/CVE-2024-2027.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2027", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2028.json b/2024/2xxx/CVE-2024-2028.json new file mode 100644 index 00000000000..ab8ee1054bc --- /dev/null +++ b/2024/2xxx/CVE-2024-2028.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2028", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2029.json b/2024/2xxx/CVE-2024-2029.json new file mode 100644 index 00000000000..8df8aa95234 --- /dev/null +++ b/2024/2xxx/CVE-2024-2029.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2029", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file