From b4cc0856251e59068c2aba580677c0f78943f516 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Sep 2024 12:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/34xxx/CVE-2024-34457.json | 10 ++-- 2024/38xxx/CVE-2024-38503.json | 8 +-- 2024/45xxx/CVE-2024-45786.json | 81 ++++++++++++++++++++++++-- 2024/45xxx/CVE-2024-45787.json | 81 ++++++++++++++++++++++++-- 2024/45xxx/CVE-2024-45788.json | 81 ++++++++++++++++++++++++-- 2024/5xxx/CVE-2024-5416.json | 101 +++++++++++++++++++++++++++++++-- 2024/7xxx/CVE-2024-7609.json | 77 +++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8692.json | 18 ++++++ 2024/8xxx/CVE-2024-8693.json | 18 ++++++ 2024/8xxx/CVE-2024-8694.json | 18 ++++++ 10 files changed, 460 insertions(+), 33 deletions(-) create mode 100644 2024/8xxx/CVE-2024-8692.json create mode 100644 2024/8xxx/CVE-2024-8693.json create mode 100644 2024/8xxx/CVE-2024-8694.json diff --git a/2024/34xxx/CVE-2024-34457.json b/2024/34xxx/CVE-2024-34457.json index cbf3f058353..2a867e22a03 100644 --- a/2024/34xxx/CVE-2024-34457.json +++ b/2024/34xxx/CVE-2024-34457.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config.\n\nMitigation:\n\nall users should upgrade to 2.1.4\n\n" + "value": "On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config.\n\nMitigation:\n\nall users should upgrade to 2.1.4" } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-269 Improper Privilege Management", - "cweId": "CWE-269" + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" } ] } @@ -61,9 +61,9 @@ "name": "https://lists.apache.org/thread/brlfrmvw9dcv38zoofmhxg7qookmwn7j" }, { - "url": "http://www.openwall.com/lists/oss-security/2024/07/22/2", + "url": "https://www.openwall.com/lists/oss-security/2024/07/22/2", "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/22/2" + "name": "https://www.openwall.com/lists/oss-security/2024/07/22/2" } ] }, diff --git a/2024/38xxx/CVE-2024-38503.json b/2024/38xxx/CVE-2024-38503.json index cceef2d06d2..127548bc1cd 100644 --- a/2024/38xxx/CVE-2024-38503.json +++ b/2024/38xxx/CVE-2024-38503.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-20 Improper Input Validation", - "cweId": "CWE-20" + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" } ] } @@ -66,9 +66,9 @@ "name": "https://syncope.apache.org/security#cve-2024-38503-html-tags-can-be-injected-into-console-or-enduser" }, { - "url": "http://www.openwall.com/lists/oss-security/2024/07/22/3", + "url": "https://www.openwall.com/lists/oss-security/2024/07/22/3", "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/22/3" + "name": "https://www.openwall.com/lists/oss-security/2024/07/22/3" } ] }, diff --git a/2024/45xxx/CVE-2024-45786.json b/2024/45xxx/CVE-2024-45786.json index 9072b770739..8f41a3adc75 100644 --- a/2024/45xxx/CVE-2024-45786.json +++ b/2024/45xxx/CVE-2024-45786.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45786", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vdisclose@cert-in.org.in", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to gain unauthorized access to sensitive information belonging to other users." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Reedos Software Solutions", + "product": { + "product_data": [ + { + "product_name": "Mutual Fund Distribution Product (aiM-Star)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291", + "refsource": "MISC", + "name": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Upgrade Reedos Mutual Fund Distribution Product (aiM-Star) to version 2.0.2
" + } + ], + "value": "Upgrade Reedos Mutual Fund Distribution Product (aiM-Star) to version 2.0.2" + } + ], + "credits": [ + { + "lang": "en", + "value": "This vulnerability is reported by Mohit Gadiya." + } + ] } \ No newline at end of file diff --git a/2024/45xxx/CVE-2024-45787.json b/2024/45xxx/CVE-2024-45787.json index c1e9c8ad858..1be24176a22 100644 --- a/2024/45xxx/CVE-2024-45787.json +++ b/2024/45xxx/CVE-2024-45787.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45787", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vdisclose@cert-in.org.in", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the API request leading to exposure of sensitive information belonging to other users." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", + "cweId": "CWE-359" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Reedos Software Solutions", + "product": { + "product_data": [ + { + "product_name": "Mutual Fund Distribution Product (aiM-Star)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291", + "refsource": "MISC", + "name": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Upgrade Reedos Mutual Fund Distribution Product (aiM-Star) to version 2.0.2
" + } + ], + "value": "Upgrade Reedos Mutual Fund Distribution Product (aiM-Star) to version 2.0.2" + } + ], + "credits": [ + { + "lang": "en", + "value": "This vulnerability is reported by Mohit Gadiya." + } + ] } \ No newline at end of file diff --git a/2024/45xxx/CVE-2024-45788.json b/2024/45xxx/CVE-2024-45788.json index 46a0a2c79b4..4127dd659f0 100644 --- a/2024/45xxx/CVE-2024-45788.json +++ b/2024/45xxx/CVE-2024-45788.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45788", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vdisclose@cert-in.org.in", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-799: Improper Control of Interaction Frequency", + "cweId": "CWE-799" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Reedos Software Solutions", + "product": { + "product_data": [ + { + "product_name": "Mutual Fund Distribution Product (aiM-Star)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291", + "refsource": "MISC", + "name": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Upgrade Reedos Mutual Fund Distribution Product (aiM-Star) to version 2.0.2
" + } + ], + "value": "Upgrade Reedos Mutual Fund Distribution Product (aiM-Star) to version 2.0.2" + } + ], + "credits": [ + { + "lang": "en", + "value": "This vulnerability is reported by Mohit Gadiya." + } + ] } \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5416.json b/2024/5xxx/CVE-2024-5416.json index 2898a7fcfe1..803b8219920 100644 --- a/2024/5xxx/CVE-2024-5416.json +++ b/2024/5xxx/CVE-2024-5416.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5416", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Elementor Website Builder \u2013 More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and including, 3.23.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in Elementor Editor pages. This was partially patched in version 3.23.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "elemntor", + "product": { + "product_data": [ + { + "product_name": "Elementor Website Builder \u2013 More than Just a Page Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.23.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a99a64f7-1ea8-4de6-b24f-1f69bf25c1f5?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a99a64f7-1ea8-4de6-b24f-1f69bf25c1f5?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/elementor/tags/3.21.8/includes/widgets/traits/button-trait.php#L523", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/elementor/tags/3.21.8/includes/widgets/traits/button-trait.php#L523" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/elementor/tags/3.21.8/includes/widgets/image.php#L820", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/elementor/tags/3.21.8/includes/widgets/image.php#L820" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/elementor/tags/3.21.8/includes/widgets/social-icons.php#L659", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/elementor/tags/3.21.8/includes/widgets/social-icons.php#L659" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/elementor/tags/3.21.8/includes/widgets/testimonial.php#L608", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/elementor/tags/3.21.8/includes/widgets/testimonial.php#L608" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3123936", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3123936" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3149264/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3149264/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wesley" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/7xxx/CVE-2024-7609.json b/2024/7xxx/CVE-2024-7609.json index 62fb383ff27..eafbc319c91 100644 --- a/2024/7xxx/CVE-2024-7609.json +++ b/2024/7xxx/CVE-2024-7609.json @@ -1,18 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7609", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.This issue affects VOC TESTER: before 12.34.8." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vidco Software", + "product": { + "product_data": [ + { + "product_name": "VOC TESTER", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "12.34.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://www.usom.gov.tr/bildirim/tr-24-1447", + "refsource": "MISC", + "name": "https://https://www.usom.gov.tr/bildirim/tr-24-1447" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TR-24-1447", + "defect": [ + "TR-24-1447" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Aleyna KABAL" + }, + { + "lang": "en", + "value": "Privia Security Inc." + } + ] } \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8692.json b/2024/8xxx/CVE-2024-8692.json new file mode 100644 index 00000000000..b7c407a4131 --- /dev/null +++ b/2024/8xxx/CVE-2024-8692.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8692", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8693.json b/2024/8xxx/CVE-2024-8693.json new file mode 100644 index 00000000000..86c6a0e25e0 --- /dev/null +++ b/2024/8xxx/CVE-2024-8693.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8693", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8694.json b/2024/8xxx/CVE-2024-8694.json new file mode 100644 index 00000000000..b1778c94a54 --- /dev/null +++ b/2024/8xxx/CVE-2024-8694.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8694", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file