From bbbe8663a19f3d7f28cf803d25e39e847461cb46 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 14:02:13 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/0xxx/CVE-2024-0646.json | 98 ++++++++++++++++++++++++++++++++++++ 2024/2xxx/CVE-2024-2371.json | 97 +++++++++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2391.json | 95 ++-------------------------------- 2024/2xxx/CVE-2024-2393.json | 95 ++-------------------------------- 2024/2xxx/CVE-2024-2394.json | 95 ++-------------------------------- 5 files changed, 203 insertions(+), 277 deletions(-) diff --git a/2024/0xxx/CVE-2024-0646.json b/2024/0xxx/CVE-2024-0646.json index 400d6fe2f1b..9f2240a3c35 100644 --- a/2024/0xxx/CVE-2024-0646.json +++ b/2024/0xxx/CVE-2024-0646.json @@ -106,6 +106,89 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-193.128.1.el8_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-193.128.1.rt13.179.el8_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-193.128.1.el8_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-193.128.1.el8_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "version": { @@ -389,6 +472,21 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1253" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1268", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1268" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1269", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1269" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1278", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1278" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0646", "refsource": "MISC", diff --git a/2024/2xxx/CVE-2024-2371.json b/2024/2xxx/CVE-2024-2371.json index 3f31c7cdab3..5ccb676a10f 100644 --- a/2024/2xxx/CVE-2024-2371.json +++ b/2024/2xxx/CVE-2024-2371.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2371", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Korenix", + "product": { + "product_data": [ + { + "product_name": "JetI/O 6550", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "F208 Build:0817" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/information-exposure-vulnerability-korenix-jetio-6550", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/information-exposure-vulnerability-korenix-jetio-6550" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "There is no reported solution at this time." + } + ], + "value": "There is no reported solution at this time." + } + ], + "credits": [ + { + "lang": "en", + "value": "HADESS" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2391.json b/2024/2xxx/CVE-2024-2391.json index ce5f707d516..c030c9347a2 100644 --- a/2024/2xxx/CVE-2024-2391.json +++ b/2024/2xxx/CVE-2024-2391.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2391", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in EVE-NG 5.0.1-13 and classified as problematic. Affected by this issue is some unknown functionality of the component Lab Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256442 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine Schwachstelle wurde in EVE-NG 5.0.1-13 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Lab Handler. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "EVE-NG", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "5.0.1-13" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256442", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256442" - }, - { - "url": "https://vuldb.com/?ctiid.256442", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256442" - }, - { - "url": "https://www.exploit-db.com/exploits/51153", - "refsource": "MISC", - "name": "https://www.exploit-db.com/exploits/51153" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "Casp3r0x0 (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 2.4, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "3.0", - "baseScore": 2.4, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", - "baseSeverity": "LOW" - }, - { - "version": "2.0", - "baseScore": 3.3, - "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2393.json b/2024/2xxx/CVE-2024-2393.json index 2b24fb5e9c6..b5d9d10f1f9 100644 --- a/2024/2xxx/CVE-2024-2393.json +++ b/2024/2xxx/CVE-2024-2393.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2393", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file add_user.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256453 was assigned to this vulnerability." - }, - { - "lang": "deu", - "value": "In SourceCodester CRUD without Page Reload 1.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei add_user.php. Durch Beeinflussen des Arguments city mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SourceCodester", - "product": { - "product_data": [ - { - "product_name": "CRUD without Page Reload", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256453", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256453" - }, - { - "url": "https://vuldb.com/?ctiid.256453", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256453" - }, - { - "url": "https://github.com/CveSecLook/cve/blob/main/CRUD%20(Create%2C%20Read%2C%20Update%2C%20Delete)%20Without%20Page%20Reload%3ARefresh%20Using%20PHP%20and%20MySQL%20with%20Source%20Code%202/sql-1.md", - "refsource": "MISC", - "name": "https://github.com/CveSecLook/cve/blob/main/CRUD%20(Create%2C%20Read%2C%20Update%2C%20Delete)%20Without%20Page%20Reload%3ARefresh%20Using%20PHP%20and%20MySQL%20with%20Source%20Code%202/sql-1.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "404cchd (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 6.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 6.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2394.json b/2024/2xxx/CVE-2024-2394.json index e5bb490a604..06f086c7acf 100644 --- a/2024/2xxx/CVE-2024-2394.json +++ b/2024/2xxx/CVE-2024-2394.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2394", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256454 is the identifier assigned to this vulnerability." - }, - { - "lang": "deu", - "value": "Eine kritische Schwachstelle wurde in SourceCodester Employee Management System 1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /Admin/add-admin.php. Dank der Manipulation des Arguments avatar mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-434 Unrestricted Upload", - "cweId": "CWE-434" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SourceCodester", - "product": { - "product_data": [ - { - "product_name": "Employee Management System", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256454", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256454" - }, - { - "url": "https://vuldb.com/?ctiid.256454", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256454" - }, - { - "url": "https://github.com/LiAoRJ/CVE_Hunter/blob/main/RCE-1.md", - "refsource": "MISC", - "name": "https://github.com/LiAoRJ/CVE_Hunter/blob/main/RCE-1.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "LiAoRJ (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 4.7, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 4.7, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 5.8, - "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] }