From bea68f123fed619c0818be1a47f8bec64837760c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 12 Jul 2024 21:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/28xxx/CVE-2023-28328.json | 63 ++++++++++++------------ 2023/34xxx/CVE-2023-34474.json | 70 ++++++++++++++------------- 2023/34xxx/CVE-2023-34475.json | 70 ++++++++++++++------------- 2023/41xxx/CVE-2023-41093.json | 88 ++++++++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2746.json | 22 ++++----- 2024/37xxx/CVE-2024-37082.json | 37 +++++--------- 2024/37xxx/CVE-2024-37405.json | 64 +++++++++++++++++++++++-- 2024/38xxx/CVE-2024-38736.json | 85 ++++++++++++++++++++++++++++++-- 2024/39xxx/CVE-2024-39917.json | 81 +++++++++++++++++++++++++++++-- 2024/40xxx/CVE-2024-40110.json | 56 +++++++++++++++++++--- 2024/40xxx/CVE-2024-40690.json | 83 ++++++++++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6716.json | 18 +++++++ 2024/6xxx/CVE-2024-6717.json | 18 +++++++ 2024/6xxx/CVE-2024-6718.json | 18 +++++++ 2024/6xxx/CVE-2024-6719.json | 18 +++++++ 2024/6xxx/CVE-2024-6720.json | 18 +++++++ 2024/6xxx/CVE-2024-6721.json | 18 +++++++ 2024/6xxx/CVE-2024-6722.json | 18 +++++++ 18 files changed, 684 insertions(+), 161 deletions(-) create mode 100644 2024/6xxx/CVE-2024-6716.json create mode 100644 2024/6xxx/CVE-2024-6717.json create mode 100644 2024/6xxx/CVE-2024-6718.json create mode 100644 2024/6xxx/CVE-2024-6719.json create mode 100644 2024/6xxx/CVE-2024-6720.json create mode 100644 2024/6xxx/CVE-2024-6721.json create mode 100644 2024/6xxx/CVE-2024-6722.json diff --git a/2023/28xxx/CVE-2023-28328.json b/2023/28xxx/CVE-2023-28328.json index c2bba4936cc..0485633b911 100644 --- a/2023/28xxx/CVE-2023-28328.json +++ b/2023/28xxx/CVE-2023-28328.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28328", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476", + "cweId": "CWE-476" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,7 +40,9 @@ "version": { "version_data": [ { - "version_value": "Linux Kernel prior to kernel 6.2 RC1" + "version_affected": "<", + "version_name": "Linux Kernel prior to kernel 6.2 RC1", + "version_value": "6.2" } ] } @@ -30,42 +53,22 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-476" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177389", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2177389", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177389" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2177389" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", - "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", - "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service." + "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } diff --git a/2023/34xxx/CVE-2023-34474.json b/2023/34xxx/CVE-2023-34474.json index e2274d3e09e..c9a8d54b726 100644 --- a/2023/34xxx/CVE-2023-34474.json +++ b/2023/34xxx/CVE-2023-34474.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34474", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 - Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,7 +40,8 @@ "version": { "version_data": [ { - "version_value": "Fixed in ImageMagick 7.1.1-10" + "version_affected": "=", + "version_value": "7.1.1-10" } ] } @@ -30,52 +52,32 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-122 - Heap-based Buffer Overflow" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0", "refsource": "MISC", - "name": "https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0", - "url": "https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0" + "name": "https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0" }, { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214148", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2214148", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214148" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2214148" }, { + "url": "https://access.redhat.com/security/cve/CVE-2023-34474", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2023-34474", - "url": "https://access.redhat.com/security/cve/CVE-2023-34474" + "name": "https://access.redhat.com/security/cve/CVE-2023-34474" }, { - "refsource": "FEDORA", - "name": "FEDORA-2023-27548af422", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2023-edbdccae2a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service." + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/" } ] } diff --git a/2023/34xxx/CVE-2023-34475.json b/2023/34xxx/CVE-2023-34475.json index 38db11b2817..8f0bfbd62d0 100644 --- a/2023/34xxx/CVE-2023-34475.json +++ b/2023/34xxx/CVE-2023-34475.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34475", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 - Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,7 +40,8 @@ "version": { "version_data": [ { - "version_value": "Fixed in ImageMagick 7.1.1-10" + "version_affected": "=", + "version_value": "7.1.1-10" } ] } @@ -30,52 +52,32 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416 - Use After Free" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0", "refsource": "MISC", - "name": "https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0", - "url": "https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0" + "name": "https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0" }, { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214149", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2214149", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214149" + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2214149" }, { + "url": "https://access.redhat.com/security/cve/CVE-2023-34475", "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2023-34475", - "url": "https://access.redhat.com/security/cve/CVE-2023-34475" + "name": "https://access.redhat.com/security/cve/CVE-2023-34475" }, { - "refsource": "FEDORA", - "name": "FEDORA-2023-27548af422", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/" + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/" }, { - "refsource": "FEDORA", - "name": "FEDORA-2023-edbdccae2a", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service." + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/" } ] } diff --git a/2023/41xxx/CVE-2023-41093.json b/2023/41xxx/CVE-2023-41093.json index 5aea7a08f32..87fc38ced88 100644 --- a/2023/41xxx/CVE-2023-41093.json +++ b/2023/41xxx/CVE-2023-41093.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41093", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@silabs.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Silicon Labs", + "product": { + "product_data": [ + { + "product_name": "Simplicity SDK", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "8.0.0", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://community.silabs.com/068Vm000007v4HP", + "refsource": "MISC", + "name": "https://community.silabs.com/068Vm000007v4HP" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2746.json b/2024/2xxx/CVE-2024-2746.json index 1f31854fba0..cea934f5c32 100644 --- a/2024/2xxx/CVE-2024-2746.json +++ b/2024/2xxx/CVE-2024-2746.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Incomplete fix for CVE-2024-1929\n\nThe problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a\nlocal root exploit by tricking the daemon into loading a user controlled \"plugin\". All of this happened before Polkit authentication was even started.\n\nThe dnf5 library code does not check whether non-root users control the directory in question.\u00a0\n\nOn one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file\nthat causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow.\nThe file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics\nare accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though.\n\nAlso, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specify\na plethora of additional configuration options. This makes various\u00a0additional code paths in libdnf5 accessible to the attacker.\u00a0\n" + "value": "Incomplete fix for CVE-2024-1929\n\nThe problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a\nlocal root exploit by tricking the daemon into loading a user controlled \"plugin\". All of this happened before Polkit authentication was even started.\n\nThe dnf5 library code does not check whether non-root users control the directory in question.\u00a0\n\nOn one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file\nthat causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow.\nThe file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics\nare accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though.\n\nAlso, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specify\na plethora of additional configuration options. This makes various\u00a0additional code paths in libdnf5 accessible to the attacker." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "5.1.16<=" + "version_value": "5.1.16" } ] } @@ -70,18 +70,18 @@ "impact": { "cvss": [ { - "version": "3.1", - "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "CHANGED", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseSeverity": "HIGH", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/37xxx/CVE-2024-37082.json b/2024/37xxx/CVE-2024-37082.json index 2f0db6a1989..011d8f41fd7 100644 --- a/2024/37xxx/CVE-2024-37082.json +++ b/2024/37xxx/CVE-2024-37082.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry prior to v40.17.0 potentially allows bypass of mTLS authentication to applications hosted on Cloud Foundry." + "value": "When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications.\u00a0\n\nYou are affected if you have route-services enabled in routing-release and have configured the haproxy-boshrelease property \u201cha_proxy.forwarded_client_cert\u201d to \u201cforward_only_if_route_service\u201d." } ] }, @@ -32,32 +32,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Routing Release", + "vendor_name": "Cloud Foundry", "product": { "product_data": [ { - "product_name": "Routing Release", + "product_name": "haproxy-boshrelease", "version": { "version_data": [ { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "(in combination with HAProxy Release > 10.6.0)", - "status": "unaffected" - } - ], - "lessThan": "0.299.0", - "status": "affected", - "version": "0.1", - "versionType": "python" - } - ], - "defaultStatus": "unaffected" - } + "version_affected": "<", + "version_name": "0", + "version_value": "0.299.0" } ] } @@ -86,17 +71,17 @@ "impact": { "cvss": [ { - "attackComplexity": "HIGH", + "attackComplexity": "LOW", "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9, + "availabilityImpact": "NONE", + "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } ] diff --git a/2024/37xxx/CVE-2024-37405.json b/2024/37xxx/CVE-2024-37405.json index e3a6029a441..e5fb1a9ac5b 100644 --- a/2024/37xxx/CVE-2024-37405.json +++ b/2024/37xxx/CVE-2024-37405.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37405", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken (pre-authentication) and livechat:loadHistory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rocket.Chat", + "product": { + "product_data": [ + { + "product_name": "Rocket.Chat", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.10.0", + "version_value": "6.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/2580062", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2580062" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/38xxx/CVE-2024-38736.json b/2024/38xxx/CVE-2024-38736.json index 7724ec7e9eb..4ca9369e49b 100644 --- a/2024/38xxx/CVE-2024-38736.json +++ b/2024/38xxx/CVE-2024-38736.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38736", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Realtyna", + "product": { + "product_data": [ + { + "product_name": "Realtyna Organic IDX plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "4.14.13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-4-14-13-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-4-14-13-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Peng Zhou (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/39xxx/CVE-2024-39917.json b/2024/39xxx/CVE-2024-39917.json index 86da2e4ef11..754b0cf585b 100644 --- a/2024/39xxx/CVE-2024-39917.json +++ b/2024/39xxx/CVE-2024-39917.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39917", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. " + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-307: Improper Restriction of Excessive Authentication Attempts", + "cweId": "CWE-307" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "neutrinolabs", + "product": { + "product_data": [ + { + "product_name": "xrdp", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 0.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j", + "refsource": "MISC", + "name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j" + }, + { + "url": "https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f", + "refsource": "MISC", + "name": "https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f" + } + ] + }, + "source": { + "advisory": "GHSA-7w22-h4w7-8j5j", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/40xxx/CVE-2024-40110.json b/2024/40xxx/CVE-2024-40110.json index 966b0680c46..7696b92baf9 100644 --- a/2024/40xxx/CVE-2024-40110.json +++ b/2024/40xxx/CVE-2024-40110.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40110", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40110", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/w3bn00b3r/Unauthenticated-Remote-Code-Execution-RCE---Poultry-Farm-Management-System-v1.0/", + "refsource": "MISC", + "name": "https://github.com/w3bn00b3r/Unauthenticated-Remote-Code-Execution-RCE---Poultry-Farm-Management-System-v1.0/" } ] } diff --git a/2024/40xxx/CVE-2024-40690.json b/2024/40xxx/CVE-2024-40690.json index 4f41d132a99..ad125d08fbd 100644 --- a/2024/40xxx/CVE-2024-40690.json +++ b/2024/40xxx/CVE-2024-40690.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-40690", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "InfoSphere Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7160103", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7160103" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297720", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297720" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/6xxx/CVE-2024-6716.json b/2024/6xxx/CVE-2024-6716.json new file mode 100644 index 00000000000..85aa238ec26 --- /dev/null +++ b/2024/6xxx/CVE-2024-6716.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6716", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6717.json b/2024/6xxx/CVE-2024-6717.json new file mode 100644 index 00000000000..4d02ac12947 --- /dev/null +++ b/2024/6xxx/CVE-2024-6717.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6717", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6718.json b/2024/6xxx/CVE-2024-6718.json new file mode 100644 index 00000000000..6ef3e98a660 --- /dev/null +++ b/2024/6xxx/CVE-2024-6718.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6718", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6719.json b/2024/6xxx/CVE-2024-6719.json new file mode 100644 index 00000000000..83e723f3958 --- /dev/null +++ b/2024/6xxx/CVE-2024-6719.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6719", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6720.json b/2024/6xxx/CVE-2024-6720.json new file mode 100644 index 00000000000..c1f2915fb73 --- /dev/null +++ b/2024/6xxx/CVE-2024-6720.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6720", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6721.json b/2024/6xxx/CVE-2024-6721.json new file mode 100644 index 00000000000..012a5b4429c --- /dev/null +++ b/2024/6xxx/CVE-2024-6721.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6721", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6722.json b/2024/6xxx/CVE-2024-6722.json new file mode 100644 index 00000000000..66091341383 --- /dev/null +++ b/2024/6xxx/CVE-2024-6722.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6722", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file