diff --git a/2018/25xxx/CVE-2018-25103.json b/2018/25xxx/CVE-2018-25103.json index 78e7689c0a5..95a894ea11b 100644 --- a/2018/25xxx/CVE-2018-25103.json +++ b/2018/25xxx/CVE-2018-25103.json @@ -78,6 +78,11 @@ "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf", "refsource": "MISC", "name": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf" + }, + { + "url": "https://www.kb.cert.org/vuls/id/312260", + "refsource": "MISC", + "name": "https://www.kb.cert.org/vuls/id/312260" } ] }, diff --git a/2024/21xxx/CVE-2024-21729.json b/2024/21xxx/CVE-2024-21729.json index 2954f0a2835..2c07aae3e11 100644 --- a/2024/21xxx/CVE-2024-21729.json +++ b/2024/21xxx/CVE-2024-21729.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0-4.4.5" + }, + { + "version_affected": "=", + "version_value": "5.0.0-5.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.joomla.org/security-centre/935-20240701-core-xss-in-accessible-media-selection-field.html", + "refsource": "MISC", + "name": "https://developer.joomla.org/security-centre/935-20240701-core-xss-in-accessible-media-selection-field.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Marco Kadlubski" + } + ] } \ No newline at end of file diff --git a/2024/21xxx/CVE-2024-21730.json b/2024/21xxx/CVE-2024-21730.json index e62b5f41709..3b3ea5048b0 100644 --- a/2024/21xxx/CVE-2024-21730.json +++ b/2024/21xxx/CVE-2024-21730.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0-4.4.5" + }, + { + "version_affected": "=", + "version_value": "5.0.0-5.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.joomla.org/security-centre/936-20240702-core-self-xss-in-fancyselect-list-field-layout.html", + "refsource": "MISC", + "name": "https://developer.joomla.org/security-centre/936-20240702-core-self-xss-in-fancyselect-list-field-layout.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Jesper den Boer" + } + ] } \ No newline at end of file diff --git a/2024/21xxx/CVE-2024-21731.json b/2024/21xxx/CVE-2024-21731.json index 0175f92106e..c6ca9888bcf 100644 --- a/2024/21xxx/CVE-2024-21731.json +++ b/2024/21xxx/CVE-2024-21731.json @@ -1,18 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper handling of input could lead to an XSS vector in the StringHelper::truncate method." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.0.0-3.10.15" + }, + { + "version_affected": "=", + "version_value": "4.0.0-4.4.5" + }, + { + "version_affected": "=", + "version_value": "5.0.0-5.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.joomla.org/security-centre/937-20240703-core-xss-in-stringhelper-truncate-method.html", + "refsource": "MISC", + "name": "https://developer.joomla.org/security-centre/937-20240703-core-xss-in-stringhelper-truncate-method.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Jesper den Boer" + } + ] } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26278.json b/2024/26xxx/CVE-2024-26278.json index ccd60aa1640..496040698cd 100644 --- a/2024/26xxx/CVE-2024-26278.json +++ b/2024/26xxx/CVE-2024-26278.json @@ -1,18 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26278", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Custom Fields component not correctly filter inputs, leading to a XSS vector." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.7.0-3.10.15" + }, + { + "version_affected": "=", + "version_value": "4.0.0-4.4.5" + }, + { + "version_affected": "=", + "version_value": "5.0.0-5.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.joomla.org/security-centre/939-20240705-core-xss-in-com-fields-default-field-value.html", + "refsource": "MISC", + "name": "https://developer.joomla.org/security-centre/939-20240705-core-xss-in-com-fields-default-field-value.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Jesper den Boer" + } + ] } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26279.json b/2024/26xxx/CVE-2024-26279.json index 270dda23886..46774e7181f 100644 --- a/2024/26xxx/CVE-2024-26279.json +++ b/2024/26xxx/CVE-2024-26279.json @@ -1,18 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26279", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@joomla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inadequate content filtering leads to XSS vulnerabilities in various components." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla! Project", + "product": { + "product_data": [ + { + "product_name": "Joomla! CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.7.0-3.10.14" + }, + { + "version_affected": "=", + "version_value": "4.0.0-4.4.2" + }, + { + "version_affected": "=", + "version_value": "5.0.0-5.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html", + "refsource": "MISC", + "name": "https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Stefan Schiller (Sonar)" + } + ] } \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36526.json b/2024/36xxx/CVE-2024-36526.json index 14ff157af92..d406859a2b8 100644 --- a/2024/36xxx/CVE-2024-36526.json +++ b/2024/36xxx/CVE-2024-36526.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36526", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36526", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zkteco.eu/downloads/zkbio-cvsecurity-installation-files", + "refsource": "MISC", + "name": "https://zkteco.eu/downloads/zkbio-cvsecurity-installation-files" + }, + { + "refsource": "MISC", + "name": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-36526.md", + "url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-36526.md" } ] } diff --git a/2024/39xxx/CVE-2024-39021.json b/2024/39xxx/CVE-2024-39021.json index 5aa93e09f92..10368bffb9f 100644 --- a/2024/39xxx/CVE-2024-39021.json +++ b/2024/39xxx/CVE-2024-39021.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://127.0.0.1:80/admin/vpsApiData_deal.php?mudi=del" + "value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del" } ] }, diff --git a/2024/39xxx/CVE-2024-39118.json b/2024/39xxx/CVE-2024-39118.json index 65b30c5a68c..4e4fc629a91 100644 --- a/2024/39xxx/CVE-2024-39118.json +++ b/2024/39xxx/CVE-2024-39118.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-39118", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-39118", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed", + "refsource": "MISC", + "name": "https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed" + }, + { + "url": "https://github.com/MommyHeather/AdvancedBackups/commit/1545f499f73bf434ed292c31121fdda8042ff5d6", + "refsource": "MISC", + "name": "https://github.com/MommyHeather/AdvancedBackups/commit/1545f499f73bf434ed292c31121fdda8042ff5d6" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AC:L/AV:L/A:N/C:N/I:H/PR:N/S:U/UI:R", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39171.json b/2024/39xxx/CVE-2024-39171.json index 250c0d3fd48..108103cae8e 100644 --- a/2024/39xxx/CVE-2024-39171.json +++ b/2024/39xxx/CVE-2024-39171.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-39171", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-39171", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://phpvibe.com", + "refsource": "MISC", + "name": "http://phpvibe.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/751897386/PHPVibe_vulnerability_Directory-Traversal", + "url": "https://github.com/751897386/PHPVibe_vulnerability_Directory-Traversal" } ] } diff --git a/2024/40xxx/CVE-2024-40743.json b/2024/40xxx/CVE-2024-40743.json new file mode 100644 index 00000000000..a869388768c --- /dev/null +++ b/2024/40xxx/CVE-2024-40743.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-40743", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/40xxx/CVE-2024-40744.json b/2024/40xxx/CVE-2024-40744.json new file mode 100644 index 00000000000..c0a676df61f --- /dev/null +++ b/2024/40xxx/CVE-2024-40744.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-40744", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/40xxx/CVE-2024-40745.json b/2024/40xxx/CVE-2024-40745.json new file mode 100644 index 00000000000..db4b0cfcd62 --- /dev/null +++ b/2024/40xxx/CVE-2024-40745.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-40745", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/40xxx/CVE-2024-40746.json b/2024/40xxx/CVE-2024-40746.json new file mode 100644 index 00000000000..ee321863d18 --- /dev/null +++ b/2024/40xxx/CVE-2024-40746.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-40746", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/40xxx/CVE-2024-40747.json b/2024/40xxx/CVE-2024-40747.json new file mode 100644 index 00000000000..c5c1c07cde3 --- /dev/null +++ b/2024/40xxx/CVE-2024-40747.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-40747", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4418.json b/2024/4xxx/CVE-2024-4418.json index 4be8867f092..b221c03bda3 100644 --- a/2024/4xxx/CVE-2024-4418.json +++ b/2024/4xxx/CVE-2024-4418.json @@ -70,6 +70,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:9.0.0-10.7.el9_2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -135,6 +156,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:4351" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4432", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4432" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-4418", "refsource": "MISC", diff --git a/2024/4xxx/CVE-2024-4467.json b/2024/4xxx/CVE-2024-4467.json index 237f8fed192..01587072f63 100644 --- a/2024/4xxx/CVE-2024-4467.json +++ b/2024/4xxx/CVE-2024-4467.json @@ -35,6 +35,41 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "8100020240704072441.489197e6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "8100020240704072441.489197e6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "version": { @@ -291,19 +326,6 @@ ] } }, - { - "product_name": "Red Hat Enterprise Linux 8", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization", "version": { @@ -368,6 +390,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:4374" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4420", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4420" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-4467", "refsource": "MISC", diff --git a/2024/6xxx/CVE-2024-6237.json b/2024/6xxx/CVE-2024-6237.json index ac4fc0d6782..bface4cafe9 100644 --- a/2024/6xxx/CVE-2024-6237.json +++ b/2024/6xxx/CVE-2024-6237.json @@ -1,17 +1,159 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6237", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Handling of Missing Values", + "cweId": "CWE-230" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Directory Server 11", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Directory Server 12", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-6237", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-6237" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293579", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2293579" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/6xxx/CVE-2024-6622.json b/2024/6xxx/CVE-2024-6622.json new file mode 100644 index 00000000000..a52d05d566c --- /dev/null +++ b/2024/6xxx/CVE-2024-6622.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6622", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6623.json b/2024/6xxx/CVE-2024-6623.json new file mode 100644 index 00000000000..f69f0ac2303 --- /dev/null +++ b/2024/6xxx/CVE-2024-6623.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6623", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file