diff --git a/2024/31xxx/CVE-2024-31162.json b/2024/31xxx/CVE-2024-31162.json index f931d51fad2..0bfee290283 100644 --- a/2024/31xxx/CVE-2024-31162.json +++ b/2024/31xxx/CVE-2024-31162.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31162", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@cert.org.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ASUS", + "product": { + "product_data": [ + { + "product_name": "Download Master", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "earlier", + "version_value": "3.1.0.113" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7867-8fad9-1.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/tw/cp-132-7867-8fad9-1.html" + }, + { + "url": "https://www.twcert.org.tw/en/cp-139-7868-8a760-2.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/en/cp-139-7868-8a760-2.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TVN-202406007", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.1.0.114 or later version." + } + ], + "value": "Update to 3.1.0.114 or later version." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/31xxx/CVE-2024-31163.json b/2024/31xxx/CVE-2024-31163.json index 52e68caa130..7b83a0bee65 100644 --- a/2024/31xxx/CVE-2024-31163.json +++ b/2024/31xxx/CVE-2024-31163.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31163", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@cert.org.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ASUS", + "product": { + "product_data": [ + { + "product_name": "Download Master", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "earlier", + "version_value": "3.1.0.113" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7869-3db1d-1.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/tw/cp-132-7869-3db1d-1.html" + }, + { + "url": "https://www.twcert.org.tw/en/cp-139-7870-befb5-2.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/en/cp-139-7870-befb5-2.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TVN-202406008", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to version 3.1.0.114 or later." + } + ], + "value": "Update to version 3.1.0.114 or later." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/34xxx/CVE-2024-34055.json b/2024/34xxx/CVE-2024-34055.json index eee74085eef..47dfdbdf000 100644 --- a/2024/34xxx/CVE-2024-34055.json +++ b/2024/34xxx/CVE-2024-34055.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2024-f3e0255c75", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJZQAE3XC2GBCE5KSTWJ5A6QYANFWGFB/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-123f2b3666", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVZHUZDU4MGTTZJRNACTMSKXLNMMRLJ6/" } ] } diff --git a/2024/5xxx/CVE-2024-5830.json b/2024/5xxx/CVE-2024-5830.json index eca78c34dfd..7374c1597cd 100644 --- a/2024/5xxx/CVE-2024-5830.json +++ b/2024/5xxx/CVE-2024-5830.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5831.json b/2024/5xxx/CVE-2024-5831.json index 68eaf20d50a..8fcf43319a6 100644 --- a/2024/5xxx/CVE-2024-5831.json +++ b/2024/5xxx/CVE-2024-5831.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5832.json b/2024/5xxx/CVE-2024-5832.json index aa4f787a6b0..4ad2cab2cbe 100644 --- a/2024/5xxx/CVE-2024-5832.json +++ b/2024/5xxx/CVE-2024-5832.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5833.json b/2024/5xxx/CVE-2024-5833.json index 4d6168a9898..8f869a57324 100644 --- a/2024/5xxx/CVE-2024-5833.json +++ b/2024/5xxx/CVE-2024-5833.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5834.json b/2024/5xxx/CVE-2024-5834.json index 87a85d076bf..c47f66624d0 100644 --- a/2024/5xxx/CVE-2024-5834.json +++ b/2024/5xxx/CVE-2024-5834.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5835.json b/2024/5xxx/CVE-2024-5835.json index 21007981d86..3aabb4728ac 100644 --- a/2024/5xxx/CVE-2024-5835.json +++ b/2024/5xxx/CVE-2024-5835.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5836.json b/2024/5xxx/CVE-2024-5836.json index cfd49b77674..a91c93710d3 100644 --- a/2024/5xxx/CVE-2024-5836.json +++ b/2024/5xxx/CVE-2024-5836.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5837.json b/2024/5xxx/CVE-2024-5837.json index 419175cd938..cd08f6e4436 100644 --- a/2024/5xxx/CVE-2024-5837.json +++ b/2024/5xxx/CVE-2024-5837.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5838.json b/2024/5xxx/CVE-2024-5838.json index 8535660a06d..9d537780bab 100644 --- a/2024/5xxx/CVE-2024-5838.json +++ b/2024/5xxx/CVE-2024-5838.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5839.json b/2024/5xxx/CVE-2024-5839.json index 6fdeb470b5b..2f49674677b 100644 --- a/2024/5xxx/CVE-2024-5839.json +++ b/2024/5xxx/CVE-2024-5839.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5840.json b/2024/5xxx/CVE-2024-5840.json index 978c1c1dd49..ac9356204a6 100644 --- a/2024/5xxx/CVE-2024-5840.json +++ b/2024/5xxx/CVE-2024-5840.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5841.json b/2024/5xxx/CVE-2024-5841.json index fc0b1b87ebb..03a4862a7a9 100644 --- a/2024/5xxx/CVE-2024-5841.json +++ b/2024/5xxx/CVE-2024-5841.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5842.json b/2024/5xxx/CVE-2024-5842.json index e4d6273bb71..35f2665c288 100644 --- a/2024/5xxx/CVE-2024-5842.json +++ b/2024/5xxx/CVE-2024-5842.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5843.json b/2024/5xxx/CVE-2024-5843.json index aad6753e50b..e821279d1bb 100644 --- a/2024/5xxx/CVE-2024-5843.json +++ b/2024/5xxx/CVE-2024-5843.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5844.json b/2024/5xxx/CVE-2024-5844.json index b19cc50a78e..ddc90a57a0a 100644 --- a/2024/5xxx/CVE-2024-5844.json +++ b/2024/5xxx/CVE-2024-5844.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5845.json b/2024/5xxx/CVE-2024-5845.json index 5c8605b4e90..28f75c80229 100644 --- a/2024/5xxx/CVE-2024-5845.json +++ b/2024/5xxx/CVE-2024-5845.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5846.json b/2024/5xxx/CVE-2024-5846.json index d4089a546da..d37c589ff2c 100644 --- a/2024/5xxx/CVE-2024-5846.json +++ b/2024/5xxx/CVE-2024-5846.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5847.json b/2024/5xxx/CVE-2024-5847.json index 1a20ed2869d..77827f54b44 100644 --- a/2024/5xxx/CVE-2024-5847.json +++ b/2024/5xxx/CVE-2024-5847.json @@ -68,6 +68,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/" } ] } diff --git a/2024/5xxx/CVE-2024-5994.json b/2024/5xxx/CVE-2024-5994.json new file mode 100644 index 00000000000..b42b2c93731 --- /dev/null +++ b/2024/5xxx/CVE-2024-5994.json @@ -0,0 +1,90 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-5994", + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Version 9.0.39 adds a caution to make administrators aware of the possibility for abuse if permissions are granted to lower-level users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpgmaps", + "product": { + "product_data": [ + { + "product_name": "WP Go Maps (formerly WP Google Maps)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "9.0.38" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd0597d2-07ba-4fb4-bf73-95770f8c3d6b?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd0597d2-07ba-4fb4-bf73-95770f8c3d6b?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-google-maps/trunk/html/settings-page.html.php#L538", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-google-maps/trunk/html/settings-page.html.php#L538" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-google-maps/trunk/html/atlas-novus/settings-page.html.php#L442", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-google-maps/trunk/html/atlas-novus/settings-page.html.php#L442" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Tim Coen" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5995.json b/2024/5xxx/CVE-2024-5995.json new file mode 100644 index 00000000000..e41c843b8cc --- /dev/null +++ b/2024/5xxx/CVE-2024-5995.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5995", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5996.json b/2024/5xxx/CVE-2024-5996.json new file mode 100644 index 00000000000..fd34395c8b6 --- /dev/null +++ b/2024/5xxx/CVE-2024-5996.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5996", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file