diff --git a/2024/24xxx/CVE-2024-24117.json b/2024/24xxx/CVE-2024-24117.json index b006cfadb83..e9b3ec8fc10 100644 --- a/2024/24xxx/CVE-2024-24117.json +++ b/2024/24xxx/CVE-2024-24117.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24117", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24117", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zty-1995/RG-NBS2009G-P-switch/tree/main/Any%20user%20login%20exists", + "refsource": "MISC", + "name": "https://github.com/zty-1995/RG-NBS2009G-P-switch/tree/main/Any%20user%20login%20exists" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/zty-1995/dbb3d5b2dbf65b4de5b71e57d08139ea", + "url": "https://gist.github.com/zty-1995/dbb3d5b2dbf65b4de5b71e57d08139ea" } ] } diff --git a/2024/28xxx/CVE-2024-28888.json b/2024/28xxx/CVE-2024-28888.json index ad98d68f03d..d69808d611f 100644 --- a/2024/28xxx/CVE-2024-28888.json +++ b/2024/28xxx/CVE-2024-28888.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28888", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Foxit", + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2024.1.0.23997" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1967", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1967" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by KPC of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/45xxx/CVE-2024-45962.json b/2024/45xxx/CVE-2024-45962.json index 2d0af357225..ae270919d52 100644 --- a/2024/45xxx/CVE-2024-45962.json +++ b/2024/45xxx/CVE-2024-45962.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-45962", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-45962", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://grimthereaperteam.medium.com/october-cms-3-6-30-stored-xss-ddf2be7a226e", + "refsource": "MISC", + "name": "https://grimthereaperteam.medium.com/october-cms-3-6-30-stored-xss-ddf2be7a226e" } ] } diff --git a/2024/47xxx/CVE-2024-47179.json b/2024/47xxx/CVE-2024-47179.json index 73540ed9e0b..18621f55480 100644 --- a/2024/47xxx/CVE-2024-47179.json +++ b/2024/47xxx/CVE-2024-47179.json @@ -79,6 +79,11 @@ "refsource": "MISC", "name": "https://github.com/DIYgod/RSSHub/blob/e08733f94c81440d19ee6a5fd5e915e9a65395f5/.github/workflows/docker-test-cont.yml" }, + { + "url": "https://securitylab.github.com/advisories/GHSL-2024-178_RSSHub", + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2024-178_RSSHub" + }, { "url": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests", "refsource": "MISC", diff --git a/2024/9xxx/CVE-2024-9446.json b/2024/9xxx/CVE-2024-9446.json new file mode 100644 index 00000000000..f84d2411056 --- /dev/null +++ b/2024/9xxx/CVE-2024-9446.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9446", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9447.json b/2024/9xxx/CVE-2024-9447.json new file mode 100644 index 00000000000..e01cc96d5d1 --- /dev/null +++ b/2024/9xxx/CVE-2024-9447.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9447", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9448.json b/2024/9xxx/CVE-2024-9448.json new file mode 100644 index 00000000000..7df295887d4 --- /dev/null +++ b/2024/9xxx/CVE-2024-9448.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9448", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9449.json b/2024/9xxx/CVE-2024-9449.json new file mode 100644 index 00000000000..4aa7487bb80 --- /dev/null +++ b/2024/9xxx/CVE-2024-9449.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9449", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file