From cc04ccf317bf1e8afe5d68d9c1ac0f14c46b59c3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 30 Aug 2024 14:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/1xxx/CVE-2024-1076.json | 6 +- 2024/45xxx/CVE-2024-45499.json | 18 ++++++ 2024/45xxx/CVE-2024-45500.json | 18 ++++++ 2024/45xxx/CVE-2024-45501.json | 18 ++++++ 2024/45xxx/CVE-2024-45502.json | 18 ++++++ 2024/45xxx/CVE-2024-45503.json | 18 ++++++ 2024/5xxx/CVE-2024-5651.json | 8 ++- 2024/8xxx/CVE-2024-8336.json | 109 +++++++++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8337.json | 100 ++++++++++++++++++++++++++++-- 9 files changed, 301 insertions(+), 12 deletions(-) create mode 100644 2024/45xxx/CVE-2024-45499.json create mode 100644 2024/45xxx/CVE-2024-45500.json create mode 100644 2024/45xxx/CVE-2024-45501.json create mode 100644 2024/45xxx/CVE-2024-45502.json create mode 100644 2024/45xxx/CVE-2024-45503.json diff --git a/2024/1xxx/CVE-2024-1076.json b/2024/1xxx/CVE-2024-1076.json index 3d2cb791bd0..420a85764f8 100644 --- a/2024/1xxx/CVE-2024-1076.json +++ b/2024/1xxx/CVE-2024-1076.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The SSL Zen WordPress plugin before 4.6.0 only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX." + "value": "The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-287 Improper Authentication" + "value": "CWE-548 Exposure of Information Through Directory Listing" } ] } @@ -35,7 +35,7 @@ "product": { "product_data": [ { - "product_name": "SSL Zen ", + "product_name": "SSL Zen", "version": { "version_data": [ { diff --git a/2024/45xxx/CVE-2024-45499.json b/2024/45xxx/CVE-2024-45499.json new file mode 100644 index 00000000000..12bfacb45d8 --- /dev/null +++ b/2024/45xxx/CVE-2024-45499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-45499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/45xxx/CVE-2024-45500.json b/2024/45xxx/CVE-2024-45500.json new file mode 100644 index 00000000000..a83877cff43 --- /dev/null +++ b/2024/45xxx/CVE-2024-45500.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-45500", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/45xxx/CVE-2024-45501.json b/2024/45xxx/CVE-2024-45501.json new file mode 100644 index 00000000000..ab3f26891c7 --- /dev/null +++ b/2024/45xxx/CVE-2024-45501.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-45501", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/45xxx/CVE-2024-45502.json b/2024/45xxx/CVE-2024-45502.json new file mode 100644 index 00000000000..6ae87d55144 --- /dev/null +++ b/2024/45xxx/CVE-2024-45502.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-45502", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/45xxx/CVE-2024-45503.json b/2024/45xxx/CVE-2024-45503.json new file mode 100644 index 00000000000..f05471181df --- /dev/null +++ b/2024/45xxx/CVE-2024-45503.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-45503", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5651.json b/2024/5xxx/CVE-2024-5651.json index ff8951575e5..8f96f45d2bc 100644 --- a/2024/5xxx/CVE-2024-5651.json +++ b/2024/5xxx/CVE-2024-5651.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting\u00a0 --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges." + "value": "A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting\u00a0 --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges." } ] }, @@ -95,6 +95,12 @@ } ] }, + "work_around": [ + { + "lang": "en", + "value": "Do not allow unprivileged users create FenceAgentsRemediation and FenceAgentsRemediationTemplate resources." + } + ], "credits": [ { "lang": "en", diff --git a/2024/8xxx/CVE-2024-8336.json b/2024/8xxx/CVE-2024-8336.json index ac94ecf2499..23cff3ee59c 100644 --- a/2024/8xxx/CVE-2024-8336.json +++ b/2024/8xxx/CVE-2024-8336.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8336", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Affected by this vulnerability is an unknown functionality of the file /php-music/classes/Master.php?f=delete_music. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In SourceCodester Music Gallery Site 1.0 wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /php-music/classes/Master.php?f=delete_music. Dank Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Music Gallery Site", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.276211", + "refsource": "MISC", + "name": "https://vuldb.com/?id.276211" + }, + { + "url": "https://vuldb.com/?ctiid.276211", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.276211" + }, + { + "url": "https://vuldb.com/?submit.399039", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.399039" + }, + { + "url": "https://github.com/LiuHaoBin6/cve/blob/main/sql5.md", + "refsource": "MISC", + "name": "https://github.com/LiuHaoBin6/cve/blob/main/sql5.md" + }, + { + "url": "https://www.sourcecodester.com/", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Liuhaobin (VulDB User)" + }, + { + "lang": "en", + "value": "Liuhaobin (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/8xxx/CVE-2024-8337.json b/2024/8xxx/CVE-2024-8337.json index c00bdc4db41..70991a4c947 100644 --- a/2024/8xxx/CVE-2024-8337.json +++ b/2024/8xxx/CVE-2024-8337.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8337", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Contact Manager with Export to VCF 1.0. Affected by this issue is some unknown functionality of the file index.html. The manipulation of the argument contact_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in SourceCodester Contact Manager with Export to VCF 1.0 entdeckt. Dies betrifft einen unbekannten Teil der Datei index.html. Mit der Manipulation des Arguments contact_name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Contact Manager with Export to VCF", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.276212", + "refsource": "MISC", + "name": "https://vuldb.com/?id.276212" + }, + { + "url": "https://vuldb.com/?ctiid.276212", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.276212" + }, + { + "url": "https://vuldb.com/?submit.399338", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.399338" + }, + { + "url": "https://www.sourcecodester.com/", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "guru (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] }