From cf7758e191c8b1d1eceef524816a6c81929834d0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 12 Aug 2024 18:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/41xxx/CVE-2024-41651.json | 56 ++++++++++++++++++++--- 2024/42xxx/CVE-2024-42474.json | 81 ++++++++++++++++++++++++++++++++-- 2024/42xxx/CVE-2024-42543.json | 56 ++++++++++++++++++++--- 2024/42xxx/CVE-2024-42545.json | 56 ++++++++++++++++++++--- 2024/7xxx/CVE-2024-7700.json | 2 +- 2024/7xxx/CVE-2024-7710.json | 18 ++++++++ 6 files changed, 246 insertions(+), 23 deletions(-) create mode 100644 2024/7xxx/CVE-2024-7710.json diff --git a/2024/41xxx/CVE-2024-41651.json b/2024/41xxx/CVE-2024-41651.json index d58cd5efaa9..a22dca14d8b 100644 --- a/2024/41xxx/CVE-2024-41651.json +++ b/2024/41xxx/CVE-2024-41651.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41651", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41651", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/Fckroun/CVE-2024-41651/tree/main", + "url": "https://github.com/Fckroun/CVE-2024-41651/tree/main" } ] } diff --git a/2024/42xxx/CVE-2024-42474.json b/2024/42xxx/CVE-2024-42474.json index 142b3447a2c..6637d56a8f8 100644 --- a/2024/42xxx/CVE-2024-42474.json +++ b/2024/42xxx/CVE-2024-42474.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42474", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "streamlit", + "product": { + "product_data": [ + { + "product_name": "streamlit", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.37.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5", + "refsource": "MISC", + "name": "https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5" + }, + { + "url": "https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3", + "refsource": "MISC", + "name": "https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3" + } + ] + }, + "source": { + "advisory": "GHSA-rxff-vr5r-8cj5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.0" } ] } diff --git a/2024/42xxx/CVE-2024-42543.json b/2024/42xxx/CVE-2024-42543.json index d43315b669b..8e1f986396c 100644 --- a/2024/42xxx/CVE-2024-42543.json +++ b/2024/42xxx/CVE-2024-42543.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-42543", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-42543", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/loginauth.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/loginauth.md" } ] } diff --git a/2024/42xxx/CVE-2024-42545.json b/2024/42xxx/CVE-2024-42545.json index 07e61ae18bf..c606b264d4e 100644 --- a/2024/42xxx/CVE-2024-42545.json +++ b/2024/42xxx/CVE-2024-42545.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-42545", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-42545", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWizardCfg.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWizardCfg.md" } ] } diff --git a/2024/7xxx/CVE-2024-7700.json b/2024/7xxx/CVE-2024-7700.json index ca3db866ceb..ad41a9bf553 100644 --- a/2024/7xxx/CVE-2024-7700.json +++ b/2024/7xxx/CVE-2024-7700.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A command injection flaw was found in the \"Host Init Config\" template in the Foreman application, via the \"Install Packages\" field on the \"Register Host\" page. This issue may allow an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script." + "value": "A command injection flaw was found in the \"Host Init Config\" template in the Foreman application via the \"Install Packages\" field on the \"Register Host\" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script." } ] }, diff --git a/2024/7xxx/CVE-2024-7710.json b/2024/7xxx/CVE-2024-7710.json new file mode 100644 index 00000000000..4f63fc9adc4 --- /dev/null +++ b/2024/7xxx/CVE-2024-7710.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7710", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file