diff --git a/2020/36xxx/CVE-2020-36129.json b/2020/36xxx/CVE-2020-36129.json
index 3601c10d4f1..1c73b5a3ba8 100644
--- a/2020/36xxx/CVE-2020-36129.json
+++ b/2020/36xxx/CVE-2020-36129.json
@@ -56,6 +56,11 @@
"url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2912&q=&can=1",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2912&q=&can=1"
+ },
+ {
+ "refsource": "GENTOO",
+ "name": "GLSA-202401-32",
+ "url": "https://security.gentoo.org/glsa/202401-32"
}
]
}
diff --git a/2020/36xxx/CVE-2020-36130.json b/2020/36xxx/CVE-2020-36130.json
index 831ba8e10d3..fbd7239d415 100644
--- a/2020/36xxx/CVE-2020-36130.json
+++ b/2020/36xxx/CVE-2020-36130.json
@@ -66,6 +66,11 @@
"refsource": "DEBIAN",
"name": "DSA-5490",
"url": "https://www.debian.org/security/2023/dsa-5490"
+ },
+ {
+ "refsource": "GENTOO",
+ "name": "GLSA-202401-32",
+ "url": "https://security.gentoo.org/glsa/202401-32"
}
]
}
diff --git a/2020/36xxx/CVE-2020-36131.json b/2020/36xxx/CVE-2020-36131.json
index f4f19d5fc88..98c1e93006c 100644
--- a/2020/36xxx/CVE-2020-36131.json
+++ b/2020/36xxx/CVE-2020-36131.json
@@ -66,6 +66,11 @@
"refsource": "DEBIAN",
"name": "DSA-5490",
"url": "https://www.debian.org/security/2023/dsa-5490"
+ },
+ {
+ "refsource": "GENTOO",
+ "name": "GLSA-202401-32",
+ "url": "https://security.gentoo.org/glsa/202401-32"
}
]
}
diff --git a/2020/36xxx/CVE-2020-36133.json b/2020/36xxx/CVE-2020-36133.json
index 443ecf4dbc9..1cfeb8914ee 100644
--- a/2020/36xxx/CVE-2020-36133.json
+++ b/2020/36xxx/CVE-2020-36133.json
@@ -66,6 +66,11 @@
"refsource": "DEBIAN",
"name": "DSA-5490",
"url": "https://www.debian.org/security/2023/dsa-5490"
+ },
+ {
+ "refsource": "GENTOO",
+ "name": "GLSA-202401-32",
+ "url": "https://security.gentoo.org/glsa/202401-32"
}
]
}
diff --git a/2020/36xxx/CVE-2020-36134.json b/2020/36xxx/CVE-2020-36134.json
index ae79bb92821..7cf61fe70c8 100644
--- a/2020/36xxx/CVE-2020-36134.json
+++ b/2020/36xxx/CVE-2020-36134.json
@@ -56,6 +56,11 @@
"url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2914",
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2914"
+ },
+ {
+ "refsource": "GENTOO",
+ "name": "GLSA-202401-32",
+ "url": "https://security.gentoo.org/glsa/202401-32"
}
]
}
diff --git a/2020/36xxx/CVE-2020-36135.json b/2020/36xxx/CVE-2020-36135.json
index 7b692cf3d4f..4f1b43eff8b 100644
--- a/2020/36xxx/CVE-2020-36135.json
+++ b/2020/36xxx/CVE-2020-36135.json
@@ -66,6 +66,11 @@
"refsource": "DEBIAN",
"name": "DSA-5490",
"url": "https://www.debian.org/security/2023/dsa-5490"
+ },
+ {
+ "refsource": "GENTOO",
+ "name": "GLSA-202401-32",
+ "url": "https://security.gentoo.org/glsa/202401-32"
}
]
}
diff --git a/2021/30xxx/CVE-2021-30473.json b/2021/30xxx/CVE-2021-30473.json
index 55f898b5599..bf64c63c8d8 100644
--- a/2021/30xxx/CVE-2021-30473.json
+++ b/2021/30xxx/CVE-2021-30473.json
@@ -76,6 +76,11 @@
"refsource": "DEBIAN",
"name": "DSA-5490",
"url": "https://www.debian.org/security/2023/dsa-5490"
+ },
+ {
+ "refsource": "GENTOO",
+ "name": "GLSA-202401-32",
+ "url": "https://security.gentoo.org/glsa/202401-32"
}
]
}
diff --git a/2021/30xxx/CVE-2021-30474.json b/2021/30xxx/CVE-2021-30474.json
index 03b12d19045..2aae9e7069e 100644
--- a/2021/30xxx/CVE-2021-30474.json
+++ b/2021/30xxx/CVE-2021-30474.json
@@ -71,6 +71,11 @@
"refsource": "DEBIAN",
"name": "DSA-5490",
"url": "https://www.debian.org/security/2023/dsa-5490"
+ },
+ {
+ "refsource": "GENTOO",
+ "name": "GLSA-202401-32",
+ "url": "https://security.gentoo.org/glsa/202401-32"
}
]
}
diff --git a/2021/30xxx/CVE-2021-30475.json b/2021/30xxx/CVE-2021-30475.json
index 2c2da12aa94..74d6b58d139 100644
--- a/2021/30xxx/CVE-2021-30475.json
+++ b/2021/30xxx/CVE-2021-30475.json
@@ -76,6 +76,11 @@
"refsource": "DEBIAN",
"name": "DSA-5490",
"url": "https://www.debian.org/security/2023/dsa-5490"
+ },
+ {
+ "refsource": "GENTOO",
+ "name": "GLSA-202401-32",
+ "url": "https://security.gentoo.org/glsa/202401-32"
}
]
}
diff --git a/2021/33xxx/CVE-2021-33630.json b/2021/33xxx/CVE-2021-33630.json
index 5d0c13a5079..ce5af226b96 100644
--- a/2021/33xxx/CVE-2021-33630.json
+++ b/2021/33xxx/CVE-2021-33630.json
@@ -114,6 +114,16 @@
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/30/10"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/31/3",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/31/3"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/31/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/31/2"
}
]
},
diff --git a/2021/33xxx/CVE-2021-33631.json b/2021/33xxx/CVE-2021-33631.json
index cf29540925a..f5ea19bf4ab 100644
--- a/2021/33xxx/CVE-2021-33631.json
+++ b/2021/33xxx/CVE-2021-33631.json
@@ -151,6 +151,16 @@
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/30/10"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/31/3",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/31/3"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/31/2",
+ "refsource": "MISC",
+ "name": "http://www.openwall.com/lists/oss-security/2024/01/31/2"
}
]
},
diff --git a/2023/32xxx/CVE-2023-32359.json b/2023/32xxx/CVE-2023-32359.json
index 22014f29a6b..c2d27b84b38 100644
--- a/2023/32xxx/CVE-2023-32359.json
+++ b/2023/32xxx/CVE-2023-32359.json
@@ -68,6 +68,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/11/15/1"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202401-33",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/202401-33"
}
]
}
diff --git a/2023/35xxx/CVE-2023-35074.json b/2023/35xxx/CVE-2023-35074.json
index 9cd9a93bddc..0f9ca026686 100644
--- a/2023/35xxx/CVE-2023-35074.json
+++ b/2023/35xxx/CVE-2023-35074.json
@@ -161,6 +161,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202401-33",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/202401-33"
}
]
}
diff --git a/2023/39xxx/CVE-2023-39434.json b/2023/39xxx/CVE-2023-39434.json
index 4a15134f8fb..87dd74f3810 100644
--- a/2023/39xxx/CVE-2023-39434.json
+++ b/2023/39xxx/CVE-2023-39434.json
@@ -112,6 +112,11 @@
"url": "http://seclists.org/fulldisclosure/2023/Oct/3",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/3"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202401-33",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/202401-33"
}
]
}
diff --git a/2023/39xxx/CVE-2023-39928.json b/2023/39xxx/CVE-2023-39928.json
index fc0b984d9f2..9e3569639a8 100644
--- a/2023/39xxx/CVE-2023-39928.json
+++ b/2023/39xxx/CVE-2023-39928.json
@@ -73,6 +73,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202401-33",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/202401-33"
}
]
},
diff --git a/2023/40xxx/CVE-2023-40451.json b/2023/40xxx/CVE-2023-40451.json
index 500debadc44..e66204b4922 100644
--- a/2023/40xxx/CVE-2023-40451.json
+++ b/2023/40xxx/CVE-2023-40451.json
@@ -68,6 +68,11 @@
"url": "http://seclists.org/fulldisclosure/2023/Oct/2",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/2"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202401-33",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/202401-33"
}
]
}
diff --git a/2023/41xxx/CVE-2023-41074.json b/2023/41xxx/CVE-2023-41074.json
index bfbf9406175..f3a12bf1743 100644
--- a/2023/41xxx/CVE-2023-41074.json
+++ b/2023/41xxx/CVE-2023-41074.json
@@ -166,6 +166,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202401-33",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/202401-33"
}
]
}
diff --git a/2023/41xxx/CVE-2023-41983.json b/2023/41xxx/CVE-2023-41983.json
index 2e86c4bff60..db97eb43321 100644
--- a/2023/41xxx/CVE-2023-41983.json
+++ b/2023/41xxx/CVE-2023-41983.json
@@ -147,6 +147,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202401-33",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/202401-33"
}
]
}
diff --git a/2023/41xxx/CVE-2023-41993.json b/2023/41xxx/CVE-2023-41993.json
index a56ba63331d..1c887297f8f 100644
--- a/2023/41xxx/CVE-2023-41993.json
+++ b/2023/41xxx/CVE-2023-41993.json
@@ -58,6 +58,11 @@
"url": "https://support.apple.com/en-us/HT213940",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213940"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202401-33",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/202401-33"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42852.json b/2023/42xxx/CVE-2023-42852.json
index e70af6a527e..13e52a5ebe3 100644
--- a/2023/42xxx/CVE-2023-42852.json
+++ b/2023/42xxx/CVE-2023-42852.json
@@ -191,6 +191,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202401-33",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/202401-33"
}
]
}
diff --git a/2023/42xxx/CVE-2023-42890.json b/2023/42xxx/CVE-2023-42890.json
index bdf8d8abba0..ab99977c4f6 100644
--- a/2023/42xxx/CVE-2023-42890.json
+++ b/2023/42xxx/CVE-2023-42890.json
@@ -156,6 +156,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/12/18/1"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202401-33",
+ "refsource": "MISC",
+ "name": "https://security.gentoo.org/glsa/202401-33"
}
]
}
diff --git a/2023/6xxx/CVE-2023-6816.json b/2023/6xxx/CVE-2023-6816.json
index c772fca052a..ff645316b2e 100644
--- a/2023/6xxx/CVE-2023-6816.json
+++ b/2023/6xxx/CVE-2023-6816.json
@@ -99,6 +99,14 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "0:1.8.0-31.el7_9",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
"defaultStatus": "affected"
}
}
@@ -138,6 +146,69 @@
]
}
},
+ {
+ "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "0:1.9.0-15.el8_2.9",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "0:1.9.0-15.el8_2.9",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "0:1.9.0-15.el8_2.9",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
{
"product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"version": {
@@ -297,6 +368,27 @@
]
}
},
+ {
+ "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "0:1.12.0-14.el9_2.5",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@@ -385,11 +477,26 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0614"
},
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:0617",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:0617"
+ },
{
"url": "https://access.redhat.com/errata/RHSA-2024:0621",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0621"
},
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:0626",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:0626"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:0629",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:0629"
+ },
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6816",
"refsource": "MISC",
diff --git a/2024/0xxx/CVE-2024-0219.json b/2024/0xxx/CVE-2024-0219.json
index bf05240458a..ff6bff9e79b 100644
--- a/2024/0xxx/CVE-2024-0219.json
+++ b/2024/0xxx/CVE-2024-0219.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0219",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@progress.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-269 Improper Privilege Management",
+ "cweId": "CWE-269"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Progress Software",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Telerik JustDecompile",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "2024 R1",
+ "status": "affected",
+ "version": "RC2012.1",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.telerik.com/devcraft",
+ "refsource": "MISC",
+ "name": "https://www.telerik.com/devcraft"
+ },
+ {
+ "url": "https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability",
+ "refsource": "MISC",
+ "name": "https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "HackerOne - hackandpwn"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/0xxx/CVE-2024-0553.json b/2024/0xxx/CVE-2024-0553.json
index 5e623070ad9..a12517d7ba7 100644
--- a/2024/0xxx/CVE-2024-0553.json
+++ b/2024/0xxx/CVE-2024-0553.json
@@ -60,6 +60,41 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
+ {
+ "product_name": "Red Hat Enterprise Linux 8",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "0:3.6.16-8.el8_9.1",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "0:3.6.16-8.el8_9.1",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
@@ -120,19 +155,6 @@
}
]
}
- },
- {
- "product_name": "Red Hat Enterprise Linux 8",
- "version": {
- "version_data": [
- {
- "version_value": "not down converted",
- "x_cve_json_5_version_data": {
- "defaultStatus": "affected"
- }
- }
- ]
- }
}
]
}
@@ -172,6 +194,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0533"
},
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:0627",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:0627"
+ },
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0553",
"refsource": "MISC",
diff --git a/2024/0xxx/CVE-2024-0832.json b/2024/0xxx/CVE-2024-0832.json
index 8448df6712d..b81a8c51d01 100644
--- a/2024/0xxx/CVE-2024-0832.json
+++ b/2024/0xxx/CVE-2024-0832.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0832",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@progress.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-269 Improper Privilege Management",
+ "cweId": "CWE-269"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Progress Software",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Telerik Reporting",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "2024 R1",
+ "status": "affected",
+ "version": "1.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.telerik.com/devcraft",
+ "refsource": "MISC",
+ "name": "https://www.telerik.com/devcraft"
+ },
+ {
+ "url": "https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability",
+ "refsource": "MISC",
+ "name": "https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "HackerOne - hackandpwn"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/0xxx/CVE-2024-0833.json b/2024/0xxx/CVE-2024-0833.json
index 67a9820f6ec..8b10d1afc38 100644
--- a/2024/0xxx/CVE-2024-0833.json
+++ b/2024/0xxx/CVE-2024-0833.json
@@ -1,17 +1,108 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0833",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@progress.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In Telerik Test Studio versions prior to \n\nv2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-269 Improper Privilege Management",
+ "cweId": "CWE-269"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Progress Software",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Telerik Test Studio",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "v2023.3.1330",
+ "status": "affected",
+ "version": "2011.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.telerik.com/devcraft",
+ "refsource": "MISC",
+ "name": "https://www.telerik.com/devcraft"
+ },
+ {
+ "url": "https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability",
+ "refsource": "MISC",
+ "name": "https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "HackerOne - hackandpwn"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/1xxx/CVE-2024-1103.json b/2024/1xxx/CVE-2024-1103.json
index 0da32463103..b420f380bb2 100644
--- a/2024/1xxx/CVE-2024-1103.json
+++ b/2024/1xxx/CVE-2024-1103.json
@@ -1,17 +1,104 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1103",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the component Feedback Form. The manipulation of the argument Your Feedback with the input 
leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252458 is the identifier assigned to this vulnerability."
+ },
+ {
+ "lang": "deu",
+ "value": "Eine problematische Schwachstelle wurde in CodeAstro Real Estate Management System 1.0 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei profile.php der Komponente Feedback Form. Durch Manipulieren des Arguments Your Feedback mit der Eingabe mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross Site Scripting",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "CodeAstro",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Real Estate Management System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.252458",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.252458"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.252458",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.252458"
+ },
+ {
+ "url": "https://docs.google.com/document/d/18M55HRrxHQ9Jhph6CwWF-d5epAKtOSHt/edit?usp=drive_link&ouid=105609487033659389545&rtpof=true&sd=true",
+ "refsource": "MISC",
+ "name": "https://docs.google.com/document/d/18M55HRrxHQ9Jhph6CwWF-d5epAKtOSHt/edit?usp=drive_link&ouid=105609487033659389545&rtpof=true&sd=true"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Thrill_comrade (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 3.5,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 3.5,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 4,
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}
diff --git a/2024/23xxx/CVE-2024-23502.json b/2024/23xxx/CVE-2024-23502.json
index d40372652a3..91b1b42d88d 100644
--- a/2024/23xxx/CVE-2024-23502.json
+++ b/2024/23xxx/CVE-2024-23502.json
@@ -1,17 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23502",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "audit@patchstack.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in InfornWeb Posts List Designer by Category \u2013 List Category Posts Or Recent Posts allows Stored XSS.This issue affects Posts List Designer by Category \u2013 List Category Posts Or Recent Posts: from n/a through 3.3.2.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "InfornWeb",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Posts List Designer by Category \u2013 List Category Posts Or Recent Posts",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "n/a",
+ "version_value": "3.3.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://patchstack.com/database/vulnerability/post-list-designer/wordpress-posts-list-designer-by-category-plugin-3-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "refsource": "MISC",
+ "name": "https://patchstack.com/database/vulnerability/post-list-designer/wordpress-posts-list-designer-by-category-plugin-3-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "NG\u00d4 THI\u00caN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2024/23xxx/CVE-2024-23505.json b/2024/23xxx/CVE-2024-23505.json
index d41e6091d46..755d9a0e2fe 100644
--- a/2024/23xxx/CVE-2024-23505.json
+++ b/2024/23xxx/CVE-2024-23505.json
@@ -1,17 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23505",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "audit@patchstack.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive PDF Viewer & 3D PDF Flipbook \u2013 DearPDF allows Stored XSS.This issue affects PDF Viewer & 3D PDF Flipbook \u2013 DearPDF: from n/a through 2.0.38.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "DearHive",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF Viewer & 3D PDF Flipbook \u2013 DearPDF",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "n/a",
+ "version_value": "2.0.38"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://patchstack.com/database/vulnerability/dearpdf-lite/wordpress-pdf-viewer-3d-pdf-flipbook-dearpdf-plugin-2-0-38-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "refsource": "MISC",
+ "name": "https://patchstack.com/database/vulnerability/dearpdf-lite/wordpress-pdf-viewer-3d-pdf-flipbook-dearpdf-plugin-2-0-38-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "NG\u00d4 THI\u00caN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2024/23xxx/CVE-2024-23508.json b/2024/23xxx/CVE-2024-23508.json
index c8adc1c9811..758510bb01a 100644
--- a/2024/23xxx/CVE-2024-23508.json
+++ b/2024/23xxx/CVE-2024-23508.json
@@ -1,17 +1,122 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23508",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "audit@patchstack.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster \u2013 PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster \u2013 PDF Embedder Plugin for WordPress: from n/a through 2.1.17.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "bPlugins",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PDF Poster \u2013 PDF Embedder Plugin for WordPress",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "changes": [
+ {
+ "at": "2.1.18",
+ "status": "unaffected"
+ }
+ ],
+ "lessThanOrEqual": "2.1.17",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://patchstack.com/database/vulnerability/pdf-poster/wordpress-pdf-poster-plugin-2-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "refsource": "MISC",
+ "name": "https://patchstack.com/database/vulnerability/pdf-poster/wordpress-pdf-poster-plugin-2-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to 2.1.18 or a higher version."
+ }
+ ],
+ "value": "Update to\u00a02.1.18 or a higher version."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Le Ngoc Anh (Patchstack Alliance)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}