From d7b3bdab39f6bc735b8cc127d63724072c202870 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 24 Jul 2024 20:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/33xxx/CVE-2024-33519.json | 105 +++++++++++++++++++++++++++++++-- 2024/36xxx/CVE-2024-36533.json | 56 ++++++++++++++++-- 2024/36xxx/CVE-2024-36534.json | 56 ++++++++++++++++-- 2024/36xxx/CVE-2024-36535.json | 56 ++++++++++++++++-- 2024/36xxx/CVE-2024-36536.json | 56 ++++++++++++++++-- 2024/36xxx/CVE-2024-36537.json | 56 ++++++++++++++++-- 2024/41xxx/CVE-2024-41550.json | 56 ++++++++++++++++-- 2024/41xxx/CVE-2024-41551.json | 56 ++++++++++++++++-- 2024/7xxx/CVE-2024-7080.json | 100 +++++++++++++++++++++++++++++-- 9 files changed, 547 insertions(+), 50 deletions(-) diff --git a/2024/33xxx/CVE-2024-33519.json b/2024/33xxx/CVE-2024-33519.json index 21746d92d70..5a0015f021a 100644 --- a/2024/33xxx/CVE-2024-33519.json +++ b/2024/33xxx/CVE-2024-33519.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "HPE Aruba Networking EdgeConnect SD-WAN", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "ECOS 9.3.x.x: 9.3.3.0 and below", + "version_value": "<=9.3.3.0" + }, + { + "version_affected": "<=", + "version_name": "ECOS 9.2.x.x: 9.2.9.0 and below", + "version_value": "<=9.2.9.0" + }, + { + "version_affected": "<=", + "version_name": "ECOS 9.1.x.x: 9.1.11.0 and below", + "version_value": "<=9.1.11.0" + }, + { + "version_affected": "<=", + "version_name": "ECOS 9.0.x.x: all builds are affected and are out of maintenance.", + "version_value": "<=9.0.x.x" + }, + { + "version_affected": "<=", + "version_name": "ECOS 8.0.x.x: all builds are affected and are out of maintenance.", + "version_value": "<=8.0.x.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt", + "refsource": "MISC", + "name": "https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "HPESBNW04673", + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Jensen (bugcrowd.com/dozernz)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/36xxx/CVE-2024-36533.json b/2024/36xxx/CVE-2024-36533.json index 4a3acf6ae7d..d97f7774385 100644 --- a/2024/36xxx/CVE-2024-36533.json +++ b/2024/36xxx/CVE-2024-36533.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36533", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36533", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://gist.github.com/HouqiyuA/a0e05a26ecc80bd970ac4649faecc930", + "url": "https://gist.github.com/HouqiyuA/a0e05a26ecc80bd970ac4649faecc930" } ] } diff --git a/2024/36xxx/CVE-2024-36534.json b/2024/36xxx/CVE-2024-36534.json index c5993087827..d57caa764e7 100644 --- a/2024/36xxx/CVE-2024-36534.json +++ b/2024/36xxx/CVE-2024-36534.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36534", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36534", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://gist.github.com/HouqiyuA/0de688e6b874e480ddc1154350368450", + "url": "https://gist.github.com/HouqiyuA/0de688e6b874e480ddc1154350368450" } ] } diff --git a/2024/36xxx/CVE-2024-36535.json b/2024/36xxx/CVE-2024-36535.json index a5cc9e5410e..15731033e66 100644 --- a/2024/36xxx/CVE-2024-36535.json +++ b/2024/36xxx/CVE-2024-36535.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36535", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36535", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://gist.github.com/HouqiyuA/2950c3993cdeff23afcbd73ba7a33879", + "url": "https://gist.github.com/HouqiyuA/2950c3993cdeff23afcbd73ba7a33879" } ] } diff --git a/2024/36xxx/CVE-2024-36536.json b/2024/36xxx/CVE-2024-36536.json index 41ce16990a0..83f46391a5a 100644 --- a/2024/36xxx/CVE-2024-36536.json +++ b/2024/36xxx/CVE-2024-36536.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36536", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36536", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://gist.github.com/HouqiyuA/381f100f2ba82a8ada03994aac5bb2e8", + "url": "https://gist.github.com/HouqiyuA/381f100f2ba82a8ada03994aac5bb2e8" } ] } diff --git a/2024/36xxx/CVE-2024-36537.json b/2024/36xxx/CVE-2024-36537.json index 9ec81459a6d..57e0eb35af3 100644 --- a/2024/36xxx/CVE-2024-36537.json +++ b/2024/36xxx/CVE-2024-36537.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36537", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36537", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://gist.github.com/HouqiyuA/27879a6366a65fcd5f6c6fcbcf68d8e3", + "url": "https://gist.github.com/HouqiyuA/27879a6366a65fcd5f6c6fcbcf68d8e3" } ] } diff --git a/2024/41xxx/CVE-2024-41550.json b/2024/41xxx/CVE-2024-41550.json index 1934134b8f1..8ba48599a46 100644 --- a/2024/41xxx/CVE-2024-41550.json +++ b/2024/41xxx/CVE-2024-41550.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41550", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41550", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_invoice_items.php?id= ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Chencihai/Chencihai/blob/main/cve/supplier-management-system/SQLi-2.md", + "url": "https://github.com/Chencihai/Chencihai/blob/main/cve/supplier-management-system/SQLi-2.md" } ] } diff --git a/2024/41xxx/CVE-2024-41551.json b/2024/41xxx/CVE-2024-41551.json index d198fd2a33e..03ff9ebae92 100644 --- a/2024/41xxx/CVE-2024-41551.json +++ b/2024/41xxx/CVE-2024-41551.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41551", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41551", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Chencihai/Chencihai/blob/main/cve/supplier-management-system/SQLi-1.md", + "url": "https://github.com/Chencihai/Chencihai/blob/main/cve/supplier-management-system/SQLi-1.md" } ] } diff --git a/2024/7xxx/CVE-2024-7080.json b/2024/7xxx/CVE-2024-7080.json index 5fe83632d0c..ae0e8d1d359 100644 --- a/2024/7xxx/CVE-2024-7080.json +++ b/2024/7xxx/CVE-2024-7080.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7080", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /E-Insurance/. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272365 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester Insurance Management System 1.0 wurde eine problematische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /E-Insurance/. Mittels dem Manipulieren mit unbekannten Daten kann eine direct request-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-425 Direct Request", + "cweId": "CWE-425" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Insurance Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.272365", + "refsource": "MISC", + "name": "https://vuldb.com/?id.272365" + }, + { + "url": "https://vuldb.com/?ctiid.272365", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.272365" + }, + { + "url": "https://vuldb.com/?submit.379487", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.379487" + }, + { + "url": "https://github.com/Xu-Mingming/cve/blob/main/bianli.md", + "refsource": "MISC", + "name": "https://github.com/Xu-Mingming/cve/blob/main/bianli.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Xu Mingming (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ] }