diff --git a/2021/41xxx/CVE-2021-41687.json b/2021/41xxx/CVE-2021-41687.json index bbf62dd7a22..ca8cf1197e3 100644 --- a/2021/41xxx/CVE-2021-41687.json +++ b/2021/41xxx/CVE-2021-41687.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb", "url": "https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update", + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" } ] } diff --git a/2021/41xxx/CVE-2021-41688.json b/2021/41xxx/CVE-2021-41688.json index 3c19a52dd21..3b82bd217c3 100644 --- a/2021/41xxx/CVE-2021-41688.json +++ b/2021/41xxx/CVE-2021-41688.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb", "url": "https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update", + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" } ] } diff --git a/2021/41xxx/CVE-2021-41689.json b/2021/41xxx/CVE-2021-41689.json index 294aacd66f2..2284b25daf5 100644 --- a/2021/41xxx/CVE-2021-41689.json +++ b/2021/41xxx/CVE-2021-41689.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d", "url": "https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update", + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" } ] } diff --git a/2021/41xxx/CVE-2021-41690.json b/2021/41xxx/CVE-2021-41690.json index fbbb53a212a..88a6aaf050e 100644 --- a/2021/41xxx/CVE-2021-41690.json +++ b/2021/41xxx/CVE-2021-41690.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb", "url": "https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update", + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" } ] } diff --git a/2022/27xxx/CVE-2022-27540.json b/2022/27xxx/CVE-2022-27540.json index c6ce9303aca..31fdd1cb32a 100644 --- a/2022/27xxx/CVE-2022-27540.json +++ b/2022/27xxx/CVE-2022-27540.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-27540", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP PC BIOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See HP Security Bulletin reference for affected versions." + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_10810714-10810745-16/hpsbhf03948", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_10810714-10810745-16/hpsbhf03948" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.15" } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2121.json b/2022/2xxx/CVE-2022-2121.json index 384a51d8a53..e539139455d 100644 --- a/2022/2xxx/CVE-2022-2121.json +++ b/2022/2xxx/CVE-2022-2121.json @@ -78,6 +78,11 @@ "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01", "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update", + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" } ] }, diff --git a/2022/38xxx/CVE-2022-38383.json b/2022/38xxx/CVE-2022-38383.json index 2d65f422aba..81ba84f32d0 100644 --- a/2022/38xxx/CVE-2022-38383.json +++ b/2022/38xxx/CVE-2022-38383.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-38383", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-525 Information Exposure Through Browser Caching", + "cweId": "CWE-525" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Pak for Security", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.10.0.0", + "version_value": "1.10.11.0" + } + ] + } + }, + { + "product_name": "QRadar Suite Software", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.10.12.0", + "version_value": "1.10.21.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7158986", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7158986" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233673", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233673" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/43xxx/CVE-2022-43272.json b/2022/43xxx/CVE-2022-43272.json index e9cc48788fa..2fa74439e8f 100644 --- a/2022/43xxx/CVE-2022-43272.json +++ b/2022/43xxx/CVE-2022-43272.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2023-eda976b192", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update", + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" } ] } diff --git a/2024/28xxx/CVE-2024-28130.json b/2024/28xxx/CVE-2024-28130.json index 33bd988adb9..182bb44e585 100644 --- a/2024/28xxx/CVE-2024-28130.json +++ b/2024/28xxx/CVE-2024-28130.json @@ -58,6 +58,11 @@ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957", "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" } ] }, diff --git a/2024/34xxx/CVE-2024-34508.json b/2024/34xxx/CVE-2024-34508.json index 600b4e86e74..8c71005c3aa 100644 --- a/2024/34xxx/CVE-2024-34508.json +++ b/2024/34xxx/CVE-2024-34508.json @@ -61,6 +61,11 @@ "url": "https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5", "refsource": "MISC", "name": "https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update", + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" } ] } diff --git a/2024/34xxx/CVE-2024-34509.json b/2024/34xxx/CVE-2024-34509.json index 757653a10a7..0886cb9df42 100644 --- a/2024/34xxx/CVE-2024-34509.json +++ b/2024/34xxx/CVE-2024-34509.json @@ -61,6 +61,11 @@ "url": "https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5", "refsource": "MISC", "name": "https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update", + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html" } ] } diff --git a/2024/38xxx/CVE-2024-38528.json b/2024/38xxx/CVE-2024-38528.json index 914e9342c12..ba2045c0ea4 100644 --- a/2024/38xxx/CVE-2024-38528.json +++ b/2024/38xxx/CVE-2024-38528.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38528", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. This vulnerability has been patched in version 1.1.3.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pendulum-project", + "product": { + "product_data": [ + { + "product_name": "ntpd-rs", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 0.3.1, <= 1.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-2xpx-vcmq-5f72", + "refsource": "MISC", + "name": "https://github.com/pendulum-project/ntpd-rs/security/advisories/GHSA-2xpx-vcmq-5f72" + } + ] + }, + "source": { + "advisory": "GHSA-2xpx-vcmq-5f72", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/39xxx/CVE-2024-39818.json b/2024/39xxx/CVE-2024-39818.json new file mode 100644 index 00000000000..799fd59adc3 --- /dev/null +++ b/2024/39xxx/CVE-2024-39818.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39818", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39819.json b/2024/39xxx/CVE-2024-39819.json new file mode 100644 index 00000000000..e6a8d64d5b0 --- /dev/null +++ b/2024/39xxx/CVE-2024-39819.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39819", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39820.json b/2024/39xxx/CVE-2024-39820.json new file mode 100644 index 00000000000..3d3e500bc9a --- /dev/null +++ b/2024/39xxx/CVE-2024-39820.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39820", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39821.json b/2024/39xxx/CVE-2024-39821.json new file mode 100644 index 00000000000..f3a3dc4a28e --- /dev/null +++ b/2024/39xxx/CVE-2024-39821.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39821", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39822.json b/2024/39xxx/CVE-2024-39822.json new file mode 100644 index 00000000000..90c510154e3 --- /dev/null +++ b/2024/39xxx/CVE-2024-39822.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39822", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39823.json b/2024/39xxx/CVE-2024-39823.json new file mode 100644 index 00000000000..c4959d59f84 --- /dev/null +++ b/2024/39xxx/CVE-2024-39823.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39823", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39824.json b/2024/39xxx/CVE-2024-39824.json new file mode 100644 index 00000000000..a3ab28f1a9f --- /dev/null +++ b/2024/39xxx/CVE-2024-39824.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39824", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39825.json b/2024/39xxx/CVE-2024-39825.json new file mode 100644 index 00000000000..2dc449fb679 --- /dev/null +++ b/2024/39xxx/CVE-2024-39825.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39825", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39826.json b/2024/39xxx/CVE-2024-39826.json new file mode 100644 index 00000000000..6d561491f76 --- /dev/null +++ b/2024/39xxx/CVE-2024-39826.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39826", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39827.json b/2024/39xxx/CVE-2024-39827.json new file mode 100644 index 00000000000..f1213f33222 --- /dev/null +++ b/2024/39xxx/CVE-2024-39827.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-39827", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3995.json b/2024/3xxx/CVE-2024-3995.json index 0c190f124b6..bd35e59bd88 100644 --- a/2024/3xxx/CVE-2024-3995.json +++ b/2024/3xxx/CVE-2024-3995.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3995", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@perforce.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Perforce", + "product": { + "product_data": [ + { + "product_name": "Helix ALM", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2024.2.0", + "version_value": "2024.2.0 (CVE-2024-3995 Patch)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://portal.perforce.com/s/detail/a91PA000001SU5pYAG", + "refsource": "MISC", + "name": "https://portal.perforce.com/s/detail/a91PA000001SU5pYAG" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5535.json b/2024/5xxx/CVE-2024-5535.json index b4a3bdfdacc..ad03cc2b76d 100644 --- a/2024/5xxx/CVE-2024-5535.json +++ b/2024/5xxx/CVE-2024-5535.json @@ -119,6 +119,11 @@ "url": "http://www.openwall.com/lists/oss-security/2024/06/27/1", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2024/06/27/1" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/06/28/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/06/28/4" } ] }, diff --git a/2024/5xxx/CVE-2024-5642.json b/2024/5xxx/CVE-2024-5642.json index b65b01b4513..916c9c8646d 100644 --- a/2024/5xxx/CVE-2024-5642.json +++ b/2024/5xxx/CVE-2024-5642.json @@ -73,6 +73,11 @@ "url": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e", "refsource": "MISC", "name": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/06/28/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/06/28/4" } ] }, diff --git a/2024/5xxx/CVE-2024-5712.json b/2024/5xxx/CVE-2024-5712.json index 4caed2d5700..6d010001388 100644 --- a/2024/5xxx/CVE-2024-5712.json +++ b/2024/5xxx/CVE-2024-5712.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5712", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@huntr.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) in stitionai/devika" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "stitionai", + "product": { + "product_data": [ + { + "product_name": "stitionai/devika", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "latest" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.com/bounties/301aeafb-af28-4b0b-a2cf-9a2ff1da1ef4", + "refsource": "MISC", + "name": "https://huntr.com/bounties/301aeafb-af28-4b0b-a2cf-9a2ff1da1ef4" + } + ] + }, + "source": { + "advisory": "301aeafb-af28-4b0b-a2cf-9a2ff1da1ef4", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH" } ] } diff --git a/2024/5xxx/CVE-2024-5827.json b/2024/5xxx/CVE-2024-5827.json index fde9f642527..d02e7607568 100644 --- a/2024/5xxx/CVE-2024-5827.json +++ b/2024/5xxx/CVE-2024-5827.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5827", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@huntr.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents ``. This can lead to command execution or the creation of backdoors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vanna-ai", + "product": { + "product_data": [ + { + "product_name": "vanna-ai/vanna", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "latest" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.com/bounties/e4e64a51-618b-41d0-8f56-1d2146d8825e", + "refsource": "MISC", + "name": "https://huntr.com/bounties/e4e64a51-618b-41d0-8f56-1d2146d8825e" + } + ] + }, + "source": { + "advisory": "e4e64a51-618b-41d0-8f56-1d2146d8825e", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/6xxx/CVE-2024-6410.json b/2024/6xxx/CVE-2024-6410.json new file mode 100644 index 00000000000..61983fc00f3 --- /dev/null +++ b/2024/6xxx/CVE-2024-6410.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6410", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6411.json b/2024/6xxx/CVE-2024-6411.json new file mode 100644 index 00000000000..4bc679255c9 --- /dev/null +++ b/2024/6xxx/CVE-2024-6411.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6411", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6412.json b/2024/6xxx/CVE-2024-6412.json new file mode 100644 index 00000000000..8ec1ff9dd3a --- /dev/null +++ b/2024/6xxx/CVE-2024-6412.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6412", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file