diff --git a/2018/25xxx/CVE-2018-25103.json b/2018/25xxx/CVE-2018-25103.json
index b23f3cac3d3..4179ba8af7a 100644
--- a/2018/25xxx/CVE-2018-25103.json
+++ b/2018/25xxx/CVE-2018-25103.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "There exists a use-after-free-vulnerability in lighttpd <= 1.4.50 that can allow access to do a case-insensitive comparison against the reused pointer."
+ "value": "There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests."
}
]
},
@@ -54,6 +54,11 @@
},
"references": {
"reference_data": [
+ {
+ "url": "https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736",
+ "refsource": "MISC",
+ "name": "https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736"
+ },
{
"url": "https://www.runzero.com/blog/lighttpd/",
"refsource": "MISC",
@@ -65,19 +70,9 @@
"name": "https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9"
},
{
- "url": "https://www.binarly.io/blog/lighttpd-gains-new-life",
+ "url": "https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8",
"refsource": "MISC",
- "name": "https://www.binarly.io/blog/lighttpd-gains-new-life"
- },
- {
- "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf",
- "refsource": "MISC",
- "name": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf"
- },
- {
- "url": "https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736",
- "refsource": "MISC",
- "name": "https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736"
+ "name": "https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8"
}
]
},
@@ -92,7 +87,7 @@
"credits": [
{
"lang": "en",
- "value": "Thanks to VDOO Embedded Security part of JFROG for reporting this vulnerability."
+ "value": "Thanks to VDOO Embedded Security part of JFROG for reporting the vulnerability in the If-Modified-Since header with line folding, and thanks to Marcus Wengelin for reporting the vulnerability in the Range header with a specially crafted pair of Range headers."
}
]
}
\ No newline at end of file
diff --git a/2024/38xxx/CVE-2024-38508.json b/2024/38xxx/CVE-2024-38508.json
new file mode 100644
index 00000000000..10267b5a7b1
--- /dev/null
+++ b/2024/38xxx/CVE-2024-38508.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-38508",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/38xxx/CVE-2024-38509.json b/2024/38xxx/CVE-2024-38509.json
new file mode 100644
index 00000000000..d540f5b1756
--- /dev/null
+++ b/2024/38xxx/CVE-2024-38509.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-38509",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/38xxx/CVE-2024-38510.json b/2024/38xxx/CVE-2024-38510.json
new file mode 100644
index 00000000000..ffc39051d49
--- /dev/null
+++ b/2024/38xxx/CVE-2024-38510.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-38510",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/38xxx/CVE-2024-38511.json b/2024/38xxx/CVE-2024-38511.json
new file mode 100644
index 00000000000..ac525c742e7
--- /dev/null
+++ b/2024/38xxx/CVE-2024-38511.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-38511",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/38xxx/CVE-2024-38512.json b/2024/38xxx/CVE-2024-38512.json
new file mode 100644
index 00000000000..0c066c76a26
--- /dev/null
+++ b/2024/38xxx/CVE-2024-38512.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-38512",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/5xxx/CVE-2024-5275.json b/2024/5xxx/CVE-2024-5275.json
index abcd66a0879..77df01f8f08 100644
--- a/2024/5xxx/CVE-2024-5275.json
+++ b/2024/5xxx/CVE-2024-5275.json
@@ -1,17 +1,124 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5275",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security.reports@fortra.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of\u00a0FileCatalyst Workflow from 5.1.6 Build 130 and earlier."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-259 Use of Hard-coded Password",
+ "cweId": "CWE-259"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Fortra",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "FileCatalyst Direct",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "3.7",
+ "version_value": "3.8.10.138"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "FileCatalyst Workflow",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "4.9.8",
+ "version_value": "5.1.6.130"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.fortra.com/security/advisory/fi-2024-007",
+ "refsource": "MISC",
+ "name": "https://www.fortra.com/security/advisory/fi-2024-007"
+ },
+ {
+ "url": "https://support.fortra.com/filecatalyst/kb-articles/action-required-by-june-18th-2024-filecatalyst-transferagent-ssl-and-localhost-changes-MWQwYjI3ZGItZmQyMS1lZjExLTg0MGItMDAyMjQ4MGE0MDNm",
+ "refsource": "MISC",
+ "name": "https://support.fortra.com/filecatalyst/kb-articles/action-required-by-june-18th-2024-filecatalyst-transferagent-ssl-and-localhost-changes-MWQwYjI3ZGItZmQyMS1lZjExLTg0MGItMDAyMjQ4MGE0MDNm"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "For FileCatalyst Direct users, upgrade to 3.8.10 build 144 (or higher)
For FileCatalyst Workflow users, upgrade to 5.1.6 build 133 (or later)
For those using the FileCatalyst TransferAgent remotely, e.g., as a remote-controlled node accepting REST calls, update REST calls to \"http\". If \"https\" is still required, a new SSL key and add it to the agent keystore."
+ }
+ ],
+ "value": "For FileCatalyst Direct users,\u00a0upgrade to 3.8.10 build 144 (or higher) \nFor FileCatalyst Workflow users, upgrade to 5.1.6 build 133 (or later)\nFor those using the FileCatalyst TransferAgent remotely, e.g., as a remote-controlled node accepting REST calls, update REST calls to \"http\". If \"https\" is still required, a new SSL key and add it to the agent keystore."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Greg at Palmer Research"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/5xxx/CVE-2024-5750.json b/2024/5xxx/CVE-2024-5750.json
index 2b30d554f28..b2808abf16e 100644
--- a/2024/5xxx/CVE-2024-5750.json
+++ b/2024/5xxx/CVE-2024-5750.json
@@ -1,17 +1,17 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5750",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "** REJECT ** Not a valid security issue."
}
]
}
diff --git a/2024/6xxx/CVE-2024-6126.json b/2024/6xxx/CVE-2024-6126.json
new file mode 100644
index 00000000000..42a1058c8a8
--- /dev/null
+++ b/2024/6xxx/CVE-2024-6126.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-6126",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file