diff --git a/2023/3xxx/CVE-2023-3597.json b/2023/3xxx/CVE-2023-3597.json index 41e35f12d3a..f847a53a7b3 100644 --- a/2023/3xxx/CVE-2023-3597.json +++ b/2023/3xxx/CVE-2023-3597.json @@ -97,6 +97,19 @@ ] } }, + { + "product_name": "RHSSO 7.6.8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, { "product_name": "Red Hat Single Sign-On 7", "version": { @@ -118,6 +131,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:1866", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:1866" + }, { "url": "https://access.redhat.com/errata/RHSA-2024:1867", "refsource": "MISC", diff --git a/2024/43xxx/CVE-2024-43166.json b/2024/43xxx/CVE-2024-43166.json new file mode 100644 index 00000000000..48ce42e56cc --- /dev/null +++ b/2024/43xxx/CVE-2024-43166.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-43166", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6522.json b/2024/6xxx/CVE-2024-6522.json index 432bb963b5a..ec39b6eda8c 100644 --- a/2024/6xxx/CVE-2024-6522.json +++ b/2024/6xxx/CVE-2024-6522.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form' AJAX function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918 Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Webnus", + "product": { + "product_data": [ + { + "product_name": "Modern Events Calendar", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "7.12.1" + } + ] + } + } + ] + } + }, + { + "vendor_name": "webnus/", + "product": { + "product_data": [ + { + "product_name": "Modern Events Calendar Lite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "7.12.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/00bf8f2f-6ab4-4430-800b-5b97abe7589e?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/00bf8f2f-6ab4-4430-800b-5b97abe7589e?source=cve" + }, + { + "url": "https://wordpress.org/plugins/modern-events-calendar-lite/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/modern-events-calendar-lite/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/modern-events-calendar-lite/trunk/app/features/fes.php#L54", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/modern-events-calendar-lite/trunk/app/features/fes.php#L54" + }, + { + "url": "https://mec.webnus.net/change-log/", + "refsource": "MISC", + "name": "https://mec.webnus.net/change-log/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Friderika Baranyai" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2024/7xxx/CVE-2024-7265.json b/2024/7xxx/CVE-2024-7265.json index 2d104e3c503..b7b7c2e6b75 100644 --- a/2024/7xxx/CVE-2024-7265.json +++ b/2024/7xxx/CVE-2024-7265.json @@ -1,18 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7265", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cvd@cert.pl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect User Management vulnerability in Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation.\u00a0This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-286 Incorrect User Management", + "cweId": "CWE-286" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy", + "product": { + "product_data": [ + { + "product_name": "EZD RP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15", + "version_value": "15.84" + }, + { + "version_affected": "<", + "version_name": "16", + "version_value": "16.15" + }, + { + "version_affected": "<", + "version_name": "17", + "version_value": "17.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.pl/en/posts/2024/08/CVE-2023-7265/", + "refsource": "MISC", + "name": "https://cert.pl/en/posts/2024/08/CVE-2023-7265/" + }, + { + "url": "https://cert.pl/posts/2024/08/CVE-2023-7265/", + "refsource": "MISC", + "name": "https://cert.pl/posts/2024/08/CVE-2023-7265/" + }, + { + "url": "https://www.gov.pl/web/ezd-rp", + "refsource": "MISC", + "name": "https://www.gov.pl/web/ezd-rp" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Jakub P\u0142atek (NASK-PIB)" + } + ] } \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7266.json b/2024/7xxx/CVE-2024-7266.json index ebd47c2ddb9..bf55894bdc3 100644 --- a/2024/7xxx/CVE-2024-7266.json +++ b/2024/7xxx/CVE-2024-7266.json @@ -1,18 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7266", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cvd@cert.pl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect User Management vulnerability in Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations.\u00a0This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-286 Incorrect User Management", + "cweId": "CWE-286" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy", + "product": { + "product_data": [ + { + "product_name": "EZD RP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15", + "version_value": "15.84" + }, + { + "version_affected": "<", + "version_name": "16", + "version_value": "16.15" + }, + { + "version_affected": "<", + "version_name": "17", + "version_value": "17.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.pl/en/posts/2024/08/CVE-2023-7265/", + "refsource": "MISC", + "name": "https://cert.pl/en/posts/2024/08/CVE-2023-7265/" + }, + { + "url": "https://cert.pl/posts/2024/08/CVE-2023-7265/", + "refsource": "MISC", + "name": "https://cert.pl/posts/2024/08/CVE-2023-7265/" + }, + { + "url": "https://www.gov.pl/web/ezd-rp", + "refsource": "MISC", + "name": "https://www.gov.pl/web/ezd-rp" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Jakub P\u0142atek (NASK-PIB)" + } + ] } \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7267.json b/2024/7xxx/CVE-2024-7267.json index ddf11b89840..062fbf0c089 100644 --- a/2024/7xxx/CVE-2024-7267.json +++ b/2024/7xxx/CVE-2024-7267.json @@ -1,18 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7267", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cvd@cert.pl", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of Sensitive Information\u00a0vulnerability in Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials.\u00a0This issue affects EZD RP all versions before 19.6" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-213 Exposure of Sensitive Information Due to Incompatible Policies", + "cweId": "CWE-213" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Naukowa i Akademicka Sie\u0107 Komputerowa - Pa\u0144stwowy Instytut Badawczy", + "product": { + "product_data": [ + { + "product_name": "EZD RP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "19.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.pl/en/posts/2024/08/CVE-2023-7265/", + "refsource": "MISC", + "name": "https://cert.pl/en/posts/2024/08/CVE-2023-7265/" + }, + { + "url": "https://cert.pl/posts/2024/08/CVE-2023-7265/", + "refsource": "MISC", + "name": "https://cert.pl/posts/2024/08/CVE-2023-7265/" + }, + { + "url": "https://www.gov.pl/web/ezd-rp", + "refsource": "MISC", + "name": "https://www.gov.pl/web/ezd-rp" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Jakub P\u0142atek (NASK-PIB)" + } + ] } \ No newline at end of file