From dee00537f46e4ea36386eb444d45e7ff083bbb9e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 6 May 2024 21:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/37xxx/CVE-2022-37460.json | 4 +- 2023/33xxx/CVE-2023-33548.json | 56 ++++++++++++++-- 2024/1xxx/CVE-2024-1695.json | 56 ++++++++++++++-- 2024/28xxx/CVE-2024-28725.json | 61 ++++++++++++++++-- 2024/32xxx/CVE-2024-32982.json | 12 +++- 2024/34xxx/CVE-2024-34413.json | 113 +++++++++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34455.json | 5 ++ 2024/34xxx/CVE-2024-34532.json | 56 ++++++++++++++-- 2024/34xxx/CVE-2024-34533.json | 56 ++++++++++++++-- 2024/34xxx/CVE-2024-34534.json | 56 ++++++++++++++-- 2024/4xxx/CVE-2024-4549.json | 12 ++-- 2024/4xxx/CVE-2024-4573.json | 18 ++++++ 2024/4xxx/CVE-2024-4574.json | 18 ++++++ 13 files changed, 475 insertions(+), 48 deletions(-) create mode 100644 2024/4xxx/CVE-2024-4573.json create mode 100644 2024/4xxx/CVE-2024-4574.json diff --git a/2022/37xxx/CVE-2022-37460.json b/2022/37xxx/CVE-2022-37460.json index 84539bffa69..7deeeb76fe2 100644 --- a/2022/37xxx/CVE-2022-37460.json +++ b/2022/37xxx/CVE-2022-37460.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-37460", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2023/33xxx/CVE-2023-33548.json b/2023/33xxx/CVE-2023-33548.json index 02021216f53..1c87ae91bed 100644 --- a/2023/33xxx/CVE-2023-33548.json +++ b/2023/33xxx/CVE-2023-33548.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-33548", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-33548", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmware versions up to and including 3.0.0.4.380.8591 allows attackers to run arbitrary code via the WPA Pre-Shared Key field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Idaht/ASUS_RT-AC51U_CVE/blob/main/XSS%20-%20WPA%20Pre-Shared%20Key", + "url": "https://github.com/Idaht/ASUS_RT-AC51U_CVE/blob/main/XSS%20-%20WPA%20Pre-Shared%20Key" } ] } diff --git a/2024/1xxx/CVE-2024-1695.json b/2024/1xxx/CVE-2024-1695.json index f1844a6b574..32b3aec14ff 100644 --- a/2024/1xxx/CVE-2024-1695.json +++ b/2024/1xxx/CVE-2024-1695.json @@ -1,18 +1,66 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "HP Application Enabling Software Driver", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See HP Security Bulletin reference for affected versions." + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hp.com/us-en/document/ish_10555591-10555627-16/hpsbhf03932", + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_10555591-10555627-16/hpsbhf03932" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.15" } } \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28725.json b/2024/28xxx/CVE-2024-28725.json index 0b800548d55..2746ea736e5 100644 --- a/2024/28xxx/CVE-2024-28725.json +++ b/2024/28xxx/CVE-2024-28725.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28725", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28725", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/asenzhenshuai/DongDong/blob/main/yzmcms-xss.pdf", + "refsource": "MISC", + "name": "https://github.com/asenzhenshuai/DongDong/blob/main/yzmcms-xss.pdf" + }, + { + "url": "https://github.com/asenzhenshuai/DongDong/issues/1", + "refsource": "MISC", + "name": "https://github.com/asenzhenshuai/DongDong/issues/1" } ] } diff --git a/2024/32xxx/CVE-2024-32982.json b/2024/32xxx/CVE-2024-32982.json index 423caa4496b..7f6eba40ede 100644 --- a/2024/32xxx/CVE-2024-32982.json +++ b/2024/32xxx/CVE-2024-32982.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, a Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensitive files outside the designated directories. Such access can lead to the disclosure of sensitive information or potentially compromise the server. The vulnerability is located in the file path handling mechanism within the static content serving function, specifically at `litestar/static_files/base.py`. This vulnerability is fixed in 2.8.3." + "value": "Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensitive files outside the designated directories. Such access can lead to the disclosure of sensitive information or potentially compromise the server. The vulnerability is located in the file path handling mechanism within the static content serving function, specifically at `litestar/static_files/base.py`. This vulnerability is fixed in versions 2.8.3, 2.7.2, and 2.6.4." } ] }, @@ -41,11 +41,19 @@ "version_data": [ { "version_affected": "=", - "version_value": ">= 2.0.0, <= 2.8.2" + "version_value": ">= 2.8.0, < 2.8.3" }, { "version_affected": "=", "version_value": ">= 1.37.0, <= 1.51.14" + }, + { + "version_affected": "=", + "version_value": ">= 2.7.0, < 2.7.2" + }, + { + "version_affected": "=", + "version_value": ">= 2.0.0, < 2.6.4" } ] } diff --git a/2024/34xxx/CVE-2024-34413.json b/2024/34xxx/CVE-2024-34413.json index f97be50455b..3770ef5a3dc 100644 --- a/2024/34xxx/CVE-2024-34413.json +++ b/2024/34xxx/CVE-2024-34413.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SliceWP allows Stored XSS.This issue affects SliceWP: from n/a through 1.1.10.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SliceWP", + "product": { + "product_data": [ + { + "product_name": "SliceWP", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.1.11", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.1.10", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/slicewp/wordpress-slicewp-affiliates-plugin-1-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/slicewp/wordpress-slicewp-affiliates-plugin-1-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.1.11 or a higher version." + } + ], + "value": "Update to 1.1.11 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Manab Jyoti Dowarah (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/34xxx/CVE-2024-34455.json b/2024/34xxx/CVE-2024-34455.json index 5ed506521dd..00f29e3102b 100644 --- a/2024/34xxx/CVE-2024-34455.json +++ b/2024/34xxx/CVE-2024-34455.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20240506 Re: Buildroot: incorrect permissons on /dev/shm", "url": "http://www.openwall.com/lists/oss-security/2024/05/06/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20240506 Re: [Buildroot] Buildroot: incorrect permissons on /dev/shm", + "url": "http://www.openwall.com/lists/oss-security/2024/05/06/4" } ] } diff --git a/2024/34xxx/CVE-2024-34532.json b/2024/34xxx/CVE-2024-34532.json index c2b0fcff3cf..43f7bf38e01 100644 --- a/2024/34xxx/CVE-2024-34532.json +++ b/2024/34xxx/CVE-2024-34532.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-34532", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-34532", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/query_deluxe", + "refsource": "MISC", + "name": "https://github.com/luvsn/OdZoo/tree/main/exploits/query_deluxe" } ] } diff --git a/2024/34xxx/CVE-2024-34533.json b/2024/34xxx/CVE-2024-34533.json index 20851b5b24c..b6cdb4cc66c 100644 --- a/2024/34xxx/CVE-2024-34533.json +++ b/2024/34xxx/CVE-2024-34533.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-34533", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-34533", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/izi_data", + "refsource": "MISC", + "name": "https://github.com/luvsn/OdZoo/tree/main/exploits/izi_data" } ] } diff --git a/2024/34xxx/CVE-2024-34534.json b/2024/34xxx/CVE-2024-34534.json index 263f7de830b..bc9665c4e63 100644 --- a/2024/34xxx/CVE-2024-34534.json +++ b/2024/34xxx/CVE-2024-34534.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-34534", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-34534", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/text_commander", + "refsource": "MISC", + "name": "https://github.com/luvsn/OdZoo/tree/main/exploits/text_commander" } ] } diff --git a/2024/4xxx/CVE-2024-4549.json b/2024/4xxx/CVE-2024-4549.json index b42c602455e..d6279b6cdf0 100644 --- a/2024/4xxx/CVE-2024-4549.json +++ b/2024/4xxx/CVE-2024-4549.json @@ -73,14 +73,14 @@ "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", "privilegesRequired": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ] diff --git a/2024/4xxx/CVE-2024-4573.json b/2024/4xxx/CVE-2024-4573.json new file mode 100644 index 00000000000..9df00b4e577 --- /dev/null +++ b/2024/4xxx/CVE-2024-4573.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4573", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4574.json b/2024/4xxx/CVE-2024-4574.json new file mode 100644 index 00000000000..b63e64be61e --- /dev/null +++ b/2024/4xxx/CVE-2024-4574.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4574", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file