diff --git a/2010/2xxx/CVE-2010-2739.json b/2010/2xxx/CVE-2010-2739.json index 88ed6395b02..fdac3a829e8 100644 --- a/2010/2xxx/CVE-2010-2739.json +++ b/2010/2xxx/CVE-2010-2739.json @@ -71,6 +71,11 @@ "name": "http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx", "refsource": "CONFIRM", "url": "http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx" + }, + { + "refsource": "CONFIRM", + "name": "https://msrc.microsoft.com/blog/2010/08/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability/", + "url": "https://msrc.microsoft.com/blog/2010/08/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability/" } ] } diff --git a/2023/4xxx/CVE-2023-4727.json b/2023/4xxx/CVE-2023-4727.json index 190ff5a4c7f..f2ac978892d 100644 --- a/2023/4xxx/CVE-2023-4727.json +++ b/2023/4xxx/CVE-2023-4727.json @@ -35,6 +35,27 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Certificate System 10.4 EUS for RHEL-8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "8060020240529205458.07fb4edf", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "version": { @@ -134,6 +155,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:4051" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4070", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4070" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4727", "refsource": "MISC", diff --git a/2024/33xxx/CVE-2024-33879.json b/2024/33xxx/CVE-2024-33879.json index 91a58228cf3..6d911040e09 100644 --- a/2024/33xxx/CVE-2024-33879.json +++ b/2024/33xxx/CVE-2024-33879.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-33879", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-33879", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq", + "refsource": "MISC", + "name": "https://docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq" + }, + { + "url": "https://download.virtosoftware.com/Manuals/nu_ncsc_virto_one_bulk_file_download_v5.4.4_pt_disclosure.pdf", + "refsource": "MISC", + "name": "https://download.virtosoftware.com/Manuals/nu_ncsc_virto_one_bulk_file_download_v5.4.4_pt_disclosure.pdf" } ] } diff --git a/2024/33xxx/CVE-2024-33880.json b/2024/33xxx/CVE-2024-33880.json index be66386445b..7dddf2cec73 100644 --- a/2024/33xxx/CVE-2024-33880.json +++ b/2024/33xxx/CVE-2024-33880.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-33880", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-33880", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://download.virtosoftware.com/Manuals/nu_ncsc_virto_one_bulk_file_download_v5.4.4_pt_disclosure.pdf", + "refsource": "MISC", + "name": "https://download.virtosoftware.com/Manuals/nu_ncsc_virto_one_bulk_file_download_v5.4.4_pt_disclosure.pdf" + }, + { + "refsource": "MISC", + "name": "https://docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq>", + "url": "https://docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq>" } ] } diff --git a/2024/33xxx/CVE-2024-33881.json b/2024/33xxx/CVE-2024-33881.json index d57126673cc..679ab09494d 100644 --- a/2024/33xxx/CVE-2024-33881.json +++ b/2024/33xxx/CVE-2024-33881.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-33881", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-33881", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq", + "refsource": "MISC", + "name": "https://docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq" + }, + { + "url": "https://download.virtosoftware.com/Manuals/nu_ncsc_virto_one_bulk_file_download_v5.4.4_pt_disclosure.pdf", + "refsource": "MISC", + "name": "https://download.virtosoftware.com/Manuals/nu_ncsc_virto_one_bulk_file_download_v5.4.4_pt_disclosure.pdf" } ] } diff --git a/2024/38xxx/CVE-2024-38369.json b/2024/38xxx/CVE-2024-38369.json index de5e957b8f2..8e1dd39018e 100644 --- a/2024/38xxx/CVE-2024-38369.json +++ b/2024/38xxx/CVE-2024-38369.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38369", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference=\"targetdocument\"/}}` is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro. This vulnerability has been patched in XWiki 15.0 RC1 by making the default behavior safe.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xwiki", + "product": { + "product_data": [ + { + "product_name": "xwiki-platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.5-milestone-2, < 15.0-rc-1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh", + "refsource": "MISC", + "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh" + } + ] + }, + "source": { + "advisory": "GHSA-qcj3-wpgm-qpxh", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/38xxx/CVE-2024-38373.json b/2024/38xxx/CVE-2024-38373.json index 9525c72c6f6..76bb8ceb5ee 100644 --- a/2024/38xxx/CVE-2024-38373.json +++ b/2024/38xxx/CVE-2024-38373.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38373", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the actual domain name length, could cause the parser to read beyond the DNS response buffer. This issue affects applications using DNS functionality of the FreeRTOS-Plus-TCP stack. Applications that do not use DNS functionality are not affected, even when the DNS functionality is enabled. This vulnerability has been patched in version 4.1.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-126: Buffer Over-read", + "cweId": "CWE-126" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeRTOS", + "product": { + "product_data": [ + { + "product_name": "FreeRTOS-Plus-TCP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 4.0.0, <= 4.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-ppcp-rg65-58mv", + "refsource": "MISC", + "name": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-ppcp-rg65-58mv" + }, + { + "url": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.1.1", + "refsource": "MISC", + "name": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.1.1" + } + ] + }, + "source": { + "advisory": "GHSA-ppcp-rg65-58mv", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H", + "version": "3.1" } ] }