From e23a5e6c443a4943a35166f7717af966a2048a89 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 26 Jan 2024 08:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/48xxx/CVE-2023-48126.json | 56 ++++++++++++++++++--- 2023/48xxx/CVE-2023-48128.json | 56 ++++++++++++++++++--- 2023/48xxx/CVE-2023-48129.json | 56 ++++++++++++++++++--- 2023/48xxx/CVE-2023-48130.json | 56 ++++++++++++++++++--- 2023/6xxx/CVE-2023-6919.json | 89 ++++++++++++++++++++++++++++++++-- 2024/0xxx/CVE-2024-0917.json | 18 +++++++ 2024/22xxx/CVE-2024-22545.json | 56 ++++++++++++++++++--- 2024/23xxx/CVE-2024-23388.json | 53 ++++++++++++++++++-- 2024/24xxx/CVE-2024-24680.json | 18 +++++++ 2024/24xxx/CVE-2024-24681.json | 18 +++++++ 2024/24xxx/CVE-2024-24682.json | 18 +++++++ 11 files changed, 456 insertions(+), 38 deletions(-) create mode 100644 2024/0xxx/CVE-2024-0917.json create mode 100644 2024/24xxx/CVE-2024-24680.json create mode 100644 2024/24xxx/CVE-2024-24681.json create mode 100644 2024/24xxx/CVE-2024-24682.json diff --git a/2023/48xxx/CVE-2023-48126.json b/2023/48xxx/CVE-2023-48126.json index 7ecfd8f12ff..235a55da7ca 100644 --- a/2023/48xxx/CVE-2023-48126.json +++ b/2023/48xxx/CVE-2023-48126.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-48126", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-48126", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/syz913/CVE-reports/blob/main/Luxe%20Beauty%20Clinic.md", + "refsource": "MISC", + "name": "https://github.com/syz913/CVE-reports/blob/main/Luxe%20Beauty%20Clinic.md" } ] } diff --git a/2023/48xxx/CVE-2023-48128.json b/2023/48xxx/CVE-2023-48128.json index 4b606d7f7e3..388273f9ba6 100644 --- a/2023/48xxx/CVE-2023-48128.json +++ b/2023/48xxx/CVE-2023-48128.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-48128", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-48128", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/syz913/CVE-reports/blob/main/UNITED%20BOXING%20GYM.md", + "refsource": "MISC", + "name": "https://github.com/syz913/CVE-reports/blob/main/UNITED%20BOXING%20GYM.md" } ] } diff --git a/2023/48xxx/CVE-2023-48129.json b/2023/48xxx/CVE-2023-48129.json index b2a06e7bf30..6b94fa62836 100644 --- a/2023/48xxx/CVE-2023-48129.json +++ b/2023/48xxx/CVE-2023-48129.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-48129", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-48129", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/syz913/CVE-reports/blob/main/kimono-oldnew.md", + "refsource": "MISC", + "name": "https://github.com/syz913/CVE-reports/blob/main/kimono-oldnew.md" } ] } diff --git a/2023/48xxx/CVE-2023-48130.json b/2023/48xxx/CVE-2023-48130.json index 388b593112c..afa09c87a09 100644 --- a/2023/48xxx/CVE-2023-48130.json +++ b/2023/48xxx/CVE-2023-48130.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-48130", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-48130", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/syz913/CVE-reports/blob/main/GINZA%20CAFE.md", + "refsource": "MISC", + "name": "https://github.com/syz913/CVE-reports/blob/main/GINZA%20CAFE.md" } ] } diff --git a/2023/6xxx/CVE-2023-6919.json b/2023/6xxx/CVE-2023-6919.json index 5a25e00feaa..7ee5bd44ff0 100644 --- a/2023/6xxx/CVE-2023-6919.json +++ b/2023/6xxx/CVE-2023-6919.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6919", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-25 Path Traversal: '/../filedir'", + "cweId": "CWE-25" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Biges Safe Life Technologies Electronics Inc.", + "product": { + "product_data": [ + { + "product_name": "VGuard", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V500.0003.R008.4011.C0012.B351.C" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-0054", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-24-0054" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TR-24-0054", + "defect": [ + "TR-24-0054" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Fatih YILMAZ" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0917.json b/2024/0xxx/CVE-2024-0917.json new file mode 100644 index 00000000000..6f645f5095e --- /dev/null +++ b/2024/0xxx/CVE-2024-0917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/22xxx/CVE-2024-22545.json b/2024/22xxx/CVE-2024-22545.json index 4f8f69f4616..e8993519ee8 100644 --- a/2024/22xxx/CVE-2024-22545.json +++ b/2024/22xxx/CVE-2024-22545.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-22545", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-22545", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TRENDnet TEW-824DRU version 1.04b01 is vulnerable to Command Injection via the system.ntp.server in the sub_420AE0() function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://warp-desk-89d.notion.site/TEW-824DRU-e7228d462ce24fa1a9fecb0bee57caad", + "url": "https://warp-desk-89d.notion.site/TEW-824DRU-e7228d462ce24fa1a9fecb0bee57caad" } ] } diff --git a/2024/23xxx/CVE-2024-23388.json b/2024/23xxx/CVE-2024-23388.json index 63b9a8566ac..395c48e748a 100644 --- a/2024/23xxx/CVE-2024-23388.json +++ b/2024/23xxx/CVE-2024-23388.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23388", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authorization in handler for custom URL scheme issue in \"Mercari\" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization in handler for custom URL scheme" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mercari, Inc.", + "product": { + "product_data": [ + { + "product_name": "\"Mercari\" App for Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "prior to version 5.78.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://jvn.jp/en/jp/JVN70818619/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN70818619/" } ] } diff --git a/2024/24xxx/CVE-2024-24680.json b/2024/24xxx/CVE-2024-24680.json new file mode 100644 index 00000000000..1836b0aff6e --- /dev/null +++ b/2024/24xxx/CVE-2024-24680.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24680", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24681.json b/2024/24xxx/CVE-2024-24681.json new file mode 100644 index 00000000000..9bf18c6221d --- /dev/null +++ b/2024/24xxx/CVE-2024-24681.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24681", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24682.json b/2024/24xxx/CVE-2024-24682.json new file mode 100644 index 00000000000..8d875ac3519 --- /dev/null +++ b/2024/24xxx/CVE-2024-24682.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24682", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file