diff --git a/2017/3xxx/CVE-2017-3772.json b/2017/3xxx/CVE-2017-3772.json
index 98a92d43a9a..4dc1188823c 100644
--- a/2017/3xxx/CVE-2017-3772.json
+++ b/2017/3xxx/CVE-2017-3772.json
@@ -1,17 +1,107 @@
{
- "CVE_data_meta": {
- "ASSIGNER": "cve@mitre.org",
- "ID": "CVE-2017-3772",
- "STATE": "RESERVED"
- },
- "data_format": "MITRE",
- "data_type": "CVE",
"data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2017-3772",
+ "ASSIGNER": "psirt@lenovo.com",
+ "STATE": "PUBLIC"
+ },
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was reported in Lenovo PC Manager versions prior to 2.6.40.3154 that could allow an attacker to cause a system reboot."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-20 Improper Input Validation",
+ "cweId": "CWE-20"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Lenovo",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PC Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "2.6.40.3154"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://iknow.lenovo.com.cn/detail/171959",
+ "refsource": "MISC",
+ "name": "https://iknow.lenovo.com.cn/detail/171959"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update Lenovo PC Manager 2.6 to version 2.6.40.3154 or later. "
+ }
+ ],
+ "value": "Update Lenovo PC Manager 2.6 to version\u00a02.6.40.3154 or later."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lenovo thanks Xiao Xuedong for reporting this issue."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2019/6xxx/CVE-2019-6197.json b/2019/6xxx/CVE-2019-6197.json
index 3fadca2a726..8ff69e39fe4 100644
--- a/2019/6xxx/CVE-2019-6197.json
+++ b/2019/6xxx/CVE-2019-6197.json
@@ -1,17 +1,107 @@
{
- "CVE_data_meta": {
- "ASSIGNER": "cve@mitre.org",
- "ID": "CVE-2019-6197",
- "STATE": "RESERVED"
- },
- "data_format": "MITRE",
- "data_type": "CVE",
"data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2019-6197",
+ "ASSIGNER": "psirt@lenovo.com",
+ "STATE": "PUBLIC"
+ },
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Lenovo",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PC Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "2.8.90.11211"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://iknow.lenovo.com.cn/detail/186945.html",
+ "refsource": "MISC",
+ "name": "https://iknow.lenovo.com.cn/detail/186945.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update Lenovo PC Manager to version 2.8.90.11211 or later. "
+ }
+ ],
+ "value": "Update Lenovo PC Manager to version 2.8.90.11211 or later."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lenovo thanks Hou Jing Yi for reporting this issue."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2019/6xxx/CVE-2019-6198.json b/2019/6xxx/CVE-2019-6198.json
index ddeea948349..6489dc7b097 100644
--- a/2019/6xxx/CVE-2019-6198.json
+++ b/2019/6xxx/CVE-2019-6198.json
@@ -1,17 +1,107 @@
{
- "CVE_data_meta": {
- "ASSIGNER": "cve@mitre.org",
- "ID": "CVE-2019-6198",
- "STATE": "RESERVED"
- },
- "data_format": "MITRE",
- "data_type": "CVE",
"data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2019-6198",
+ "ASSIGNER": "psirt@lenovo.com",
+ "STATE": "PUBLIC"
+ },
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was reported in Lenovo PC Manager prior to version\u00a02.8.90.11211 that could allow a local attacker to escalate privileges."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Lenovo",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PC Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "2.8.90.11211"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://iknow.lenovo.com.cn/detail/186945.html",
+ "refsource": "MISC",
+ "name": "https://iknow.lenovo.com.cn/detail/186945.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update Lenovo PC Manager to version 2.8.90.11211 or later. \n\n
"
+ }
+ ],
+ "value": "Update Lenovo PC Manager to version 2.8.90.11211 or later."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lenovo thanks Huang Can and Han Xinhui of Wang Xuan Institute of Computer Science, Peking University for reporting this issue."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2022/4xxx/CVE-2022-4001.json b/2022/4xxx/CVE-2022-4001.json
index 6df345decba..0876884004b 100644
--- a/2022/4xxx/CVE-2022-4001.json
+++ b/2022/4xxx/CVE-2022-4001.json
@@ -1,17 +1,101 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4001",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@lenovo.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An authentication bypass vulnerability could allow an attacker to access API functions without authentication."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Motorola",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Q14 Mesh Router Firmware",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "1.5.0.16"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities",
+ "refsource": "MISC",
+ "name": "https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update Motorola Q14 Mesh Router firmware to v1.5.0.16 or later.\n\n
"
+ }
+ ],
+ "value": "Update Motorola Q14 Mesh Router firmware to v1.5.0.16 or later."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2022/4xxx/CVE-2022-4002.json b/2022/4xxx/CVE-2022-4002.json
index 566be8ecf5c..59fdf2c794c 100644
--- a/2022/4xxx/CVE-2022-4002.json
+++ b/2022/4xxx/CVE-2022-4002.json
@@ -1,17 +1,101 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4002",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@lenovo.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Motorola",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Q14 Mesh Router Firmware",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "1.5.0.16"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities",
+ "refsource": "MISC",
+ "name": "https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update Motorola Q14 Mesh Router firmware to v1.5.0.16 or later.\n\n
"
+ }
+ ],
+ "value": "Update Motorola Q14 Mesh Router firmware to v1.5.0.16 or later."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2022/4xxx/CVE-2022-4003.json b/2022/4xxx/CVE-2022-4003.json
index b27d73e3f2f..448e6ad3a13 100644
--- a/2022/4xxx/CVE-2022-4003.json
+++ b/2022/4xxx/CVE-2022-4003.json
@@ -1,17 +1,101 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4003",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@lenovo.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-400: Uncontrolled Resource Consumption",
+ "cweId": "CWE-400"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Motorola",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Q14 Mesh Router Firmware",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "1.5.0.16"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities",
+ "refsource": "MISC",
+ "name": "https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update Motorola Q14 Mesh Router firmware to v1.5.0.16 or later."
+ }
+ ],
+ "value": "Update Motorola Q14 Mesh Router firmware to v1.5.0.16 or later."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 2.7,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2023/1xxx/CVE-2023-1577.json b/2023/1xxx/CVE-2023-1577.json
index 76c8abc06c8..d31b615e98d 100644
--- a/2023/1xxx/CVE-2023-1577.json
+++ b/2023/1xxx/CVE-2023-1577.json
@@ -1,17 +1,107 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1577",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@lenovo.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-20 Improper Input Validation",
+ "cweId": "CWE-20"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Lenovo",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Driver Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "3.1.1307.1308"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://iknow.lenovo.com.cn/detail/dc_415202.html",
+ "refsource": "MISC",
+ "name": "https://iknow.lenovo.com.cn/detail/dc_415202.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to Lenovo Driver Manager version 3.1.1307.1308 or later.\n\n
"
+ }
+ ],
+ "value": "Update to Lenovo Driver Manager version 3.1.1307.1308 or later."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Lenovo thanks Linke Lu for reporting CVE-2023-25496."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/29xxx/CVE-2024-29029.json b/2024/29xxx/CVE-2024-29029.json
index 456ac0b051f..50fd7402e02 100644
--- a/2024/29xxx/CVE-2024-29029.json
+++ b/2024/29xxx/CVE-2024-29029.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability."
+ "value": "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file."
}
]
},
@@ -50,7 +50,7 @@
"version_data": [
{
"version_affected": "=",
- "version_value": "<= 0.13.2"
+ "version_value": "< 0.22.0"
}
]
}
diff --git a/2024/29xxx/CVE-2024-29030.json b/2024/29xxx/CVE-2024-29030.json
index 9c8ae9f1113..99e0d5c84c5 100644
--- a/2024/29xxx/CVE-2024-29030.json
+++ b/2024/29xxx/CVE-2024-29030.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network."
+ "value": "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file."
}
]
},
@@ -41,7 +41,7 @@
"version_data": [
{
"version_affected": "=",
- "version_value": "<= 0.13.2"
+ "version_value": "< 0.22.0"
}
]
}
diff --git a/2024/40xxx/CVE-2024-40464.json b/2024/40xxx/CVE-2024-40464.json
index 98cfd5f4a78..7f38bb82453 100644
--- a/2024/40xxx/CVE-2024-40464.json
+++ b/2024/40xxx/CVE-2024-40464.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-40464",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-40464",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://gist.github.com/nyxfqq/b53b0148b9aa040de63f58a68fd11445",
+ "url": "https://gist.github.com/nyxfqq/b53b0148b9aa040de63f58a68fd11445"
}
]
}
diff --git a/2024/40xxx/CVE-2024-40465.json b/2024/40xxx/CVE-2024-40465.json
index dbca014ecfa..ae616601f90 100644
--- a/2024/40xxx/CVE-2024-40465.json
+++ b/2024/40xxx/CVE-2024-40465.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-40465",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-40465",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://gist.github.com/nyxfqq/a5a2fc5147a1b34538e1ac05a3e56910",
+ "url": "https://gist.github.com/nyxfqq/a5a2fc5147a1b34538e1ac05a3e56910"
}
]
}
diff --git a/2024/41xxx/CVE-2024-41253.json b/2024/41xxx/CVE-2024-41253.json
index db27f73275a..c3c5d8270d6 100644
--- a/2024/41xxx/CVE-2024-41253.json
+++ b/2024/41xxx/CVE-2024-41253.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-41253",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-41253",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://gist.github.com/nyxfqq/f69d41c69a4d0751841f4d972b9745da",
+ "url": "https://gist.github.com/nyxfqq/f69d41c69a4d0751841f4d972b9745da"
}
]
}
diff --git a/2024/41xxx/CVE-2024-41254.json b/2024/41xxx/CVE-2024-41254.json
index 19b30e3f802..58979275c2b 100644
--- a/2024/41xxx/CVE-2024-41254.json
+++ b/2024/41xxx/CVE-2024-41254.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-41254",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-41254",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://gist.github.com/nyxfqq/d857f268a53aa62402655c8dcd95c68f",
+ "url": "https://gist.github.com/nyxfqq/d857f268a53aa62402655c8dcd95c68f"
}
]
}
diff --git a/2024/41xxx/CVE-2024-41255.json b/2024/41xxx/CVE-2024-41255.json
index c9d317a8bfa..3f47195dc9f 100644
--- a/2024/41xxx/CVE-2024-41255.json
+++ b/2024/41xxx/CVE-2024-41255.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-41255",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-41255",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://gist.github.com/nyxfqq/c367f2ca9448810924dcf0f1af30b441",
+ "url": "https://gist.github.com/nyxfqq/c367f2ca9448810924dcf0f1af30b441"
}
]
}
diff --git a/2024/41xxx/CVE-2024-41256.json b/2024/41xxx/CVE-2024-41256.json
index fd3c829603e..4c8500a2b68 100644
--- a/2024/41xxx/CVE-2024-41256.json
+++ b/2024/41xxx/CVE-2024-41256.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-41256",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-41256",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://gist.github.com/nyxfqq/a6da3fe6128b978ea1aaa5df639d5f98",
+ "url": "https://gist.github.com/nyxfqq/a6da3fe6128b978ea1aaa5df639d5f98"
}
]
}
diff --git a/2024/41xxx/CVE-2024-41258.json b/2024/41xxx/CVE-2024-41258.json
index a8715edc6d1..b704fef594f 100644
--- a/2024/41xxx/CVE-2024-41258.json
+++ b/2024/41xxx/CVE-2024-41258.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-41258",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-41258",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://gist.github.com/nyxfqq/ed8c2ba3398c9e28cd8dbf0902bd8edf",
+ "url": "https://gist.github.com/nyxfqq/ed8c2ba3398c9e28cd8dbf0902bd8edf"
}
]
}
diff --git a/2024/42xxx/CVE-2024-42393.json b/2024/42xxx/CVE-2024-42393.json
new file mode 100644
index 00000000000..e5bbbab5b5d
--- /dev/null
+++ b/2024/42xxx/CVE-2024-42393.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-42393",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/42xxx/CVE-2024-42394.json b/2024/42xxx/CVE-2024-42394.json
new file mode 100644
index 00000000000..e5636e2fef9
--- /dev/null
+++ b/2024/42xxx/CVE-2024-42394.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-42394",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/42xxx/CVE-2024-42395.json b/2024/42xxx/CVE-2024-42395.json
new file mode 100644
index 00000000000..a6585b03fe6
--- /dev/null
+++ b/2024/42xxx/CVE-2024-42395.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-42395",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/42xxx/CVE-2024-42396.json b/2024/42xxx/CVE-2024-42396.json
new file mode 100644
index 00000000000..b08e12c49a9
--- /dev/null
+++ b/2024/42xxx/CVE-2024-42396.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-42396",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/42xxx/CVE-2024-42397.json b/2024/42xxx/CVE-2024-42397.json
new file mode 100644
index 00000000000..7c5055cd738
--- /dev/null
+++ b/2024/42xxx/CVE-2024-42397.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-42397",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/42xxx/CVE-2024-42398.json b/2024/42xxx/CVE-2024-42398.json
new file mode 100644
index 00000000000..5d82d13d2dc
--- /dev/null
+++ b/2024/42xxx/CVE-2024-42398.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-42398",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/42xxx/CVE-2024-42399.json b/2024/42xxx/CVE-2024-42399.json
new file mode 100644
index 00000000000..3884aa22018
--- /dev/null
+++ b/2024/42xxx/CVE-2024-42399.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-42399",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/42xxx/CVE-2024-42400.json b/2024/42xxx/CVE-2024-42400.json
new file mode 100644
index 00000000000..434c4d03d84
--- /dev/null
+++ b/2024/42xxx/CVE-2024-42400.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-42400",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/42xxx/CVE-2024-42401.json b/2024/42xxx/CVE-2024-42401.json
new file mode 100644
index 00000000000..5b766b3a395
--- /dev/null
+++ b/2024/42xxx/CVE-2024-42401.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-42401",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/42xxx/CVE-2024-42402.json b/2024/42xxx/CVE-2024-42402.json
new file mode 100644
index 00000000000..27fee1859d7
--- /dev/null
+++ b/2024/42xxx/CVE-2024-42402.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-42402",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/4xxx/CVE-2024-4187.json b/2024/4xxx/CVE-2024-4187.json
index eddc059eff3..5e6b725ab0a 100644
--- a/2024/4xxx/CVE-2024-4187.json
+++ b/2024/4xxx/CVE-2024-4187.json
@@ -1,18 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4187",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@opentext.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Stored XSS vulnerability has been discovered in OpenText\u2122 Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-356: Product UI does not Warn User of Unsafe Actions",
+ "cweId": "CWE-356"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "OpenText\u2122",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Filr",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "24.1.1"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "24.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://portal.microfocus.com/s/article/KM000032291",
+ "refsource": "MISC",
+ "name": "https://portal.microfocus.com/s/article/KM000032291"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "https://portal.microfocus.com/s/article/KM000032291
"
+ }
+ ],
+ "value": "https://portal.microfocus.com/s/article/KM000032291"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Dmytro Pravytskyi \u2013 AWR7.de"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/7xxx/CVE-2024-7326.json b/2024/7xxx/CVE-2024-7326.json
index c11b3b3b5e2..922cecc0562 100644
--- a/2024/7xxx/CVE-2024-7326.json
+++ b/2024/7xxx/CVE-2024-7326.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7326",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. This affects an unknown part in the library RTL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The identifier VDB-273249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "deu",
+ "value": "Es wurde eine Schwachstelle in IObit DualSafe Password Manager 1.4.0.3 entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf in der Bibliothek RTL120.BPL der Komponente BPL Handler. Durch das Beeinflussen mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-427 Uncontrolled Search Path",
+ "cweId": "CWE-427"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "IObit",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DualSafe Password Manager",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.4.0.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.273249",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.273249"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.273249",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.273249"
+ },
+ {
+ "url": "https://vuldb.com/?submit.378150",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.378150"
+ },
+ {
+ "url": "https://lab52.io/blog/dll-side-loading-through-iobit-against-colombia/",
+ "refsource": "MISC",
+ "name": "https://lab52.io/blog/dll-side-loading-through-iobit-against-colombia/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "daniel.soriano (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 7.8,
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 7.8,
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 6.8,
+ "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C"
}
]
}
diff --git a/2024/7xxx/CVE-2024-7349.json b/2024/7xxx/CVE-2024-7349.json
new file mode 100644
index 00000000000..09a3266f5d2
--- /dev/null
+++ b/2024/7xxx/CVE-2024-7349.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-7349",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/7xxx/CVE-2024-7350.json b/2024/7xxx/CVE-2024-7350.json
new file mode 100644
index 00000000000..4cc9040230a
--- /dev/null
+++ b/2024/7xxx/CVE-2024-7350.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-7350",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/7xxx/CVE-2024-7351.json b/2024/7xxx/CVE-2024-7351.json
new file mode 100644
index 00000000000..0d98448d6d6
--- /dev/null
+++ b/2024/7xxx/CVE-2024-7351.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-7351",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/7xxx/CVE-2024-7352.json b/2024/7xxx/CVE-2024-7352.json
new file mode 100644
index 00000000000..439ad7594e0
--- /dev/null
+++ b/2024/7xxx/CVE-2024-7352.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-7352",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file