From e409ef0ebbec57649e4b1eb1df6e091d53a429f7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 21 Jun 2024 23:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2014/5xxx/CVE-2014-5470.json | 53 ++++++++++++++++++++++++++++++-- 2022/42xxx/CVE-2022-42974.json | 56 ++++++++++++++++++++++++++++++---- 2024/29xxx/CVE-2024-29025.json | 5 +++ 2024/34xxx/CVE-2024-34989.json | 56 ++++++++++++++++++++++++++++++---- 2024/36xxx/CVE-2024-36532.json | 56 ++++++++++++++++++++++++++++++---- 2024/6xxx/CVE-2024-6262.json | 18 +++++++++++ 2024/6xxx/CVE-2024-6263.json | 18 +++++++++++ 7 files changed, 242 insertions(+), 20 deletions(-) create mode 100644 2024/6xxx/CVE-2024-6262.json create mode 100644 2024/6xxx/CVE-2024-6263.json diff --git a/2014/5xxx/CVE-2014-5470.json b/2014/5xxx/CVE-2014-5470.json index 31a0c944068..f5f7be879f6 100644 --- a/2014/5xxx/CVE-2014-5470.json +++ b/2014/5xxx/CVE-2014-5470.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5470", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=35549", + "url": "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=35549" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/35549", + "url": "https://www.exploit-db.com/exploits/35549" } ] } diff --git a/2022/42xxx/CVE-2022-42974.json b/2022/42xxx/CVE-2022-42974.json index 24ddb1f93ec..55a0e810099 100644 --- a/2022/42xxx/CVE-2022-42974.json +++ b/2022/42xxx/CVE-2022-42974.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-42974", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-42974", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1, the web application for the Solar Panel is vulnerable to a Stored Cross-Site Scripting (XSS) attack on /file.bootloader.upload.html. The application fails to sanitize the parameter filename, in a POST request to /file.bootloader.upload.html for a system update, thus allowing one to inject HTML and/or JavaScript on the page that will then be processed and stored by the application. Any subsequent requests to pages that retrieve the malicious content will automatically exploit the vulnerability on the victim's browser. This also happens because the tag is loaded in the function innerHTML in the page HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://medium.com/@daviddepaulasantos/how-we-got-a-cve-for-a-dom-based-stored-xss-on-a-solar-panel-917b9d7b2545", + "url": "https://medium.com/@daviddepaulasantos/how-we-got-a-cve-for-a-dom-based-stored-xss-on-a-solar-panel-917b9d7b2545" } ] } diff --git a/2024/29xxx/CVE-2024-29025.json b/2024/29xxx/CVE-2024-29025.json index 9f8fe0335b4..ed8a2537cd3 100644 --- a/2024/29xxx/CVE-2024-29025.json +++ b/2024/29xxx/CVE-2024-29025.json @@ -68,6 +68,11 @@ "url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", "refsource": "MISC", "name": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html" } ] }, diff --git a/2024/34xxx/CVE-2024-34989.json b/2024/34xxx/CVE-2024-34989.json index 5dc46fadba8..eec0fa53efd 100644 --- a/2024/34xxx/CVE-2024-34989.json +++ b/2024/34xxx/CVE-2024-34989.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-34989", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-34989", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via `PrestaPDFProductListModuleFrontController::queryDb().'" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/06/20/prestapdf.html", + "url": "https://security.friendsofpresta.org/modules/2024/06/20/prestapdf.html" } ] } diff --git a/2024/36xxx/CVE-2024-36532.json b/2024/36xxx/CVE-2024-36532.json index 89c6435d9d3..08e4bed0d72 100644 --- a/2024/36xxx/CVE-2024-36532.json +++ b/2024/36xxx/CVE-2024-36532.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36532", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36532", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/HouqiyuA/43488e1d41110a5610146b87b2e88a02", + "url": "https://gist.github.com/HouqiyuA/43488e1d41110a5610146b87b2e88a02" } ] } diff --git a/2024/6xxx/CVE-2024-6262.json b/2024/6xxx/CVE-2024-6262.json new file mode 100644 index 00000000000..aa2c736b13b --- /dev/null +++ b/2024/6xxx/CVE-2024-6262.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6262", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6263.json b/2024/6xxx/CVE-2024-6263.json new file mode 100644 index 00000000000..77f5ce10ac6 --- /dev/null +++ b/2024/6xxx/CVE-2024-6263.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6263", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file