diff --git a/2021/47xxx/CVE-2021-47115.json b/2021/47xxx/CVE-2021-47115.json index 2063b881a55..a8d4cd65255 100644 --- a/2021/47xxx/CVE-2021-47115.json +++ b/2021/47xxx/CVE-2021-47115.json @@ -5,14 +5,164 @@ "CVE_data_meta": { "ID": "CVE-2021-47115", "ASSIGNER": "cve@kernel.org", - "STATE": "REJECT" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect\n\nIt's possible to trigger NULL pointer dereference by local unprivileged\nuser, when calling getsockname() after failed bind() (e.g. the bind\nfails because LLCP_SAP_MAX used as SAP):\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n CPU: 1 PID: 426 Comm: llcp_sock_getna Not tainted 5.13.0-rc2-next-20210521+ #9\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1 04/01/2014\n Call Trace:\n llcp_sock_getname+0xb1/0xe0\n __sys_getpeername+0x95/0xc0\n ? lockdep_hardirqs_on_prepare+0xd5/0x180\n ? syscall_enter_from_user_mode+0x1c/0x40\n __x64_sys_getpeername+0x11/0x20\n do_syscall_64+0x36/0x70\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThis can be reproduced with Syzkaller C repro (bind followed by\ngetpeername):\nhttps://syzkaller.appspot.com/x/repro.c?x=14def446e00000" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "d646960f7986", + "version_value": "eb6875d48590" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.3", + "status": "affected" + }, + { + "version": "0", + "lessThan": "3.3", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.4.272", + "lessThanOrEqual": "4.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.9.272", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.14.236", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.194", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.125", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.43", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.10", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/eb6875d48590d8e564092e831ff07fa384d7e477", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/eb6875d48590d8e564092e831ff07fa384d7e477" + }, + { + "url": "https://git.kernel.org/stable/c/39c15bd2e5d11bcf7f4c3dba2aad9e1e110a5d94", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/39c15bd2e5d11bcf7f4c3dba2aad9e1e110a5d94" + }, + { + "url": "https://git.kernel.org/stable/c/ffff05b9ee5c74c04bba2801c1f99b31975d74d9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ffff05b9ee5c74c04bba2801c1f99b31975d74d9" + }, + { + "url": "https://git.kernel.org/stable/c/93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f" + }, + { + "url": "https://git.kernel.org/stable/c/5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70" + }, + { + "url": "https://git.kernel.org/stable/c/48ee0db61c8299022ec88c79ad137f290196cac2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/48ee0db61c8299022ec88c79ad137f290196cac2" + }, + { + "url": "https://git.kernel.org/stable/c/0c4559736d9a4ec1ca58ba98ca34e7c4da4c422b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0c4559736d9a4ec1ca58ba98ca34e7c4da4c422b" + }, + { + "url": "https://git.kernel.org/stable/c/4ac06a1e013cf5fdd963317ffd3b968560f33bba", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4ac06a1e013cf5fdd963317ffd3b968560f33bba" + } + ] + }, + "generator": { + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52608.json b/2023/52xxx/CVE-2023-52608.json index 30ed781ffb8..d5e311455e2 100644 --- a/2023/52xxx/CVE-2023-52608.json +++ b/2023/52xxx/CVE-2023-52608.json @@ -82,7 +82,7 @@ "versionType": "custom" }, { - "version": "6.8-rc2", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" diff --git a/2024/21xxx/CVE-2024-21419.json b/2024/21xxx/CVE-2024-21419.json index 374be713010..1f171589404 100644 --- a/2024/21xxx/CVE-2024-21419.json +++ b/2024/21xxx/CVE-2024-21419.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "9.0", - "version_value": "9.1.27" + "version_value": "9.1.26" } ] } diff --git a/2024/26xxx/CVE-2024-26163.json b/2024/26xxx/CVE-2024-26163.json index c74c0309509..184ce4a107f 100644 --- a/2024/26xxx/CVE-2024-26163.json +++ b/2024/26xxx/CVE-2024-26163.json @@ -45,18 +45,6 @@ } ] } - }, - { - "product_name": "Microsoft Edge (Chromium-based) Extended Stable", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.0.0", - "version_value": "122.0.2365.92" - } - ] - } } ] } diff --git a/2024/26xxx/CVE-2024-26165.json b/2024/26xxx/CVE-2024-26165.json index 1a78a0f0385..132afe9aeea 100644 --- a/2024/26xxx/CVE-2024-26165.json +++ b/2024/26xxx/CVE-2024-26165.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "1.0.0", - "version_value": "1.XX.X" + "version_value": "1.87.2" } ] } diff --git a/2024/26xxx/CVE-2024-26201.json b/2024/26xxx/CVE-2024-26201.json index f0265cf8d78..5e1e0006f63 100644 --- a/2024/26xxx/CVE-2024-26201.json +++ b/2024/26xxx/CVE-2024-26201.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "1.0.0", - "version_value": "2402" + "version_value": "1.2402.12" } ] } diff --git a/2024/26xxx/CVE-2024-26629.json b/2024/26xxx/CVE-2024-26629.json index fbd9991a0b5..fb0f60c0543 100644 --- a/2024/26xxx/CVE-2024-26629.json +++ b/2024/26xxx/CVE-2024-26629.json @@ -76,7 +76,7 @@ "versionType": "custom" }, { - "version": "6.8-rc2", + "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" diff --git a/2024/27xxx/CVE-2024-27224.json b/2024/27xxx/CVE-2024-27224.json index 6013290cab5..0dc6ebeb2c9 100644 --- a/2024/27xxx/CVE-2024-27224.json +++ b/2024/27xxx/CVE-2024-27224.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27225.json b/2024/27xxx/CVE-2024-27225.json index d4dc295e24b..8ace8dbbd2c 100644 --- a/2024/27xxx/CVE-2024-27225.json +++ b/2024/27xxx/CVE-2024-27225.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27226.json b/2024/27xxx/CVE-2024-27226.json index 470c0067ad7..c1c7814f39d 100644 --- a/2024/27xxx/CVE-2024-27226.json +++ b/2024/27xxx/CVE-2024-27226.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In tmu_config_gov_params of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "In tmu_config_gov_params of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27227.json b/2024/27xxx/CVE-2024-27227.json index 02d41de8c6b..2b0f62aa39d 100644 --- a/2024/27xxx/CVE-2024-27227.json +++ b/2024/27xxx/CVE-2024-27227.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Android kernel allows Remote code execution." + "value": "A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues" } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27228.json b/2024/27xxx/CVE-2024-27228.json index a2843e3de3c..1b15778848e 100644 --- a/2024/27xxx/CVE-2024-27228.json +++ b/2024/27xxx/CVE-2024-27228.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In TBD of TBD, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27229.json b/2024/27xxx/CVE-2024-27229.json index 9e56a817c83..4fe9a274bf8 100644 --- a/2024/27xxx/CVE-2024-27229.json +++ b/2024/27xxx/CVE-2024-27229.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27230.json b/2024/27xxx/CVE-2024-27230.json index a714a47cf14..a42984dda11 100644 --- a/2024/27xxx/CVE-2024-27230.json +++ b/2024/27xxx/CVE-2024-27230.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27233.json b/2024/27xxx/CVE-2024-27233.json index c604a35fdd6..9c11b785f10 100644 --- a/2024/27xxx/CVE-2024-27233.json +++ b/2024/27xxx/CVE-2024-27233.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27234.json b/2024/27xxx/CVE-2024-27234.json index 3a7a9816393..a0569b8cfe7 100644 --- a/2024/27xxx/CVE-2024-27234.json +++ b/2024/27xxx/CVE-2024-27234.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27235.json b/2024/27xxx/CVE-2024-27235.json index 009b4ec762e..d6d9900997c 100644 --- a/2024/27xxx/CVE-2024-27235.json +++ b/2024/27xxx/CVE-2024-27235.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In plugin_extern_func of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "In plugin_extern_func of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27236.json b/2024/27xxx/CVE-2024-27236.json index d19e2028606..9fd3bbb3db4 100644 --- a/2024/27xxx/CVE-2024-27236.json +++ b/2024/27xxx/CVE-2024-27236.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/27xxx/CVE-2024-27237.json b/2024/27xxx/CVE-2024-27237.json index 8ab382aa94c..d699aa4a450 100644 --- a/2024/27xxx/CVE-2024-27237.json +++ b/2024/27xxx/CVE-2024-27237.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "Android kernel" + "version_value": "13" } ] } diff --git a/2024/28xxx/CVE-2024-28847.json b/2024/28xxx/CVE-2024-28847.json index daaf22ed2b1..70661531a03 100644 --- a/2024/28xxx/CVE-2024-28847.json +++ b/2024/28xxx/CVE-2024-28847.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28847", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptionRepository.prepare()`, which can lead to Remote Code Execution. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that, even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and, therefore, after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/events/subscriptions` which gets handled by `EventSubscriptionResource.createOrUpdateEventSubscription()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-251`." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "open-metadata", + "product": { + "product_data": [ + { + "product_name": "OpenMetadata", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.2.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-8p5r-6mvv-2435", + "refsource": "MISC", + "name": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-8p5r-6mvv-2435" + }, + { + "url": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection", + "refsource": "MISC", + "name": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection" + }, + { + "url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java#L693", + "refsource": "MISC", + "name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java#L693" + }, + { + "url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EventSubscriptionRepository.java#L69-L83", + "refsource": "MISC", + "name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EventSubscriptionRepository.java#L69-L83" + }, + { + "url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java#L219", + "refsource": "MISC", + "name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java#L219" + }, + { + "url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/events/subscription/EventSubscriptionResource.java#L289", + "refsource": "MISC", + "name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/events/subscription/EventSubscriptionResource.java#L289" + } + ] + }, + "source": { + "advisory": "GHSA-8p5r-6mvv-2435", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28848.json b/2024/28xxx/CVE-2024-28848.json index 4b82d96b2db..5e8f632bb40 100644 --- a/2024/28xxx/CVE-2024-28848.json +++ b/2024/28xxx/CVE-2024-28848.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28848", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `\u200eCompiledRule::validateExpression` method evaluates an SpEL expression using an `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/policies/validation/condition/` endpoint passes user-controlled data `CompiledRule::validateExpession` allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since `Authorizer.authorize()` is never called in the affected path and therefore any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-236`. This issue may lead to Remote Code Execution and has been resolved in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "open-metadata", + "product": { + "product_data": [ + { + "product_name": "OpenMetadata", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.2.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5xv3-fm7g-865r", + "refsource": "MISC", + "name": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5xv3-fm7g-865r" + }, + { + "url": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection", + "refsource": "MISC", + "name": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection" + }, + { + "url": "https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L51", + "refsource": "MISC", + "name": "https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L51" + }, + { + "url": "https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L57", + "refsource": "MISC", + "name": "https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L57" + } + ] + }, + "source": { + "advisory": "GHSA-5xv3-fm7g-865r", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2399.json b/2024/2xxx/CVE-2024-2399.json index e63bedc30b9..fd0a1a1ed94 100644 --- a/2024/2xxx/CVE-2024-2399.json +++ b/2024/2xxx/CVE-2024-2399.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2399", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Premium Addons for Elementor", + "product": { + "product_data": [ + { + "product_name": "Premium Addons Pro for Elementor", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.10.23" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc057069-15cd-477f-9106-e616e919c62f?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc057069-15cd-477f-9106-e616e919c62f?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.10.23/widgets/premium-media-wheel.php#L2753", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.10.23/widgets/premium-media-wheel.php#L2753" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3051259/premium-addons-for-elementor/trunk/widgets/premium-media-wheel.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3051259/premium-addons-for-elementor/trunk/widgets/premium-media-wheel.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wesley" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/2xxx/CVE-2024-2478.json b/2024/2xxx/CVE-2024-2478.json index 7fc64fc6ab2..f3f2b4e7e9f 100644 --- a/2024/2xxx/CVE-2024-2478.json +++ b/2024/2xxx/CVE-2024-2478.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2478", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in BradWenqiang HR 2.0. It has been rated as critical. Affected by this issue is the function selectAll of the file /bishe/register of the component Background Management. The manipulation of the argument userName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256886 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in BradWenqiang HR 2.0 ausgemacht. Es geht hierbei um die Funktion selectAll der Datei /bishe/register der Komponente Background Management. Durch die Manipulation des Arguments userName mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "BradWenqiang", + "product": { + "product_data": [ + { + "product_name": "HR", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256886", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256886" + }, + { + "url": "https://vuldb.com/?ctiid.256886", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256886" + }, + { + "url": "https://github.com/zuizui35/cve/blob/main/cve.md", + "refsource": "MISC", + "name": "https://github.com/zuizui35/cve/blob/main/cve.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "zuizui (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2479.json b/2024/2xxx/CVE-2024-2479.json index 283436e6603..9d35a9a33c2 100644 --- a/2024/2xxx/CVE-2024-2479.json +++ b/2024/2xxx/CVE-2024-2479.json @@ -76,18 +76,6 @@ ] }, "credits": [ - { - "lang": "en", - "value": "Jo\u00e3o Silveira" - }, - { - "lang": "en", - "value": "Leonardo Teodoro" - }, - { - "lang": "en", - "value": "Johnermac (VulDB User)" - }, { "lang": "en", "value": "Johnermac (VulDB User)" diff --git a/2024/2xxx/CVE-2024-2480.json b/2024/2xxx/CVE-2024-2480.json index d93b3d7a21b..c3324a34fd1 100644 --- a/2024/2xxx/CVE-2024-2480.json +++ b/2024/2xxx/CVE-2024-2480.json @@ -76,18 +76,6 @@ ] }, "credits": [ - { - "lang": "en", - "value": "Jo\u00e3o Silveira" - }, - { - "lang": "en", - "value": "Leonardo Teodoro" - }, - { - "lang": "en", - "value": "Johnermac (VulDB User)" - }, { "lang": "en", "value": "Johnermac (VulDB User)" diff --git a/2024/2xxx/CVE-2024-2481.json b/2024/2xxx/CVE-2024-2481.json index a484db84335..bff8911e844 100644 --- a/2024/2xxx/CVE-2024-2481.json +++ b/2024/2xxx/CVE-2024-2481.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2481", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Surya2Developer Hostel Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /admin/manage-students.php. Durch das Manipulieren des Arguments del mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Surya2Developer", + "product": { + "product_data": [ + { + "product_name": "Hostel Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256890", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256890" + }, + { + "url": "https://vuldb.com/?ctiid.256890", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256890" + }, + { + "url": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/Broken_Access_Control%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md", + "refsource": "MISC", + "name": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/Broken_Access_Control%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "C.P. Rivera" + }, + { + "lang": "en", + "value": "blackslim3 (VulDB User)" + }, + { + "lang": "en", + "value": "blackslim3 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.4, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2482.json b/2024/2xxx/CVE-2024-2482.json index 7477edef9d4..455d97ffe61 100644 --- a/2024/2xxx/CVE-2024-2482.json +++ b/2024/2xxx/CVE-2024-2482.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2482", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword leads to observable response discrepancy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256891." + }, + { + "lang": "deu", + "value": "In Surya2Developer Hostel Management Service 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /check_availability.php der Komponente HTTP POST Request Handler. Durch Manipulieren des Arguments oldpassword mit unbekannten Daten kann eine observable response discrepancy-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-204 Observable Response Discrepancy", + "cweId": "CWE-204" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Surya2Developer", + "product": { + "product_data": [ + { + "product_name": "Hostel Management Service", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256891", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256891" + }, + { + "url": "https://vuldb.com/?ctiid.256891", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256891" + }, + { + "url": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/Username_and_Password_Enumeration%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md", + "refsource": "MISC", + "name": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/Username_and_Password_Enumeration%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "C.P. Rivera" + }, + { + "lang": "en", + "value": "blackslim3 (VulDB User)" + }, + { + "lang": "en", + "value": "blackslim3 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.7, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.7, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 2.6, + "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N" } ] } diff --git a/2024/2xxx/CVE-2024-2489.json b/2024/2xxx/CVE-2024-2489.json index ce231cbbd27..c23d9c51fa8 100644 --- a/2024/2xxx/CVE-2024-2489.json +++ b/2024/2xxx/CVE-2024-2489.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2489", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256896. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Es wurde eine kritische Schwachstelle in Tenda AC18 15.03.05.05 entdeckt. Hiervon betroffen ist die Funktion formSetQosBand der Datei /goform/SetNetControlList. Mit der Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC18", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "15.03.05.05" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256896", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256896" - }, - { - "url": "https://vuldb.com/?ctiid.256896", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256896" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetQosBand.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetQosBand.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "yhryhryhr (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2490.json b/2024/2xxx/CVE-2024-2490.json index f00db0859d6..278af5c87bd 100644 --- a/2024/2xxx/CVE-2024-2490.json +++ b/2024/2xxx/CVE-2024-2490.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2490", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256897 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In Tenda AC18 15.03.05.05 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion setSchedWifi der Datei /goform/openSchedWifi. Durch die Manipulation des Arguments schedStartTime/schedEndTime mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC18", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "15.03.05.05" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256897", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256897" - }, - { - "url": "https://vuldb.com/?ctiid.256897", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256897" - }, - { - "url": "https://github.com/Emilytutu/IoT-vulnerable/blob/main/Tenda/AC18/setSchedWifi_end.md", - "refsource": "MISC", - "name": "https://github.com/Emilytutu/IoT-vulnerable/blob/main/Tenda/AC18/setSchedWifi_end.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "yhryhryhr (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2546.json b/2024/2xxx/CVE-2024-2546.json index b218246c676..5104d0a4ee9 100644 --- a/2024/2xxx/CVE-2024-2546.json +++ b/2024/2xxx/CVE-2024-2546.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2546", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "In Tenda AC18 15.13.07.09 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion fromSetWirelessRepeat. Mittels Manipulieren des Arguments wpapsk_crypto5g mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC18", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "15.13.07.09" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.256999", - "refsource": "MISC", - "name": "https://vuldb.com/?id.256999" - }, - { - "url": "https://vuldb.com/?ctiid.256999", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.256999" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/A18/fromSetWirelessRepeat_a.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/A18/fromSetWirelessRepeat_a.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "yhryhryhr_backup (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2547.json b/2024/2xxx/CVE-2024-2547.json index f28ec6d2188..68daf4b56d3 100644 --- a/2024/2xxx/CVE-2024-2547.json +++ b/2024/2xxx/CVE-2024-2547.json @@ -1,104 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2547", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." - }, - { - "lang": "deu", - "value": "Eine Schwachstelle wurde in Tenda AC18 15.03.05.05 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion R7WebsSecurityHandler. Durch das Manipulieren des Arguments password mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121 Stack-based Buffer Overflow", - "cweId": "CWE-121" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Tenda", - "product": { - "product_data": [ - { - "product_name": "AC18", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "15.03.05.05" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.257000", - "refsource": "MISC", - "name": "https://vuldb.com/?id.257000" - }, - { - "url": "https://vuldb.com/?ctiid.257000", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.257000" - }, - { - "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/R7WebsSecurityHandler.md", - "refsource": "MISC", - "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/R7WebsSecurityHandler.md" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "yhryhryhr_backup (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 8.8, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "3.0", - "baseScore": 8.8, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "baseSeverity": "HIGH" - }, - { - "version": "2.0", - "baseScore": 9, - "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] }