From f0b8c96135a81fb6bfe8cc80ee830be3a2255c60 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 24 Jan 2024 17:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/50xxx/CVE-2023-50445.json | 5 ++ 2023/50xxx/CVE-2023-50919.json | 5 ++ 2023/51xxx/CVE-2023-51885.json | 56 +++++++++++++++++--- 2024/0xxx/CVE-2024-0204.json | 5 ++ 2024/0xxx/CVE-2024-0861.json | 18 +++++++ 2024/0xxx/CVE-2024-0862.json | 18 +++++++ 2024/0xxx/CVE-2024-0863.json | 18 +++++++ 2024/22xxx/CVE-2024-22229.json | 78 ++++++++++++++++++++++++++-- 2024/22xxx/CVE-2024-22725.json | 61 +++++++++++++++++++--- 2024/23xxx/CVE-2024-23641.json | 93 ++++++++++++++++++++++++++++++++-- 10 files changed, 337 insertions(+), 20 deletions(-) create mode 100644 2024/0xxx/CVE-2024-0861.json create mode 100644 2024/0xxx/CVE-2024-0862.json create mode 100644 2024/0xxx/CVE-2024-0863.json diff --git a/2023/50xxx/CVE-2023-50445.json b/2023/50xxx/CVE-2023-50445.json index 4e000ec623a..d03a2e42417 100644 --- a/2023/50xxx/CVE-2023-50445.json +++ b/2023/50xxx/CVE-2023-50445.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Using%20Shell%20Metacharacter%20Injection%20via%20API.md", "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Using%20Shell%20Metacharacter%20Injection%20via%20API.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html" } ] } diff --git a/2023/50xxx/CVE-2023-50919.json b/2023/50xxx/CVE-2023-50919.json index 6a2b1e514d3..a0c4e881b56 100644 --- a/2023/50xxx/CVE-2023-50919.json +++ b/2023/50xxx/CVE-2023-50919.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass.md", "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/176708/GL.iNet-Unauthenticated-Remote-Command-Execution.html" } ] } diff --git a/2023/51xxx/CVE-2023-51885.json b/2023/51xxx/CVE-2023-51885.json index fa5e9a59b04..87f1d3d7ce1 100644 --- a/2023/51xxx/CVE-2023-51885.json +++ b/2023/51xxx/CVE-2023-51885.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51885", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51885", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/", + "refsource": "MISC", + "name": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/" } ] } diff --git a/2024/0xxx/CVE-2024-0204.json b/2024/0xxx/CVE-2024-0204.json index cf3634b6500..25811737a73 100644 --- a/2024/0xxx/CVE-2024-0204.json +++ b/2024/0xxx/CVE-2024-0204.json @@ -73,6 +73,11 @@ "url": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml", "refsource": "MISC", "name": "https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml" + }, + { + "url": "http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html" } ] }, diff --git a/2024/0xxx/CVE-2024-0861.json b/2024/0xxx/CVE-2024-0861.json new file mode 100644 index 00000000000..4d4debab401 --- /dev/null +++ b/2024/0xxx/CVE-2024-0861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/0xxx/CVE-2024-0862.json b/2024/0xxx/CVE-2024-0862.json new file mode 100644 index 00000000000..c9927c3b2a0 --- /dev/null +++ b/2024/0xxx/CVE-2024-0862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/0xxx/CVE-2024-0863.json b/2024/0xxx/CVE-2024-0863.json new file mode 100644 index 00000000000..3ea56f0b36b --- /dev/null +++ b/2024/0xxx/CVE-2024-0863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/22xxx/CVE-2024-22229.json b/2024/22xxx/CVE-2024-22229.json index 694b3452e27..7fdd2093ded 100644 --- a/2024/22xxx/CVE-2024-22229.json +++ b/2024/22xxx/CVE-2024-22229.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22229", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-117: Improper Output Neutralization for Logs", + "cweId": "CWE-117" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Unity", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Version 5.3.0.0.5.120" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22725.json b/2024/22xxx/CVE-2024-22725.json index 5f9d1b7e1b1..cb593d9ad09 100644 --- a/2024/22xxx/CVE-2024-22725.json +++ b/2024/22xxx/CVE-2024-22725.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-22725", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-22725", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://orthanc.uclouvain.be/hg/orthanc/rev/505416b269a0", + "refsource": "MISC", + "name": "https://orthanc.uclouvain.be/hg/orthanc/rev/505416b269a0" + }, + { + "url": "https://orthanc.uclouvain.be/hg/orthanc/file/Orthanc-1.12.2/NEWS", + "refsource": "MISC", + "name": "https://orthanc.uclouvain.be/hg/orthanc/file/Orthanc-1.12.2/NEWS" } ] } diff --git a/2024/23xxx/CVE-2024-23641.json b/2024/23xxx/CVE-2024-23641.json index b82c0e71d09..c53a92c575a 100644 --- a/2024/23xxx/CVE-2024-23641.json +++ b/2024/23xxx/CVE-2024-23641.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23641", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "sveltejs", + "product": { + "product_data": [ + { + "product_name": "kit", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 2.0.0, < 2.4.3" + }, + { + "version_affected": "=", + "version_value": ">= 2.0.0, < 2.1.2" + }, + { + "version_affected": "=", + "version_value": ">= 3.0.0, < 3.0.3" + }, + { + "version_affected": "=", + "version_value": "= 4.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49", + "refsource": "MISC", + "name": "https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49" + }, + { + "url": "https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9", + "refsource": "MISC", + "name": "https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9" + } + ] + }, + "source": { + "advisory": "GHSA-g5m6-hxpp-fc49", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] }