diff --git a/2023/6xxx/CVE-2023-6020.json b/2023/6xxx/CVE-2023-6020.json index 658b3ad045a..ce64fdb34d6 100644 --- a/2023/6xxx/CVE-2023-6020.json +++ b/2023/6xxx/CVE-2023-6020.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023" + "value": "LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-598 Use of GET Request Method With Sensitive Query Strings", - "cweId": "CWE-598" + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" } ] } @@ -62,9 +62,6 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, "source": { "advisory": "83dd8619-6dc3-4c98-8f1b-e620fedcd1f6", "discovery": "EXTERNAL" @@ -72,18 +69,18 @@ "impact": { "cvss": [ { + "version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version": "3.1" + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2023/6xxx/CVE-2023-6038.json b/2023/6xxx/CVE-2023-6038.json index a21e186773a..929b5ad0c17 100644 --- a/2023/6xxx/CVE-2023-6038.json +++ b/2023/6xxx/CVE-2023-6038.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-29 Path Traversal: '\\..\\filename'", - "cweId": "CWE-29" + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" } ] } diff --git a/2023/6xxx/CVE-2023-6515.json b/2023/6xxx/CVE-2023-6515.json index 6b234ad3715..a2cecdff2b3 100644 --- a/2023/6xxx/CVE-2023-6515.json +++ b/2023/6xxx/CVE-2023-6515.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6515", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M\u0130A-MED allows Authentication Abuse.This issue affects M\u0130A-MED: before 1.0.7.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mia Technology Inc.", + "product": { + "product_data": [ + { + "product_name": "M\u0130A-MED", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-0087", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-24-0087" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TR-24-0087", + "defect": [ + "TR-24-0087" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Mustafa An\u0131l YILDIRIM" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6572.json b/2023/6xxx/CVE-2023-6572.json index 0e42a0de101..bc7d31f1968 100644 --- a/2023/6xxx/CVE-2023-6572.json +++ b/2023/6xxx/CVE-2023-6572.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository gradio-app/gradio prior to main." + "value": "Command Injection in GitHub repository gradio-app/gradio prior to main." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", - "cweId": "CWE-200" + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" } ] } diff --git a/2023/6xxx/CVE-2023-6778.json b/2023/6xxx/CVE-2023-6778.json index c6e058933db..86bbf920d30 100644 --- a/2023/6xxx/CVE-2023-6778.json +++ b/2023/6xxx/CVE-2023-6778.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0. This vulnerability affects the ClearML Open Source Server which is not designed to be used as a publicly available service. Security recommendations stress it should be placed behind a company firewall or VPN. This vulnerability only affects users within the same organisation (I.e when a malicious party already has access to the internal network and to a user's ClearML login credentials)." + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0." } ] }, @@ -67,9 +67,6 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, "source": { "advisory": "5f3fffac-0358-48e6-a500-81bac13e0e2b", "discovery": "EXTERNAL" @@ -77,18 +74,18 @@ "impact": { "cvss": [ { + "version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "version": "3.1" + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6889.json b/2023/6xxx/CVE-2023-6889.json index 6f17c68e9be..b481b6df095 100644 --- a/2023/6xxx/CVE-2023-6889.json +++ b/2023/6xxx/CVE-2023-6889.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.\n\n" + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17." } ] }, @@ -67,38 +67,25 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, "source": { "advisory": "52897778-fad7-4169-bf04-a68a0646df0c", "discovery": "EXTERNAL" }, - "credits": [ - { - "lang": "en", - "value": "Ahmed Hassan (ahmedvienna)" - }, - { - "lang": "en", - "value": "Josef Hassan (josefjku)" - } - ], "impact": { "cvss": [ { + "version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.7, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", - "version": "3.1" + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6890.json b/2023/6xxx/CVE-2023-6890.json index f0bbc37f21d..f5d29cfa050 100644 --- a/2023/6xxx/CVE-2023-6890.json +++ b/2023/6xxx/CVE-2023-6890.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.\n\n" + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17." } ] }, @@ -67,38 +67,25 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, "source": { "advisory": "2cf11678-8793-4fa1-b21a-f135564a105d", "discovery": "EXTERNAL" }, - "credits": [ - { - "lang": "en", - "value": "Ahmed Hassan (ahmedvienna)" - }, - { - "lang": "en", - "value": "Josef Hassan (josefjku)" - } - ], "impact": { "cvss": [ { + "version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 6.7, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H", - "version": "3.1" + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/22xxx/CVE-2024-22464.json b/2024/22xxx/CVE-2024-22464.json index 1179255594a..f8b0956c9a6 100644 --- a/2024/22xxx/CVE-2024-22464.json +++ b/2024/22xxx/CVE-2024-22464.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22464", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532: Insertion of Sensitive Information into Log File", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "AppSync", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.2.0.0", + "version_value": "4.6.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000221932/dsa-2024-072-security-update-for-dell-emc-appsync-for-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000221932/dsa-2024-072-security-update-for-dell-emc-appsync-for-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/25xxx/CVE-2024-25569.json b/2024/25xxx/CVE-2024-25569.json new file mode 100644 index 00000000000..09ecef4681d --- /dev/null +++ b/2024/25xxx/CVE-2024-25569.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25569", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file