From f9b7ad9fa7771fa8b3e90fa9d9d6553ba6b326eb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Sep 2024 20:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/46xxx/CVE-2023-46950.json | 10 ---- 2024/22xxx/CVE-2024-22013.json | 53 +++++++++++++++++++-- 2024/2xxx/CVE-2024-2698.json | 5 -- 2024/34xxx/CVE-2024-34016.json | 71 ++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3154.json | 2 +- 2024/3xxx/CVE-2024-3183.json | 5 -- 2024/42xxx/CVE-2024-42794.json | 61 +++++++++++++++++++++--- 2024/42xxx/CVE-2024-42795.json | 61 +++++++++++++++++++++--- 2024/42xxx/CVE-2024-42796.json | 61 +++++++++++++++++++++--- 2024/42xxx/CVE-2024-42798.json | 61 +++++++++++++++++++++--- 2024/44xxx/CVE-2024-44445.json | 56 +++++++++++++++++++--- 2024/45xxx/CVE-2024-45800.json | 86 ++++++++++++++++++++++++++++++++-- 2024/47xxx/CVE-2024-47022.json | 18 +++++++ 2024/47xxx/CVE-2024-47023.json | 18 +++++++ 2024/47xxx/CVE-2024-47024.json | 18 +++++++ 2024/47xxx/CVE-2024-47025.json | 18 +++++++ 2024/47xxx/CVE-2024-47026.json | 18 +++++++ 2024/47xxx/CVE-2024-47027.json | 18 +++++++ 2024/47xxx/CVE-2024-47028.json | 18 +++++++ 2024/47xxx/CVE-2024-47029.json | 18 +++++++ 2024/47xxx/CVE-2024-47030.json | 18 +++++++ 2024/47xxx/CVE-2024-47031.json | 18 +++++++ 2024/47xxx/CVE-2024-47032.json | 18 +++++++ 2024/47xxx/CVE-2024-47033.json | 18 +++++++ 2024/47xxx/CVE-2024-47034.json | 18 +++++++ 2024/47xxx/CVE-2024-47035.json | 18 +++++++ 2024/47xxx/CVE-2024-47036.json | 18 +++++++ 2024/47xxx/CVE-2024-47037.json | 18 +++++++ 2024/47xxx/CVE-2024-47038.json | 18 +++++++ 2024/47xxx/CVE-2024-47039.json | 18 +++++++ 2024/47xxx/CVE-2024-47040.json | 18 +++++++ 2024/47xxx/CVE-2024-47041.json | 18 +++++++ 2024/5xxx/CVE-2024-5154.json | 2 +- 2024/8xxx/CVE-2024-8766.json | 71 ++++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8902.json | 18 +++++++ 2024/8xxx/CVE-2024-8903.json | 18 +++++++ 36 files changed, 933 insertions(+), 68 deletions(-) create mode 100644 2024/47xxx/CVE-2024-47022.json create mode 100644 2024/47xxx/CVE-2024-47023.json create mode 100644 2024/47xxx/CVE-2024-47024.json create mode 100644 2024/47xxx/CVE-2024-47025.json create mode 100644 2024/47xxx/CVE-2024-47026.json create mode 100644 2024/47xxx/CVE-2024-47027.json create mode 100644 2024/47xxx/CVE-2024-47028.json create mode 100644 2024/47xxx/CVE-2024-47029.json create mode 100644 2024/47xxx/CVE-2024-47030.json create mode 100644 2024/47xxx/CVE-2024-47031.json create mode 100644 2024/47xxx/CVE-2024-47032.json create mode 100644 2024/47xxx/CVE-2024-47033.json create mode 100644 2024/47xxx/CVE-2024-47034.json create mode 100644 2024/47xxx/CVE-2024-47035.json create mode 100644 2024/47xxx/CVE-2024-47036.json create mode 100644 2024/47xxx/CVE-2024-47037.json create mode 100644 2024/47xxx/CVE-2024-47038.json create mode 100644 2024/47xxx/CVE-2024-47039.json create mode 100644 2024/47xxx/CVE-2024-47040.json create mode 100644 2024/47xxx/CVE-2024-47041.json create mode 100644 2024/8xxx/CVE-2024-8902.json create mode 100644 2024/8xxx/CVE-2024-8903.json diff --git a/2023/46xxx/CVE-2023-46950.json b/2023/46xxx/CVE-2023-46950.json index 3b7390c3b8f..06d1c72d04c 100644 --- a/2023/46xxx/CVE-2023-46950.json +++ b/2023/46xxx/CVE-2023-46950.json @@ -52,16 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "https://www.link.com", - "refsource": "MISC", - "name": "https://www.link.com" - }, - { - "url": "https://link.org", - "refsource": "MISC", - "name": "https://link.org" - }, { "refsource": "MISC", "name": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38", diff --git a/2024/22xxx/CVE-2024-22013.json b/2024/22xxx/CVE-2024-22013.json index 03c31753dfa..7ca238656b7 100644 --- a/2024/22xxx/CVE-2024-22013.json +++ b/2024/22xxx/CVE-2024-22013.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22013", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "U-Boot environment is read from unauthenticated partition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Nest Wifi Pro", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.73.424613" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.google.com/product-documentation/answer/14950962?hl=en&ref_topic=12974021&sjid=9595902703262170957-NA#zippy=%2Cwifi", + "refsource": "MISC", + "name": "https://support.google.com/product-documentation/answer/14950962?hl=en&ref_topic=12974021&sjid=9595902703262170957-NA#zippy=%2Cwifi" } ] } diff --git a/2024/2xxx/CVE-2024-2698.json b/2024/2xxx/CVE-2024-2698.json index 9429156f437..095dcfb6c47 100644 --- a/2024/2xxx/CVE-2024-2698.json +++ b/2024/2xxx/CVE-2024-2698.json @@ -189,11 +189,6 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2270353" }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WT3JL7JQDIAFKKEFARWYES7GZNWGQNCI/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WT3JL7JQDIAFKKEFARWYES7GZNWGQNCI/" - }, { "url": "https://www.freeipa.org/release-notes/4-12-1.html", "refsource": "MISC", diff --git a/2024/34xxx/CVE-2024-34016.json b/2024/34xxx/CVE-2024-34016.json index a42fdeb5b20..8ef1fad56a3 100644 --- a/2024/34xxx/CVE-2024-34016.json +++ b/2024/34xxx/CVE-2024-34016.json @@ -1,17 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34016", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@acronis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Acronis", + "product": { + "product_data": [ + { + "product_name": "Acronis Cyber Protect Cloud Agent", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "38235" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-7188", + "refsource": "MISC", + "name": "https://security-advisory.acronis.com/advisories/SEC-7188" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "@satz4797 (https://hackerone.com/satz4797)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.0", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" } ] } diff --git a/2024/3xxx/CVE-2024-3154.json b/2024/3xxx/CVE-2024-3154.json index e703cbdd3d2..c2f693f866e 100644 --- a/2024/3xxx/CVE-2024-3154.json +++ b/2024/3xxx/CVE-2024-3154.json @@ -86,7 +86,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.27.6-2.rhaos4.14.gitb3bd0bf.el9", + "version": "0:1.27.6-2.rhaos4.14.gitb3bd0bf.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" diff --git a/2024/3xxx/CVE-2024-3183.json b/2024/3xxx/CVE-2024-3183.json index 452afab9168..466895410ae 100644 --- a/2024/3xxx/CVE-2024-3183.json +++ b/2024/3xxx/CVE-2024-3183.json @@ -375,11 +375,6 @@ "url": "https://www.freeipa.org/release-notes/4-12-1.html", "refsource": "MISC", "name": "https://www.freeipa.org/release-notes/4-12-1.html" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WT3JL7JQDIAFKKEFARWYES7GZNWGQNCI/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WT3JL7JQDIAFKKEFARWYES7GZNWGQNCI/" } ] }, diff --git a/2024/42xxx/CVE-2024-42794.json b/2024/42xxx/CVE-2024-42794.json index 2c2c8f30862..4baf2f8e19a 100644 --- a/2024/42xxx/CVE-2024-42794.json +++ b/2024/42xxx/CVE-2024-42794.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-42794", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-42794", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code", + "refsource": "MISC", + "name": "https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code" + }, + { + "refsource": "MISC", + "name": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Save%20User%20%26%20Account%20Takeover.pdf", + "url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Save%20User%20%26%20Account%20Takeover.pdf" } ] } diff --git a/2024/42xxx/CVE-2024-42795.json b/2024/42xxx/CVE-2024-42795.json index 7f5c98cfaed..4bfd134ebe5 100644 --- a/2024/42xxx/CVE-2024-42795.json +++ b/2024/42xxx/CVE-2024-42795.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-42795", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-42795", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + }, + { + "refsource": "MISC", + "name": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20View%20User.pdf", + "url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20View%20User.pdf" } ] } diff --git a/2024/42xxx/CVE-2024-42796.json b/2024/42xxx/CVE-2024-42796.json index a5657b1b262..dc3c403cdf6 100644 --- a/2024/42xxx/CVE-2024-42796.json +++ b/2024/42xxx/CVE-2024-42796.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-42796", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-42796", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code", + "refsource": "MISC", + "name": "https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code" + }, + { + "refsource": "MISC", + "name": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Delete%20Genre.pdf", + "url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Delete%20Genre.pdf" } ] } diff --git a/2024/42xxx/CVE-2024-42798.json b/2024/42xxx/CVE-2024-42798.json index 2fffda358c5..1342913900c 100644 --- a/2024/42xxx/CVE-2024-42798.json +++ b/2024/42xxx/CVE-2024-42798.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-42798", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-42798", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + }, + { + "refsource": "MISC", + "name": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Priv%20Esc%20-%20Save%20Edit%20User%20-%20AC%20Takeover.pdf", + "url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Priv%20Esc%20-%20Save%20Edit%20User%20-%20AC%20Takeover.pdf" } ] } diff --git a/2024/44xxx/CVE-2024-44445.json b/2024/44xxx/CVE-2024-44445.json index d22d0b7ba6c..97a25002c97 100644 --- a/2024/44xxx/CVE-2024-44445.json +++ b/2024/44xxx/CVE-2024-44445.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-44445", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-44445", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in BSC Smart Contract 0x0506e571aba3dd4c9d71bed479a4e6d40d95c833. Attackers are able to perform state manipulation attacks by borrowing a large amount of money and then using this amount to inflate the token balance in the token pair, leading to increased profits without cost." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/shuo-young/fcb18cca532ff26de0fe3a18cc5555b6", + "url": "https://gist.github.com/shuo-young/fcb18cca532ff26de0fe3a18cc5555b6" } ] } diff --git a/2024/45xxx/CVE-2024-45800.json b/2024/45xxx/CVE-2024-45800.json index 54b15bf069c..a975e38e871 100644 --- a/2024/45xxx/CVE-2024-45800.json +++ b/2024/45xxx/CVE-2024-45800.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Snappymail is an open source web-based email client. SnappyMail uses the `cleanHtml()` function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many (invalid) HTML elements, it was possible (with incorrect markup) to trick the browser to \"fix\" the broken markup into valid markup. As a result a motivated attacker may be able to inject javascript. However, due to the default Content Security Policy the impact of the exploit is minimal. It could be possible to create an attack which leaks some data when loading images through the proxy.\nThis way it might be possible to use the proxy to attack the local system, like with `http://localhost:5000/leak`. Another attack could be to load a JavaScript attachment of the email. This is very tricky as the email must link to every possible UID as each email has a unique UID which has a value between 1 and 18446744073709551615 **v2.38.0** and up now remove unsupported HTML elements which mitigates the issue. Users are advised to upgrade. Older versions can install an extension named \"Security mXSS\" as a mitigation. This will be available at the administration area at `/?admin#/packages`. **NOTE:** this extension can not \"fix\" malicious code in encrypted messages or (html) attachments as it can't manipulate the JavaScript code for this. It only protects normal message HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "the-djmaze", + "product": { + "product_data": [ + { + "product_name": "snappymail", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.38.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/the-djmaze/snappymail/security/advisories/GHSA-2rq7-79vp-ffxm", + "refsource": "MISC", + "name": "https://github.com/the-djmaze/snappymail/security/advisories/GHSA-2rq7-79vp-ffxm" + }, + { + "url": "https://github.com/the-djmaze/snappymail/commit/cfbc47488a6b2e2ae4be484f501ee1a3485f542e", + "refsource": "MISC", + "name": "https://github.com/the-djmaze/snappymail/commit/cfbc47488a6b2e2ae4be484f501ee1a3485f542e" + }, + { + "url": "https://github.com/the-djmaze/snappymail/blob/master/dev/Common/Html.js", + "refsource": "MISC", + "name": "https://github.com/the-djmaze/snappymail/blob/master/dev/Common/Html.js" + } + ] + }, + "source": { + "advisory": "GHSA-2rq7-79vp-ffxm", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/47xxx/CVE-2024-47022.json b/2024/47xxx/CVE-2024-47022.json new file mode 100644 index 00000000000..6f1931bd459 --- /dev/null +++ b/2024/47xxx/CVE-2024-47022.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47022", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47023.json b/2024/47xxx/CVE-2024-47023.json new file mode 100644 index 00000000000..4fe4b2cf4d8 --- /dev/null +++ b/2024/47xxx/CVE-2024-47023.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47023", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47024.json b/2024/47xxx/CVE-2024-47024.json new file mode 100644 index 00000000000..eafd73818db --- /dev/null +++ b/2024/47xxx/CVE-2024-47024.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47024", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47025.json b/2024/47xxx/CVE-2024-47025.json new file mode 100644 index 00000000000..464d838e662 --- /dev/null +++ b/2024/47xxx/CVE-2024-47025.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47025", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47026.json b/2024/47xxx/CVE-2024-47026.json new file mode 100644 index 00000000000..04a3a0e4f27 --- /dev/null +++ b/2024/47xxx/CVE-2024-47026.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47026", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47027.json b/2024/47xxx/CVE-2024-47027.json new file mode 100644 index 00000000000..f26d8d3507b --- /dev/null +++ b/2024/47xxx/CVE-2024-47027.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47027", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47028.json b/2024/47xxx/CVE-2024-47028.json new file mode 100644 index 00000000000..0f7de8f2c0b --- /dev/null +++ b/2024/47xxx/CVE-2024-47028.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47028", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47029.json b/2024/47xxx/CVE-2024-47029.json new file mode 100644 index 00000000000..89a2c01a5f2 --- /dev/null +++ b/2024/47xxx/CVE-2024-47029.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47029", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47030.json b/2024/47xxx/CVE-2024-47030.json new file mode 100644 index 00000000000..5a7e29a23da --- /dev/null +++ b/2024/47xxx/CVE-2024-47030.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47030", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47031.json b/2024/47xxx/CVE-2024-47031.json new file mode 100644 index 00000000000..2e60ce41347 --- /dev/null +++ b/2024/47xxx/CVE-2024-47031.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47031", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47032.json b/2024/47xxx/CVE-2024-47032.json new file mode 100644 index 00000000000..e1c28983b5a --- /dev/null +++ b/2024/47xxx/CVE-2024-47032.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47032", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47033.json b/2024/47xxx/CVE-2024-47033.json new file mode 100644 index 00000000000..0c4cfcf7ba8 --- /dev/null +++ b/2024/47xxx/CVE-2024-47033.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47033", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47034.json b/2024/47xxx/CVE-2024-47034.json new file mode 100644 index 00000000000..de9a9b7be7a --- /dev/null +++ b/2024/47xxx/CVE-2024-47034.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47034", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47035.json b/2024/47xxx/CVE-2024-47035.json new file mode 100644 index 00000000000..68c86fc0d6c --- /dev/null +++ b/2024/47xxx/CVE-2024-47035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47036.json b/2024/47xxx/CVE-2024-47036.json new file mode 100644 index 00000000000..ac3539af3eb --- /dev/null +++ b/2024/47xxx/CVE-2024-47036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47037.json b/2024/47xxx/CVE-2024-47037.json new file mode 100644 index 00000000000..e61842a3774 --- /dev/null +++ b/2024/47xxx/CVE-2024-47037.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47037", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47038.json b/2024/47xxx/CVE-2024-47038.json new file mode 100644 index 00000000000..845f017a61c --- /dev/null +++ b/2024/47xxx/CVE-2024-47038.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47038", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47039.json b/2024/47xxx/CVE-2024-47039.json new file mode 100644 index 00000000000..8b97e0737b8 --- /dev/null +++ b/2024/47xxx/CVE-2024-47039.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47039", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47040.json b/2024/47xxx/CVE-2024-47040.json new file mode 100644 index 00000000000..8eb17e09552 --- /dev/null +++ b/2024/47xxx/CVE-2024-47040.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47040", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47041.json b/2024/47xxx/CVE-2024-47041.json new file mode 100644 index 00000000000..f69ab674de5 --- /dev/null +++ b/2024/47xxx/CVE-2024-47041.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47041", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5154.json b/2024/5xxx/CVE-2024-5154.json index fbb69e2e32d..6ad29e10aed 100644 --- a/2024/5xxx/CVE-2024-5154.json +++ b/2024/5xxx/CVE-2024-5154.json @@ -107,7 +107,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.28.7-2.rhaos4.15.git111aec5.el9", + "version": "0:1.28.7-2.rhaos4.15.git111aec5.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" diff --git a/2024/8xxx/CVE-2024-8766.json b/2024/8xxx/CVE-2024-8766.json index d871b3280b4..91d832a85e9 100644 --- a/2024/8xxx/CVE-2024-8766.json +++ b/2024/8xxx/CVE-2024-8766.json @@ -1,17 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8766", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@acronis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Acronis", + "product": { + "product_data": [ + { + "product_name": "Acronis Cyber Protect Cloud Agent", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "38235" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-7218", + "refsource": "MISC", + "name": "https://security-advisory.acronis.com/advisories/SEC-7218" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "@satz4797 (https://hackerone.com/satz4797)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.0", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ] } diff --git a/2024/8xxx/CVE-2024-8902.json b/2024/8xxx/CVE-2024-8902.json new file mode 100644 index 00000000000..f8909f442dd --- /dev/null +++ b/2024/8xxx/CVE-2024-8902.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8902", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8903.json b/2024/8xxx/CVE-2024-8903.json new file mode 100644 index 00000000000..9b625a3d6fd --- /dev/null +++ b/2024/8xxx/CVE-2024-8903.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8903", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file