From fdd0fd06a3f1ac4e68064a0ad2876b87705c4f32 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 18 Aug 2024 09:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/42xxx/CVE-2024-42318.json | 10 ++++ 2024/7xxx/CVE-2024-7904.json | 100 +++++++++++++++++++++++++++++++-- 2024/7xxx/CVE-2024-7916.json | 18 ++++++ 2024/7xxx/CVE-2024-7917.json | 18 ++++++ 4 files changed, 142 insertions(+), 4 deletions(-) create mode 100644 2024/7xxx/CVE-2024-7916.json create mode 100644 2024/7xxx/CVE-2024-7917.json diff --git a/2024/42xxx/CVE-2024-42318.json b/2024/42xxx/CVE-2024-42318.json index 5354b9a8402..0760661e61d 100644 --- a/2024/42xxx/CVE-2024-42318.json +++ b/2024/42xxx/CVE-2024-42318.json @@ -120,6 +120,16 @@ "url": "https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/", "refsource": "MISC", "name": "https://lore.kernel.org/all/20240817.shahka3Ee1iy@digikod.net/" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2024/08/17/2", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2024/08/17/2" + }, + { + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2566", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2566" } ] }, diff --git a/2024/7xxx/CVE-2024-7904.json b/2024/7xxx/CVE-2024-7904.json index 5348124cecd..76eac021e5c 100644 --- a/2024/7xxx/CVE-2024-7904.json +++ b/2024/7xxx/CVE-2024-7904.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7904", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/file_manage_control.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in DedeBIZ 6.3.0 ausgemacht. Davon betroffen ist unbekannter Code der Datei admin/file_manage_control.php der Komponente File Extension Handler. Durch Manipulieren des Arguments upfile1 mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "DedeBIZ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.275030", + "refsource": "MISC", + "name": "https://vuldb.com/?id.275030" + }, + { + "url": "https://vuldb.com/?ctiid.275030", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.275030" + }, + { + "url": "https://vuldb.com/?submit.388361", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.388361" + }, + { + "url": "https://github.com/DeepMountains/Mirage/blob/main/CVE17-2.md", + "refsource": "MISC", + "name": "https://github.com/DeepMountains/Mirage/blob/main/CVE17-2.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Dee.Mirage (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/7xxx/CVE-2024-7916.json b/2024/7xxx/CVE-2024-7916.json new file mode 100644 index 00000000000..29b215e776f --- /dev/null +++ b/2024/7xxx/CVE-2024-7916.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7916", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7917.json b/2024/7xxx/CVE-2024-7917.json new file mode 100644 index 00000000000..4b78a2d639e --- /dev/null +++ b/2024/7xxx/CVE-2024-7917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file