diff --git a/2023/38xxx/CVE-2023-38944.json b/2023/38xxx/CVE-2023-38944.json
index 3698f6ef137..ec4bbe37364 100644
--- a/2023/38xxx/CVE-2023-38944.json
+++ b/2023/38xxx/CVE-2023-38944.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-38944",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-38944",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://seclists.org/fulldisclosure/2024/Mar/0",
+ "url": "https://seclists.org/fulldisclosure/2024/Mar/0"
}
]
}
diff --git a/2023/43xxx/CVE-2023-43318.json b/2023/43xxx/CVE-2023-43318.json
index 35f4139b4be..bc97630c509 100644
--- a/2023/43xxx/CVE-2023-43318.json
+++ b/2023/43xxx/CVE-2023-43318.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-43318",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-43318",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/str2ver/CVE-2023-43318/tree/main",
+ "url": "https://github.com/str2ver/CVE-2023-43318/tree/main"
+ },
+ {
+ "refsource": "FULLDISC",
+ "name": "20240302 JetStream Smart Switch - TL-SG2210P v5.0/ Improper Access Control / CVE-2023-43318",
+ "url": "https://seclists.org/fulldisclosure/2024/Mar/9"
}
]
}
diff --git a/2023/44xxx/CVE-2023-44186.json b/2023/44xxx/CVE-2023-44186.json
index 7fc9c820115..24f84534185 100644
--- a/2023/44xxx/CVE-2023-44186.json
+++ b/2023/44xxx/CVE-2023-44186.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "\nAn Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.\n\nThis issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions prior to 22.2R3-S2-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n * 23.2 versions prior to 23.2R2-EVO.\n\n\n\n\n\n\n"
+ "value": "\nAn Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.\n\nThis issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions prior to 22.2R3-S2-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n"
}
]
},
@@ -91,11 +91,6 @@
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R2-S1, 22.4R3"
- },
- {
- "version_affected": "<",
- "version_name": "23.2",
- "version_value": "23.2R2"
}
]
}
@@ -148,11 +143,6 @@
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R2-S1-EVO, 22.4R3-EVO"
- },
- {
- "version_affected": "<",
- "version_name": "23.2",
- "version_value": "23.2R2-EVO"
}
]
}
@@ -198,14 +188,7 @@
"work_around": [
{
"lang": "en",
- "supportingMedia": [
- {
- "base64": false,
- "type": "text/html",
- "value": "Current operational and security best practices, such as limiting the AS PATH length, should mitigate risk of this issue.
Below is an example configuration to limit AS PATH to 30 entries:
set groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from protocol bgp
set groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from as-path 31as
set groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 then reject
set groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 then accept
set groups BASE-POLICY policy-options policy-statement Customer-IN term MaxAS-Limit from policy MaxAS-Limit-30
set groups BASE-BGP protocols bgp group <*-CUSTOMER> import Customer-IN
set groups BASE-PREFIX-LISTS policy-options as-path 31as \".{31,}\""
- }
- ],
- "value": "Current operational and security best practices, such as limiting the AS PATH length, should mitigate risk of this issue.\n\nBelow is an example configuration to limit AS PATH to 30 entries:\n\n set groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from protocol bgp\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from as-path 31as\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 then reject\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 then accept\nset groups BASE-POLICY policy-options policy-statement Customer-IN term MaxAS-Limit from policy MaxAS-Limit-30\nset groups BASE-BGP protocols bgp group <*-CUSTOMER> import Customer-IN\nset groups BASE-PREFIX-LISTS policy-options as-path 31as \".{31,}\""
+ "value": "Current operational and security best practices, such as limiting the AS PATH length, should mitigate risk of this issue.\n\nBelow is an example configuration to limit AS PATH to 30 entries:\n\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from protocol bgp\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from as-path 31as\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 then reject\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 then accept\nset groups BASE-POLICY policy-options policy-statement Customer-IN term MaxAS-Limit from policy MaxAS-Limit-30\nset groups BASE-BGP protocols bgp group <*-CUSTOMER> import Customer-IN\nset groups BASE-PREFIX-LISTS policy-options as-path 31as \".{31,}\""
}
],
"exploit": [
@@ -228,10 +211,10 @@
{
"base64": false,
"type": "text/html",
- "value": "The following software releases have been updated to resolve this specific issue:
Junos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R2, 23.3R1, and all subsequent releases.
Junos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.
"
+ "value": "The following software releases have been updated to resolve this specific issue:
Junos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R1, and all subsequent releases.
Junos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.
"
}
],
- "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R2, 23.3R1, and all subsequent releases.\n\nJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.\n\n"
+ "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R1, and all subsequent releases.\n\nJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"
}
],
"impact": {
diff --git a/2024/22xxx/CVE-2024-22889.json b/2024/22xxx/CVE-2024-22889.json
index f4dab54dbef..82513854dbe 100644
--- a/2024/22xxx/CVE-2024-22889.json
+++ b/2024/22xxx/CVE-2024-22889.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-22889",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-22889",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9",
+ "url": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9"
}
]
}
diff --git a/2024/24xxx/CVE-2024-24806.json b/2024/24xxx/CVE-2024-24806.json
index 08343de4add..20ddbc6b5a2 100644
--- a/2024/24xxx/CVE-2024-24806.json
+++ b/2024/24xxx/CVE-2024-24806.json
@@ -88,6 +88,11 @@
"url": "http://www.openwall.com/lists/oss-security/2024/02/11/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/02/11/1"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html",
+ "refsource": "MISC",
+ "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html"
}
]
},
diff --git a/2024/25xxx/CVE-2024-25817.json b/2024/25xxx/CVE-2024-25817.json
index ed11c3b8f0b..02d07114c49 100644
--- a/2024/25xxx/CVE-2024-25817.json
+++ b/2024/25xxx/CVE-2024-25817.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-25817",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-25817",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/advisories/GHSA-3qx3-6hxr-j2ch",
+ "url": "https://github.com/advisories/GHSA-3qx3-6hxr-j2ch"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cubeyond.net/blog/my-cves/eza-cve-report",
+ "url": "https://www.cubeyond.net/blog/my-cves/eza-cve-report"
}
]
}
diff --git a/2024/27xxx/CVE-2024-27278.json b/2024/27xxx/CVE-2024-27278.json
index e9782526646..0f87ade173c 100644
--- a/2024/27xxx/CVE-2024-27278.json
+++ b/2024/27xxx/CVE-2024-27278.json
@@ -1,17 +1,67 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27278",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vultures@jpcert.or.jp",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "OpenPNE Plugin \"opTimelinePlugin\" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS)"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "OpenPNE Project",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "OpenPNE Plugin \"opTimelinePlugin\"",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.2.11 and earlier"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "http://www.openpne.jp/archives/13458/",
+ "refsource": "MISC",
+ "name": "http://www.openpne.jp/archives/13458/"
+ },
+ {
+ "url": "https://jvn.jp/en/jp/JVN78084105/",
+ "refsource": "MISC",
+ "name": "https://jvn.jp/en/jp/JVN78084105/"
}
]
}