diff --git a/2023/0xxx/CVE-2023-0076.json b/2023/0xxx/CVE-2023-0076.json index f9e9d1d5049..bac09dff260 100644 --- a/2023/0xxx/CVE-2023-0076.json +++ b/2023/0xxx/CVE-2023-0076.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The Download Attachments WordPress plugin through 1.2.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + "value": "The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." } ] }, @@ -39,18 +39,9 @@ "version": { "version_data": [ { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "status": "affected", - "versionType": "custom", - "version": "0", - "lessThanOrEqual": "1.2.24" - } - ], - "defaultStatus": "affected" - } + "version_affected": "<", + "version_name": "0", + "version_value": "1.3" } ] } @@ -64,9 +55,9 @@ "references": { "reference_data": [ { - "url": "https://wpscan.com/vulnerability/a0a44f8a-877c-40df-a3ba-b9b806ffb772", + "url": "https://wpscan.com/vulnerability/a0a44f8a-877c-40df-a3ba-b9b806ffb772/", "refsource": "MISC", - "name": "https://wpscan.com/vulnerability/a0a44f8a-877c-40df-a3ba-b9b806ffb772" + "name": "https://wpscan.com/vulnerability/a0a44f8a-877c-40df-a3ba-b9b806ffb772/" } ] }, diff --git a/2023/6xxx/CVE-2023-6072.json b/2023/6xxx/CVE-2023-6072.json index 1c0387b98bb..99a57b5265b 100644 --- a/2023/6xxx/CVE-2023-6072.json +++ b/2023/6xxx/CVE-2023-6072.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6072", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "trellixpsirt@trellix.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nA cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Trellix", + "product": { + "product_data": [ + { + "product_name": "Trellix Central Management (CM)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": " Prior to 9.1.3.97129" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://docs.trellix.com/bundle/cm_9-1-5_rn/page/UUID-fad8a50f-6f6f-e970-f418-06494a30932e.html", + "refsource": "MISC", + "name": "https://docs.trellix.com/bundle/cm_9-1-5_rn/page/UUID-fad8a50f-6f6f-e970-f418-06494a30932e.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Intilangelo" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0553.json b/2024/0xxx/CVE-2024-0553.json index 7a9b165eec5..900588a400b 100644 --- a/2024/0xxx/CVE-2024-0553.json +++ b/2024/0xxx/CVE-2024-0553.json @@ -95,6 +95,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:3.6.16-7.el8_8.2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -199,6 +220,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0627" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0796", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0796" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0553", "refsource": "MISC", @@ -214,6 +240,11 @@ "refsource": "MISC", "name": "https://gitlab.com/gnutls/gnutls/-/issues/1522" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", "refsource": "MISC", @@ -228,11 +259,6 @@ "url": "https://security.netapp.com/advisory/ntap-20240202-0011/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20240202-0011/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/" } ] }, diff --git a/2024/1xxx/CVE-2024-1157.json b/2024/1xxx/CVE-2024-1157.json index 59e85eaa1af..5b358feb710 100644 --- a/2024/1xxx/CVE-2024-1157.json +++ b/2024/1xxx/CVE-2024-1157.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1157", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "boldthemes", + "product": { + "product_data": [ + { + "product_name": "Bold Page Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e166a7db-45f7-4a0d-9966-dbec9ade204a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e166a7db-45f7-4a0d-9966-dbec9ade204a?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/bold-page-builder/trunk/content_elements/bt_bb_button/bt_bb_button.php#L161", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/bold-page-builder/trunk/content_elements/bt_bb_button/bt_bb_button.php#L161" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Mdr001" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/1xxx/CVE-2024-1159.json b/2024/1xxx/CVE-2024-1159.json index a5e48f46d96..d3ecb4edd4e 100644 --- a/2024/1xxx/CVE-2024-1159.json +++ b/2024/1xxx/CVE-2024-1159.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1159", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "boldthemes", + "product": { + "product_data": [ + { + "product_name": "Bold Page Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e71386ea-0546-4aa7-b77a-e1824e80accc?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e71386ea-0546-4aa7-b77a-e1824e80accc?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Maxuel" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/1xxx/CVE-2024-1160.json b/2024/1xxx/CVE-2024-1160.json index 330a0174960..5700da21bd9 100644 --- a/2024/1xxx/CVE-2024-1160.json +++ b/2024/1xxx/CVE-2024-1160.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1160", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "boldthemes", + "product": { + "product_data": [ + { + "product_name": "Bold Page Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/818d3418-8e14-49b9-a112-8eab9eb3c283?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/818d3418-8e14-49b9-a112-8eab9eb3c283?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wesley" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/22xxx/CVE-2024-22042.json b/2024/22xxx/CVE-2024-22042.json index cd162647e5b..01339ec7a6a 100644 --- a/2024/22xxx/CVE-2024-22042.json +++ b/2024/22xxx/CVE-2024-22042.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22042", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-648: Incorrect Use of Privileged APIs", + "cweId": "CWE-648" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Unicam FX", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-543502.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-543502.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/22xxx/CVE-2024-22043.json b/2024/22xxx/CVE-2024-22043.json index 7b136364bb2..e0c1da1a73c 100644 --- a/2024/22xxx/CVE-2024-22043.json +++ b/2024/22xxx/CVE-2024-22043.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22043", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XT files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Parasolid V35.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V35.0.251" + } + ] + } + }, + { + "product_name": "Parasolid V35.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V35.1.170" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-797296.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-797296.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", + "baseScore": 3.3, + "baseSeverity": "LOW" } ] } diff --git a/2024/23xxx/CVE-2024-23795.json b/2024/23xxx/CVE-2024-23795.json index cb0eff49b6f..fb5e7a32786 100644 --- a/2024/23xxx/CVE-2024-23795.json +++ b/2024/23xxx/CVE-2024-23795.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23795", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Tecnomatix Plant Simulation V2201", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2201.0012" + } + ] + } + }, + { + "product_name": "Tecnomatix Plant Simulation V2302", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2302.0006" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23796.json b/2024/23xxx/CVE-2024-23796.json index aaf5cfa139b..a7f4cb5b097 100644 --- a/2024/23xxx/CVE-2024-23796.json +++ b/2024/23xxx/CVE-2024-23796.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23796", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Tecnomatix Plant Simulation V2201", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2201.0012" + } + ] + } + }, + { + "product_name": "Tecnomatix Plant Simulation V2302", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2302.0006" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23797.json b/2024/23xxx/CVE-2024-23797.json index 7bc0f13346c..ed40be31365 100644 --- a/2024/23xxx/CVE-2024-23797.json +++ b/2024/23xxx/CVE-2024-23797.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23797", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Tecnomatix Plant Simulation V2201", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2201.0012" + } + ] + } + }, + { + "product_name": "Tecnomatix Plant Simulation V2302", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2302.0006" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23798.json b/2024/23xxx/CVE-2024-23798.json index 0599b5810fc..5db8d36667b 100644 --- a/2024/23xxx/CVE-2024-23798.json +++ b/2024/23xxx/CVE-2024-23798.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23798", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Tecnomatix Plant Simulation V2201", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2201.0012" + } + ] + } + }, + { + "product_name": "Tecnomatix Plant Simulation V2302", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2302.0006" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23799.json b/2024/23xxx/CVE-2024-23799.json index da34b298019..aec3e797085 100644 --- a/2024/23xxx/CVE-2024-23799.json +++ b/2024/23xxx/CVE-2024-23799.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23799", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Tecnomatix Plant Simulation V2201", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Tecnomatix Plant Simulation V2302", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2302.0007" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", + "baseScore": 3.3, + "baseSeverity": "LOW" } ] } diff --git a/2024/23xxx/CVE-2024-23800.json b/2024/23xxx/CVE-2024-23800.json index 77c09e1c332..4caa44f1329 100644 --- a/2024/23xxx/CVE-2024-23800.json +++ b/2024/23xxx/CVE-2024-23800.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Tecnomatix Plant Simulation V2201", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Tecnomatix Plant Simulation V2302", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2302.0007" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", + "baseScore": 3.3, + "baseSeverity": "LOW" } ] } diff --git a/2024/23xxx/CVE-2024-23801.json b/2024/23xxx/CVE-2024-23801.json index c68995a8e29..91468f4e1bf 100644 --- a/2024/23xxx/CVE-2024-23801.json +++ b/2024/23xxx/CVE-2024-23801.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23801", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Tecnomatix Plant Simulation V2201", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Tecnomatix Plant Simulation V2302", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2302.0007" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", + "baseScore": 3.3, + "baseSeverity": "LOW" } ] } diff --git a/2024/23xxx/CVE-2024-23802.json b/2024/23xxx/CVE-2024-23802.json index 9e9d9e713dd..aa7f89ade13 100644 --- a/2024/23xxx/CVE-2024-23802.json +++ b/2024/23xxx/CVE-2024-23802.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Tecnomatix Plant Simulation V2201", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2201.0012" + } + ] + } + }, + { + "product_name": "Tecnomatix Plant Simulation V2302", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2302.0006" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23803.json b/2024/23xxx/CVE-2024-23803.json index 0454e5dc3c8..39c87f43512 100644 --- a/2024/23xxx/CVE-2024-23803.json +++ b/2024/23xxx/CVE-2024-23803.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23803", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Tecnomatix Plant Simulation V2201", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Tecnomatix Plant Simulation V2302", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2302.0007" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23804.json b/2024/23xxx/CVE-2024-23804.json index 76cce7dcc3e..7b9e1831511 100644 --- a/2024/23xxx/CVE-2024-23804.json +++ b/2024/23xxx/CVE-2024-23804.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23804", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted PSOBJ files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Tecnomatix Plant Simulation V2201", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2201.0012" + } + ] + } + }, + { + "product_name": "Tecnomatix Plant Simulation V2302", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2302.0006" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23810.json b/2024/23xxx/CVE-2024-23810.json index b6b818175be..49a9e96df5c 100644 --- a/2024/23xxx/CVE-2024-23810.json +++ b/2024/23xxx/CVE-2024-23810.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23810", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SINEC NMS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.0 SP1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23811.json b/2024/23xxx/CVE-2024-23811.json index 174516b25f2..4c9a99200bc 100644 --- a/2024/23xxx/CVE-2024-23811.json +++ b/2024/23xxx/CVE-2024-23811.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23811", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434: Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SINEC NMS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.0 SP1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23812.json b/2024/23xxx/CVE-2024-23812.json index 1b90f2e3bfd..abf83eb8acc 100644 --- a/2024/23xxx/CVE-2024-23812.json +++ b/2024/23xxx/CVE-2024-23812.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23812", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SINEC NMS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.0 SP1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23813.json b/2024/23xxx/CVE-2024-23813.json index 69c2618586d..14c99ee94fd 100644 --- a/2024/23xxx/CVE-2024-23813.json +++ b/2024/23xxx/CVE-2024-23813.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23813", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Polarion ALM (All versions). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Polarion ALM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", + "baseScore": 7.3, + "baseSeverity": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23816.json b/2024/23xxx/CVE-2024-23816.json index acedfe6d8aa..f63fbaeb519 100644 --- a/2024/23xxx/CVE-2024-23816.json +++ b/2024/23xxx/CVE-2024-23816.json @@ -1,17 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23816", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798: Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Location Intelligence Perpetual Large", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V4.3" + } + ] + } + }, + { + "product_name": "Location Intelligence Perpetual Medium", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V4.3" + } + ] + } + }, + { + "product_name": "Location Intelligence Perpetual Non-Prod", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V4.3" + } + ] + } + }, + { + "product_name": "Location Intelligence Perpetual Small", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V4.3" + } + ] + } + }, + { + "product_name": "Location Intelligence SUS Large", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V4.3" + } + ] + } + }, + { + "product_name": "Location Intelligence SUS Medium", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V4.3" + } + ] + } + }, + { + "product_name": "Location Intelligence SUS Non-Prod", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V4.3" + } + ] + } + }, + { + "product_name": "Location Intelligence SUS Small", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V4.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-580228.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-580228.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/24xxx/CVE-2024-24920.json b/2024/24xxx/CVE-2024-24920.json index d3745d912c9..d97e5dc69b1 100644 --- a/2024/24xxx/CVE-2024-24920.json +++ b/2024/24xxx/CVE-2024-24920.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24920", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21710)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2401.0000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/24xxx/CVE-2024-24921.json b/2024/24xxx/CVE-2024-24921.json index 9c1c05fb6f2..cbd7650ae44 100644 --- a/2024/24xxx/CVE-2024-24921.json +++ b/2024/24xxx/CVE-2024-24921.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24921", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2401.0000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/24xxx/CVE-2024-24922.json b/2024/24xxx/CVE-2024-24922.json index f23b202c4e1..907133339f0 100644 --- a/2024/24xxx/CVE-2024-24922.json +++ b/2024/24xxx/CVE-2024-24922.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24922", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21715)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2401.0000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/24xxx/CVE-2024-24923.json b/2024/24xxx/CVE-2024-24923.json index 7e45976ca6e..6393ab41166 100644 --- a/2024/24xxx/CVE-2024-24923.json +++ b/2024/24xxx/CVE-2024-24923.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24923", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22055)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2401.0000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/24xxx/CVE-2024-24924.json b/2024/24xxx/CVE-2024-24924.json index 68e434e4f6e..2da9c224aff 100644 --- a/2024/24xxx/CVE-2024-24924.json +++ b/2024/24xxx/CVE-2024-24924.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24924", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22059)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2306.0000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/24xxx/CVE-2024-24925.json b/2024/24xxx/CVE-2024-24925.json index f64d633d08f..720a120c1a8 100644 --- a/2024/24xxx/CVE-2024-24925.json +++ b/2024/24xxx/CVE-2024-24925.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24925", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-824: Access of Uninitialized Pointer", + "cweId": "CWE-824" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2306.0000" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/25xxx/CVE-2024-25973.json b/2024/25xxx/CVE-2024-25973.json new file mode 100644 index 00000000000..9c5fa63f296 --- /dev/null +++ b/2024/25xxx/CVE-2024-25973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25974.json b/2024/25xxx/CVE-2024-25974.json new file mode 100644 index 00000000000..23aed35cc23 --- /dev/null +++ b/2024/25xxx/CVE-2024-25974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25975.json b/2024/25xxx/CVE-2024-25975.json new file mode 100644 index 00000000000..27aa772b10a --- /dev/null +++ b/2024/25xxx/CVE-2024-25975.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25975", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25976.json b/2024/25xxx/CVE-2024-25976.json new file mode 100644 index 00000000000..9dccecc2fe1 --- /dev/null +++ b/2024/25xxx/CVE-2024-25976.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25976", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25977.json b/2024/25xxx/CVE-2024-25977.json new file mode 100644 index 00000000000..de51b3cb393 --- /dev/null +++ b/2024/25xxx/CVE-2024-25977.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25977", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file