From 10538e1f3b905cc5499cefccc9b7b46a9b719732 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Sep 2024 15:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/25xxx/CVE-2023-25493.json | 8 +-- 2023/2xxx/CVE-2023-2042.json | 47 ++++++++++++-- 2023/2xxx/CVE-2023-2290.json | 8 +-- 2023/2xxx/CVE-2023-2992.json | 8 +-- 2023/3xxx/CVE-2023-3961.json | 10 --- 2023/42xxx/CVE-2023-42669.json | 5 -- 2023/43xxx/CVE-2023-43785.json | 5 -- 2023/43xxx/CVE-2023-43786.json | 15 ----- 2023/43xxx/CVE-2023-43787.json | 15 ----- 2023/43xxx/CVE-2023-43788.json | 25 ------- 2023/43xxx/CVE-2023-43789.json | 20 ------ 2023/4xxx/CVE-2023-4091.json | 15 ----- 2023/5xxx/CVE-2023-5078.json | 8 +-- 2023/5xxx/CVE-2023-5080.json | 10 +-- 2023/5xxx/CVE-2023-5081.json | 10 +-- 2023/5xxx/CVE-2023-5115.json | 5 -- 2024/39xxx/CVE-2024-39772.json | 115 +++++++++++++++++++++++++++++++-- 2024/42xxx/CVE-2024-42485.json | 6 +- 2024/45xxx/CVE-2024-45835.json | 115 +++++++++++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6401.json | 77 ++++++++++++++++++++-- 2024/7xxx/CVE-2024-7098.json | 81 +++++++++++++++++++++-- 2024/7xxx/CVE-2024-7104.json | 77 ++++++++++++++++++++-- 2024/8xxx/CVE-2024-8894.json | 18 ++++++ 2024/8xxx/CVE-2024-8895.json | 18 ++++++ 2024/8xxx/CVE-2024-8896.json | 18 ++++++ 25 files changed, 569 insertions(+), 170 deletions(-) create mode 100644 2024/8xxx/CVE-2024-8894.json create mode 100644 2024/8xxx/CVE-2024-8895.json create mode 100644 2024/8xxx/CVE-2024-8896.json diff --git a/2023/25xxx/CVE-2023-25493.json b/2023/25xxx/CVE-2023-25493.json index 3e2deca179a..10343e097f9 100644 --- a/2023/25xxx/CVE-2023-25493.json +++ b/2023/25xxx/CVE-2023-25493.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "\nA potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code. \n\n" + "value": "A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-287 Improper Authentication", - "cweId": "CWE-287" + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" } ] } @@ -77,7 +77,7 @@ "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775" } ], - "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 " + "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "credits": [ diff --git a/2023/2xxx/CVE-2023-2042.json b/2023/2xxx/CVE-2023-2042.json index b564124ca3f..519be943625 100644 --- a/2023/2xxx/CVE-2023-2042.json +++ b/2023/2xxx/CVE-2023-2042.json @@ -11,11 +11,11 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, has been found in DataGear up to 4.5.1. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability, which was classified as problematic, has been found in DataGear up to 4.7.0/5.1.0. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "deu", - "value": "Eine problematische Schwachstelle wurde in DataGear bis 4.5.1 entdeckt. Davon betroffen ist unbekannter Code der Komponente JDBC Server Handler. Mit der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + "value": "Eine problematische Schwachstelle wurde in DataGear bis 4.7.0/5.1.0 entdeckt. Davon betroffen ist unbekannter Code der Komponente JDBC Server Handler. Mit der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ] }, @@ -25,7 +25,7 @@ "description": [ { "lang": "eng", - "value": "CWE-502 Deserialization", + "value": "Deserialization", "cweId": "CWE-502" } ] @@ -45,11 +45,43 @@ "version_data": [ { "version_affected": "=", - "version_value": "4.5.0" + "version_value": "4.0" }, { "version_affected": "=", - "version_value": "4.5.1" + "version_value": "4.1" + }, + { + "version_affected": "=", + "version_value": "4.2" + }, + { + "version_affected": "=", + "version_value": "4.3" + }, + { + "version_affected": "=", + "version_value": "4.4" + }, + { + "version_affected": "=", + "version_value": "4.5" + }, + { + "version_affected": "=", + "version_value": "4.6" + }, + { + "version_affected": "=", + "version_value": "4.7" + }, + { + "version_affected": "=", + "version_value": "5.0" + }, + { + "version_affected": "=", + "version_value": "5.1" } ] } @@ -72,6 +104,11 @@ "refsource": "MISC", "name": "https://vuldb.com/?ctiid.225920" }, + { + "url": "https://vuldb.com/?submit.109292", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.109292" + }, { "url": "https://github.com/yangyanglo/ForCVE/blob/main/2023-0x06.md", "refsource": "MISC", diff --git a/2023/2xxx/CVE-2023-2290.json b/2023/2xxx/CVE-2023-2290.json index 79ec8340961..56f1f3f7274 100644 --- a/2023/2xxx/CVE-2023-2290.json +++ b/2023/2xxx/CVE-2023-2290.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", - "cweId": "CWE-119" + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" } ] } @@ -36,7 +36,7 @@ "product": { "product_data": [ { - "product_name": "ThinkPad ", + "product_name": "ThinkPad", "version": { "version_data": [ { @@ -77,7 +77,7 @@ "value": "Update system firmware to the version (or newer) indicated for your model in the Lenovo Product Security Advisory: https://support.lenovo.com/us/en/product_security/LEN-106014" } ], - "value": "Update system firmware to the version (or newer) indicated for your model in the Lenovo Product Security Advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-106014 https://support.lenovo.com/us/en/product_security/LEN-106014 " + "value": "Update system firmware to the version (or newer) indicated for your model in the Lenovo Product Security Advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-106014" } ], "credits": [ diff --git a/2023/2xxx/CVE-2023-2992.json b/2023/2xxx/CVE-2023-2992.json index ef01977dcb8..c24fc29fb13 100644 --- a/2023/2xxx/CVE-2023-2992.json +++ b/2023/2xxx/CVE-2023-2992.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-400 Uncontrolled Resource Consumption", - "cweId": "CWE-400" + "value": "CWE-405: Asymmetric Resource Consumption (Amplification)", + "cweId": "CWE-405" } ] } @@ -36,7 +36,7 @@ "product": { "product_data": [ { - "product_name": "System Management Module (SMM) ", + "product_name": "System Management Module (SMM)", "version": { "version_data": [ { @@ -88,7 +88,7 @@ "value": "Upgrade to the firmware version (or newer) indicated for your model in the Lenovo Product Security: https://support.lenovo.com/us/en/product_security/LEN-127357" } ], - "value": "Upgrade to the firmware version (or newer) indicated for your model in the Lenovo Product Security:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-127357 https://support.lenovo.com/us/en/product_security/LEN-127357 " + "value": "Upgrade to the firmware version (or newer) indicated for your model in the Lenovo Product Security:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-127357" } ], "impact": { diff --git a/2023/3xxx/CVE-2023-3961.json b/2023/3xxx/CVE-2023-3961.json index d1cf74680e4..0257fba5495 100644 --- a/2023/3xxx/CVE-2023-3961.json +++ b/2023/3xxx/CVE-2023-3961.json @@ -308,16 +308,6 @@ "refsource": "MISC", "name": "https://bugzilla.samba.org/show_bug.cgi?id=15422" }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/" - }, - { - "url": "https://security.netapp.com/advisory/ntap-20231124-0002/", - "refsource": "MISC", - "name": "https://security.netapp.com/advisory/ntap-20231124-0002/" - }, { "url": "https://www.samba.org/samba/security/CVE-2023-3961.html", "refsource": "MISC", diff --git a/2023/42xxx/CVE-2023-42669.json b/2023/42xxx/CVE-2023-42669.json index a3984fa44b4..e5529d14fdd 100644 --- a/2023/42xxx/CVE-2023-42669.json +++ b/2023/42xxx/CVE-2023-42669.json @@ -308,11 +308,6 @@ "refsource": "MISC", "name": "https://bugzilla.samba.org/show_bug.cgi?id=15474" }, - { - "url": "https://security.netapp.com/advisory/ntap-20231124-0002/", - "refsource": "MISC", - "name": "https://security.netapp.com/advisory/ntap-20231124-0002/" - }, { "url": "https://www.samba.org/samba/security/CVE-2023-42669.html", "refsource": "MISC", diff --git a/2023/43xxx/CVE-2023-43785.json b/2023/43xxx/CVE-2023-43785.json index 70857a2b6f9..605c18a7dd4 100644 --- a/2023/43xxx/CVE-2023-43785.json +++ b/2023/43xxx/CVE-2023-43785.json @@ -130,11 +130,6 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242252", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2242252" - }, - { - "url": "https://security.netapp.com/advisory/ntap-20231103-0006/", - "refsource": "MISC", - "name": "https://security.netapp.com/advisory/ntap-20231103-0006/" } ] }, diff --git a/2023/43xxx/CVE-2023-43786.json b/2023/43xxx/CVE-2023-43786.json index 3b0838b7aa9..89fea369d1f 100644 --- a/2023/43xxx/CVE-2023-43786.json +++ b/2023/43xxx/CVE-2023-43786.json @@ -111,11 +111,6 @@ }, "references": { "reference_data": [ - { - "url": "http://www.openwall.com/lists/oss-security/2024/01/24/9", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/01/24/9" - }, { "url": "https://access.redhat.com/errata/RHSA-2024:2145", "refsource": "MISC", @@ -135,16 +130,6 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242253", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2242253" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/" - }, - { - "url": "https://security.netapp.com/advisory/ntap-20231103-0006/", - "refsource": "MISC", - "name": "https://security.netapp.com/advisory/ntap-20231103-0006/" } ] }, diff --git a/2023/43xxx/CVE-2023-43787.json b/2023/43xxx/CVE-2023-43787.json index 55786a20b24..384aea5668e 100644 --- a/2023/43xxx/CVE-2023-43787.json +++ b/2023/43xxx/CVE-2023-43787.json @@ -111,11 +111,6 @@ }, "references": { "reference_data": [ - { - "url": "http://www.openwall.com/lists/oss-security/2024/01/24/9", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/01/24/9" - }, { "url": "https://access.redhat.com/errata/RHSA-2024:2145", "refsource": "MISC", @@ -135,16 +130,6 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242254", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2242254" - }, - { - "url": "https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/", - "refsource": "MISC", - "name": "https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/" - }, - { - "url": "https://security.netapp.com/advisory/ntap-20231103-0006/", - "refsource": "MISC", - "name": "https://security.netapp.com/advisory/ntap-20231103-0006/" } ] }, diff --git a/2023/43xxx/CVE-2023-43788.json b/2023/43xxx/CVE-2023-43788.json index 1cfa36a95c6..d308c667289 100644 --- a/2023/43xxx/CVE-2023-43788.json +++ b/2023/43xxx/CVE-2023-43788.json @@ -174,31 +174,6 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242248", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2242248" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3KFUQT42R7TB4D7RISNSBQFJGLTQGUL/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3KFUQT42R7TB4D7RISNSBQFJGLTQGUL/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFAJTBNO3PAIA6EGZR4PN62H6RLKNDTE/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFAJTBNO3PAIA6EGZR4PN62H6RLKNDTE/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6FARGWN7VWXXWPXYNEEDJLRR3EWFZ3T/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6FARGWN7VWXXWPXYNEEDJLRR3EWFZ3T/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBCLDYUGLDSVV75ECPIBW7JXOB3747/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBCLDYUGLDSVV75ECPIBW7JXOB3747/" } ] }, diff --git a/2023/43xxx/CVE-2023-43789.json b/2023/43xxx/CVE-2023-43789.json index cc26bc2be25..03a19483831 100644 --- a/2023/43xxx/CVE-2023-43789.json +++ b/2023/43xxx/CVE-2023-43789.json @@ -174,26 +174,6 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242249", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2242249" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3KFUQT42R7TB4D7RISNSBQFJGLTQGUL/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3KFUQT42R7TB4D7RISNSBQFJGLTQGUL/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFAJTBNO3PAIA6EGZR4PN62H6RLKNDTE/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFAJTBNO3PAIA6EGZR4PN62H6RLKNDTE/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBCLDYUGLDSVV75ECPIBW7JXOB3747/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBCLDYUGLDSVV75ECPIBW7JXOB3747/" } ] }, diff --git a/2023/4xxx/CVE-2023-4091.json b/2023/4xxx/CVE-2023-4091.json index b3be2afb5ba..bf9e839c424 100644 --- a/2023/4xxx/CVE-2023-4091.json +++ b/2023/4xxx/CVE-2023-4091.json @@ -308,21 +308,6 @@ "refsource": "MISC", "name": "https://bugzilla.samba.org/show_bug.cgi?id=15439" }, - { - "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html", - "refsource": "MISC", - "name": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/" - }, - { - "url": "https://security.netapp.com/advisory/ntap-20231124-0002/", - "refsource": "MISC", - "name": "https://security.netapp.com/advisory/ntap-20231124-0002/" - }, { "url": "https://www.samba.org/samba/security/CVE-2023-4091.html", "refsource": "MISC", diff --git a/2023/5xxx/CVE-2023-5078.json b/2023/5xxx/CVE-2023-5078.json index 2593c5b1226..ae77474d3c9 100644 --- a/2023/5xxx/CVE-2023-5078.json +++ b/2023/5xxx/CVE-2023-5078.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-665 Improper Initialization", - "cweId": "CWE-665" + "value": "CWE-1419: Incorrect Initialization of Resource", + "cweId": "CWE-1419" } ] } @@ -74,10 +74,10 @@ { "base64": false, "type": "text/html", - "value": "\n\nUpdate system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775\n\n
" + "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775\n\n
" } ], - "value": "\nUpdate system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 \n\n\n" + "value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775" } ], "credits": [ diff --git a/2023/5xxx/CVE-2023-5080.json b/2023/5xxx/CVE-2023-5080.json index 9b341bbe07f..bc224eddab0 100644 --- a/2023/5xxx/CVE-2023-5080.json +++ b/2023/5xxx/CVE-2023-5080.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. " + "value": "A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-269 Improper Privilege Management", - "cweId": "CWE-269" + "value": "CWE-266: Incorrect Privilege Assignment", + "cweId": "CWE-266" } ] } @@ -74,10 +74,10 @@ { "base64": false, "type": "text/html", - "value": "\n\nUpdate to the version (or newer) indicated for your model in the Product Impact section in the advisory: https://support.lenovo.com/us/en/product_security/LEN-142135
" + "value": "Update to the version (or newer) indicated for your model in the Product Impact section in the advisory: https://support.lenovo.com/us/en/product_security/LEN-142135
" } ], - "value": "\nUpdate to the version (or newer) indicated for your model in the Product Impact section in the advisory: https://support.lenovo.com/us/en/product_security/LEN-142135 \n" + "value": "Update to the version (or newer) indicated for your model in the Product Impact section in the advisory: https://support.lenovo.com/us/en/product_security/LEN-142135" } ], "credits": [ diff --git a/2023/5xxx/CVE-2023-5081.json b/2023/5xxx/CVE-2023-5081.json index 53f113b91ee..da75e010bb0 100644 --- a/2023/5xxx/CVE-2023-5081.json +++ b/2023/5xxx/CVE-2023-5081.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. " + "value": "An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", - "cweId": "CWE-200" + "value": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere", + "cweId": "CWE-497" } ] } @@ -74,10 +74,10 @@ { "base64": false, "type": "text/html", - "value": "\n\n\n\nUpdate to the version (or newer) indicated for your model in the Product Impact section in the advisory:\n\n
https://support.lenovo.com/us/en/product_security/LEN-142135
" + "value": "Update to the version (or newer) indicated for your model in the Product Impact section in the advisory:\n\n
https://support.lenovo.com/us/en/product_security/LEN-142135
" } ], - "value": "\n\n\nUpdate to the version (or newer) indicated for your model in the Product Impact section in the advisory:\n\n\n https://support.lenovo.com/us/en/product_security/LEN-142135 \n" + "value": "Update to the version (or newer) indicated for your model in the Product Impact section in the advisory:\n\n\n https://support.lenovo.com/us/en/product_security/LEN-142135" } ], "credits": [ diff --git a/2023/5xxx/CVE-2023-5115.json b/2023/5xxx/CVE-2023-5115.json index 524de21246f..6cdad428aa3 100644 --- a/2023/5xxx/CVE-2023-5115.json +++ b/2023/5xxx/CVE-2023-5115.json @@ -158,11 +158,6 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810" - }, - { - "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", - "refsource": "MISC", - "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" } ] }, diff --git a/2024/39xxx/CVE-2024-39772.json b/2024/39xxx/CVE-2024-39772.json index 4961453a114..a049464446a 100644 --- a/2024/39xxx/CVE-2024-39772.json +++ b/2024/39xxx/CVE-2024-39772.json @@ -1,17 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39772", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "responsibledisclosure@mattermost.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mattermost", + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "5.8.0", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "status": "unaffected", + "version": "5.9.0" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://mattermost.com/security-updates", + "refsource": "MISC", + "name": "https://mattermost.com/security-updates" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "MMSA-2024-00372", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-59043" + ], + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Update Mattermost Desktop App to versions 5.9.0 or higher.

" + } + ], + "value": "Update Mattermost Desktop App to versions 5.9.0 or higher." + } + ], + "credits": [ + { + "lang": "en", + "value": "Doyensec" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42485.json b/2024/42xxx/CVE-2024-42485.json index cc1a6392aeb..6edb3310d64 100644 --- a/2024/42xxx/CVE-2024-42485.json +++ b/2024/42xxx/CVE-2024-42485.json @@ -41,7 +41,11 @@ "version_data": [ { "version_affected": "=", - "version_value": "< 2.3.3" + "version_value": ">= 2.0.0-alpha, < 2.3.3" + }, + { + "version_affected": "=", + "version_value": "< 1.1.14" } ] } diff --git a/2024/45xxx/CVE-2024-45835.json b/2024/45xxx/CVE-2024-45835.json index 43337714c53..510a97e1d3a 100644 --- a/2024/45xxx/CVE-2024-45835.json +++ b/2024/45xxx/CVE-2024-45835.json @@ -1,17 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45835", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "responsibledisclosure@mattermost.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693: Protection Mechanism Failure", + "cweId": "CWE-693" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mattermost", + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "5.8.0", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "status": "unaffected", + "version": "5.9.0" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://mattermost.com/security-updates", + "refsource": "MISC", + "name": "https://mattermost.com/security-updates" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "MMSA-2024-00371", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-59045" + ], + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Update Mattermost Desktop App to versions 5.9.0 or higher.

" + } + ], + "value": "Update Mattermost Desktop App to versions 5.9.0 or higher." + } + ], + "credits": [ + { + "lang": "en", + "value": "Doyensec" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.5, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/6xxx/CVE-2024-6401.json b/2024/6xxx/CVE-2024-6401.json index 90edfd67810..7516e56b6c9 100644 --- a/2024/6xxx/CVE-2024-6401.json +++ b/2024/6xxx/CVE-2024-6401.json @@ -1,18 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SFS Consulting", + "product": { + "product_data": [ + { + "product_name": "InsureE GL", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-1475", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-24-1475" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TR-24-1475", + "defect": [ + "TR-24-1475" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Ya\u011f\u0131z KO\u00c7ER" + }, + { + "lang": "en", + "value": "Secure Future Inc." + } + ] } \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7098.json b/2024/7xxx/CVE-2024-7098.json index f71a97045fa..738fc3b614d 100644 --- a/2024/7xxx/CVE-2024-7098.json +++ b/2024/7xxx/CVE-2024-7098.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7098", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 Improper Restriction of XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SFS Consulting", + "product": { + "product_data": [ + { + "product_name": "ww.Winsure", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-1475", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-24-1475" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TR-24-1475", + "defect": [ + "TR-24-1475" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Kaan ATMACA" + }, + { + "lang": "en", + "value": "Berk \u0130MRAN" + }, + { + "lang": "en", + "value": "Secure Future Inc." + } + ] } \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7104.json b/2024/7xxx/CVE-2024-7104.json index f109e14a1b4..d51b4366734 100644 --- a/2024/7xxx/CVE-2024-7104.json +++ b/2024/7xxx/CVE-2024-7104.json @@ -1,18 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7104", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SFS Consulting", + "product": { + "product_data": [ + { + "product_name": "ww.Winsure", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-1475", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-24-1475" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TR-24-1475", + "defect": [ + "TR-24-1475" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Salih \u00d6ZEK" + }, + { + "lang": "en", + "value": "Secure Future Inc." + } + ] } \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8894.json b/2024/8xxx/CVE-2024-8894.json new file mode 100644 index 00000000000..f5de720da37 --- /dev/null +++ b/2024/8xxx/CVE-2024-8894.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8894", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8895.json b/2024/8xxx/CVE-2024-8895.json new file mode 100644 index 00000000000..af6ba269261 --- /dev/null +++ b/2024/8xxx/CVE-2024-8895.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8895", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8896.json b/2024/8xxx/CVE-2024-8896.json new file mode 100644 index 00000000000..a4f2308d7b0 --- /dev/null +++ b/2024/8xxx/CVE-2024-8896.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8896", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file