From 1086d1dcc4ade1c86ecbb3f22ed06e5bb6f9b59e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 22 Feb 2024 10:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/29xxx/CVE-2023-29179.json | 106 ++++++++++++++++++- 2023/29xxx/CVE-2023-29180.json | 136 +++++++++++++++++++++++- 2023/29xxx/CVE-2023-29181.json | 188 ++++++++++++++++++++++++++++++++- 2024/22xxx/CVE-2024-22393.json | 69 +++++++++++- 2024/23xxx/CVE-2024-23349.json | 69 +++++++++++- 2024/26xxx/CVE-2024-26578.json | 69 +++++++++++- 6 files changed, 610 insertions(+), 27 deletions(-) diff --git a/2023/29xxx/CVE-2023-29179.json b/2023/29xxx/CVE-2023-29179.json index 83f66a9afdc..b41b33d442b 100644 --- a/2023/29xxx/CVE-2023-29179.json +++ b/2023/29xxx/CVE-2023-29179.json @@ -1,17 +1,115 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29179", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy version 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 allows attacker to denial of service via specially crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiProxy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.4" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.10" + } + ] + } + }, + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.4" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.11" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-125", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-125" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiProxy version 7.2.5 or above \nPlease upgrade to FortiProxy version 7.0.11 or above \nPlease upgrade to FortiSASE version 22.4 or above \nPlease upgrade to FortiOS version 7.4.0 or above \nPlease upgrade to FortiOS version 7.2.5 or above \nPlease upgrade to FortiOS version 7.0.12 or above \nPlease upgrade to FortiOS version 6.4.13 or above \n" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:U/RC:C" } ] } diff --git a/2023/29xxx/CVE-2023-29180.json b/2023/29xxx/CVE-2023-29180.json index d1081e63d74..39e15a42e29 100644 --- a/2023/29xxx/CVE-2023-29180.json +++ b/2023/29xxx/CVE-2023-29180.json @@ -1,17 +1,145 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29180", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.4" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.11" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.12" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.14" + }, + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.0.16" + } + ] + } + }, + { + "product_name": "FortiProxy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.3" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.10" + }, + { + "version_affected": "<=", + "version_name": "2.0.0", + "version_value": "2.0.12" + }, + { + "version_affected": "<=", + "version_name": "1.2.0", + "version_value": "1.2.13" + }, + { + "version_affected": "<=", + "version_name": "1.1.0", + "version_value": "1.1.6" + }, + { + "version_affected": "<=", + "version_name": "1.0.0", + "version_value": "1.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-111", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-111" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiOS version 7.4.0 or above \nPlease upgrade to FortiOS version 7.2.5 or above \nPlease upgrade to FortiOS version 7.0.12 or above \nPlease upgrade to FortiOS version 6.4.13 or above \nPlease upgrade to FortiOS version 6.2.15 or above \nPlease upgrade to FortiOS version 6.0.17 or above \nPlease upgrade to FortiSASE version 22.4 or above \nPlease upgrade to FortiProxy version 7.2.4 or above \nPlease upgrade to FortiProxy version 7.0.11 or above \nPlease upgrade to FortiProxy version 2.0.13 or above \n" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:U/RC:C" } ] } diff --git a/2023/29xxx/CVE-2023-29181.json b/2023/29xxx/CVE-2023-29181.json index 6e4738a9809..3f31ee007e6 100644 --- a/2023/29xxx/CVE-2023-29181.json +++ b/2023/29xxx/CVE-2023-29181.json @@ -1,17 +1,197 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29181", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-134" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiPAM", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.0", + "version_value": "1.0.3" + } + ] + } + }, + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.4" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.11" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.12" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.14" + }, + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.0.16" + }, + { + "version_affected": "<=", + "version_name": "5.6.0", + "version_value": "5.6.14" + }, + { + "version_affected": "<=", + "version_name": "5.4.0", + "version_value": "5.4.13" + }, + { + "version_affected": "<=", + "version_name": "5.2.0", + "version_value": "5.2.15" + }, + { + "version_affected": "<=", + "version_name": "5.0.0", + "version_value": "5.0.14" + }, + { + "version_affected": "<=", + "version_name": "4.3.0", + "version_value": "4.3.19" + }, + { + "version_affected": "<=", + "version_name": "4.2.0", + "version_value": "4.2.16" + }, + { + "version_affected": "<=", + "version_name": "4.1.1", + "version_value": "4.1.11" + }, + { + "version_affected": "<=", + "version_name": "4.0.0", + "version_value": "4.0.4" + } + ] + } + }, + { + "product_name": "FortiProxy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.4" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.10" + }, + { + "version_affected": "<=", + "version_name": "2.0.0", + "version_value": "2.0.12" + }, + { + "version_affected": "<=", + "version_name": "1.2.0", + "version_value": "1.2.13" + }, + { + "version_affected": "<=", + "version_name": "1.1.0", + "version_value": "1.1.6" + }, + { + "version_affected": "<=", + "version_name": "1.0.0", + "version_value": "1.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-119", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-119" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiOS version 7.4.0 or above\nPlease upgrade to FortiOS version 7.2.5 or above\nPlease upgrade to FortiOS version 7.0.12 or above\nPlease upgrade to FortiOS version 6.4.13 or above\nPlease upgrade to FortiOS version 6.2.15 or above\nPlease upgrade to FortiProxy version 7.2.5 or above\nPlease upgrade to FortiProxy version 7.0.11 or above\nPlease upgrade to FortiProxy version 2.0.13 or above\nPlease upgrade to FortiPAM version 1.1.0 or above\n" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C" } ] } diff --git a/2024/22xxx/CVE-2024-22393.json b/2024/22xxx/CVE-2024-22393.json index 89dca0c6a52..6a3ee81e6e4 100644 --- a/2024/22xxx/CVE-2024-22393.json +++ b/2024/22xxx/CVE-2024-22393.json @@ -1,18 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22393", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nPixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user\u00a0can cause such an attack by uploading an image when posting content.\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue.\n\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Answer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mohammad Reza Omrani" + } + ] } \ No newline at end of file diff --git a/2024/23xxx/CVE-2024-23349.json b/2024/23xxx/CVE-2024-23349.json index 7873137f414..0686ad5bc85 100644 --- a/2024/23xxx/CVE-2024-23349.json +++ b/2024/23xxx/CVE-2024-23349.json @@ -1,18 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23349", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nXSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.\n\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Answer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lyaa@JeeseenSec" + } + ] } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26578.json b/2024/26xxx/CVE-2024-26578.json index 7bc9aeee5a1..73e6917235d 100644 --- a/2024/26xxx/CVE-2024-26578.json +++ b/2024/26xxx/CVE-2024-26578.json @@ -1,18 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26578", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nRepeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name.\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue.\n\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", + "cweId": "CWE-362" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Answer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mohammad Reza Omrani" + } + ] } \ No newline at end of file