diff --git a/2023/28xxx/CVE-2023-28806.json b/2023/28xxx/CVE-2023-28806.json index dd10c7a273d..02ddd7d37cc 100644 --- a/2023/28xxx/CVE-2023-28806.json +++ b/2023/28xxx/CVE-2023-28806.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28806", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@zscaler.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347 Improper Verification of Cryptographic Signature", + "cweId": "CWE-347" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zscaler", + "product": { + "product_data": [ + { + "product_name": "Client Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.2.0.190" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190", + "refsource": "MISC", + "name": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Equinor Red Team" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0953.json b/2024/0xxx/CVE-2024-0953.json index 3486f5b27d1..314f72614c8 100644 --- a/2024/0xxx/CVE-2024-0953.json +++ b/2024/0xxx/CVE-2024-0953.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content." + "value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content." + "value": "QR Code Scanner does not prompt before navigating user" } ] } @@ -39,8 +39,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "Firefox for iOS" + "version_affected": "<", + "version_name": "unspecified", + "version_value": "129" } ] } @@ -57,12 +58,14 @@ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916", "refsource": "MISC", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-36/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-36/" } ] }, - "source": { - "discovery": "EXTERNAL" - }, "credits": [ { "lang": "en", diff --git a/2024/23xxx/CVE-2024-23456.json b/2024/23xxx/CVE-2024-23456.json index 154da645a98..f692b24268b 100644 --- a/2024/23xxx/CVE-2024-23456.json +++ b/2024/23xxx/CVE-2024-23456.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23456", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@zscaler.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347 Improper Verification of Cryptographic Signature", + "cweId": "CWE-347" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zscaler", + "product": { + "product_data": [ + { + "product_name": "Client Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.2.0.190" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190", + "refsource": "MISC", + "name": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Equinor Red Team" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/23xxx/CVE-2024-23458.json b/2024/23xxx/CVE-2024-23458.json index 62b6226dce7..ecc8ea38142 100644 --- a/2024/23xxx/CVE-2024-23458.json +++ b/2024/23xxx/CVE-2024-23458.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23458", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@zscaler.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-346 Origin Validation Error", + "cweId": "CWE-346" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zscaler", + "product": { + "product_data": [ + { + "product_name": "Client Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.2.0.190" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190", + "refsource": "MISC", + "name": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=windows&applicable_version=4.2.0.190" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Equinor Red Team" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/23xxx/CVE-2024-23460.json b/2024/23xxx/CVE-2024-23460.json index 7518ae8f0ad..6456e1d262a 100644 --- a/2024/23xxx/CVE-2024-23460.json +++ b/2024/23xxx/CVE-2024-23460.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23460", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@zscaler.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347 Improper Verification of Cryptographic Signature", + "cweId": "CWE-347" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zscaler", + "product": { + "product_data": [ + { + "product_name": "Client Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2", + "refsource": "MISC", + "name": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "LMCO Red Team" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/23xxx/CVE-2024-23464.json b/2024/23xxx/CVE-2024-23464.json index 907ca8b7b16..846ae5cd490 100644 --- a/2024/23xxx/CVE-2024-23464.json +++ b/2024/23xxx/CVE-2024-23464.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23464", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@zscaler.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-281 Improper Preservation of Permissions", + "cweId": "CWE-281" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zscaler", + "product": { + "product_data": [ + { + "product_name": "Client Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.2.1", + "refsource": "MISC", + "name": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.2.1" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Randstad N.V. Red Team" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/23xxx/CVE-2024-23483.json b/2024/23xxx/CVE-2024-23483.json index d13ccb305fe..74ad35c77ed 100644 --- a/2024/23xxx/CVE-2024-23483.json +++ b/2024/23xxx/CVE-2024-23483.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23483", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@zscaler.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection.\u00a0This issue affects Zscaler Client Connector on MacOS <4.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zscaler", + "product": { + "product_data": [ + { + "product_name": "Client Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2", + "refsource": "MISC", + "name": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Singapore GovTech Red Team" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/39xxx/CVE-2024-39225.json b/2024/39xxx/CVE-2024-39225.json index 54a1b6d2201..1065d9acec0 100644 --- a/2024/39xxx/CVE-2024-39225.json +++ b/2024/39xxx/CVE-2024-39225.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-39225", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-39225", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com", + "refsource": "MISC", + "name": "http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypass%20the%20login%20mechanism.md", + "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypass%20the%20login%20mechanism.md" } ] } diff --git a/2024/39xxx/CVE-2024-39226.json b/2024/39xxx/CVE-2024-39226.json index a7db06b091f..4eb7b65c0ce 100644 --- a/2024/39xxx/CVE-2024-39226.json +++ b/2024/39xxx/CVE-2024-39226.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-39226", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-39226", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com", + "refsource": "MISC", + "name": "http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/s2s%20interface%20shell%20injection.md", + "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/s2s%20interface%20shell%20injection.md" } ] } diff --git a/2024/39xxx/CVE-2024-39228.json b/2024/39xxx/CVE-2024-39228.json index 6e49b44f8c5..10e2f73023c 100644 --- a/2024/39xxx/CVE-2024-39228.json +++ b/2024/39xxx/CVE-2024-39228.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-39228", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-39228", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 were discovered to contain a shell injection vulnerability via the interface check_config." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com", + "refsource": "MISC", + "name": "http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Ovpn%20interface%20shell%20injection.md", + "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Ovpn%20interface%20shell%20injection.md" } ] } diff --git a/2024/39xxx/CVE-2024-39751.json b/2024/39xxx/CVE-2024-39751.json index f76901a3a3e..98ae9a0e52d 100644 --- a/2024/39xxx/CVE-2024-39751.json +++ b/2024/39xxx/CVE-2024-39751.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39751", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209 Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7160580", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7160580" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297429", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297429" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/41xxx/CVE-2024-41333.json b/2024/41xxx/CVE-2024-41333.json index 1dcac4349f8..0133673480b 100644 --- a/2024/41xxx/CVE-2024-41333.json +++ b/2024/41xxx/CVE-2024-41333.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41333", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41333", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.linkedin.com/in/sampath-kumar-kadajari-4b18891a7", + "refsource": "MISC", + "name": "https://www.linkedin.com/in/sampath-kumar-kadajari-4b18891a7" + }, + { + "refsource": "CONFIRM", + "name": "https://packetstormsecurity.com/files/179891/Tourism-Management-System-2.0-Cross-Site-Scripting.html", + "url": "https://packetstormsecurity.com/files/179891/Tourism-Management-System-2.0-Cross-Site-Scripting.html" } ] } diff --git a/2024/41xxx/CVE-2024-41616.json b/2024/41xxx/CVE-2024-41616.json index 07f88b97e20..e3ac8efb6e6 100644 --- a/2024/41xxx/CVE-2024-41616.json +++ b/2024/41xxx/CVE-2024-41616.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41616", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41616", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/D-Link300.md", + "refsource": "MISC", + "name": "https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/D-Link300.md" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/CVE-2024-41616", + "url": "https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/CVE-2024-41616" } ] } diff --git a/2024/43xxx/CVE-2024-43111.json b/2024/43xxx/CVE-2024-43111.json index ef209100bb2..dd2e78873a8 100644 --- a/2024/43xxx/CVE-2024-43111.json +++ b/2024/43xxx/CVE-2024-43111.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-43111", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "iOS Firefox allows to run javascript with download" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox for iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "129" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874907", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874907" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-36/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-36/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "James Lee" + } + ] } \ No newline at end of file diff --git a/2024/43xxx/CVE-2024-43112.json b/2024/43xxx/CVE-2024-43112.json index c4ca361f484..52b40c01c44 100644 --- a/2024/43xxx/CVE-2024-43112.json +++ b/2024/43xxx/CVE-2024-43112.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-43112", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "iOS Firefox Download UXSS" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox for iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "129" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874910", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874910" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-36/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-36/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "James Lee" + } + ] } \ No newline at end of file diff --git a/2024/43xxx/CVE-2024-43113.json b/2024/43xxx/CVE-2024-43113.json index c5ff6b4fb55..098db8ccd4d 100644 --- a/2024/43xxx/CVE-2024-43113.json +++ b/2024/43xxx/CVE-2024-43113.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-43113", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The Context Menu for iOS Firefox can over ride on any origin allowing UXSS everywhere with bug id 1874910" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox for iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "129" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874964", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874964" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-36/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-36/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "James Lee" + } + ] } \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5953.json b/2024/5xxx/CVE-2024-5953.json index a405d4fcd57..b554826abc0 100644 --- a/2024/5xxx/CVE-2024-5953.json +++ b/2024/5xxx/CVE-2024-5953.json @@ -35,6 +35,27 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Directory Server 12.4 for RHEL 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "9040020240723122852.1674d574", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "version": { @@ -69,19 +90,6 @@ ] } }, - { - "product_name": "Red Hat Directory Server 12", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -147,6 +155,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:4633" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4997", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4997" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-5953", "refsource": "MISC", diff --git a/2024/6xxx/CVE-2024-6237.json b/2024/6xxx/CVE-2024-6237.json index 06b6035acd6..5e119ae2581 100644 --- a/2024/6xxx/CVE-2024-6237.json +++ b/2024/6xxx/CVE-2024-6237.json @@ -35,6 +35,27 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Directory Server 12.4 for RHEL 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "9040020240723122852.1674d574", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Directory Server 11", "version": { @@ -48,19 +69,6 @@ ] } }, - { - "product_name": "Red Hat Directory Server 12", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 6", "version": { @@ -121,6 +129,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:4997", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:4997" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-6237", "refsource": "MISC", diff --git a/2024/6xxx/CVE-2024-6720.json b/2024/6xxx/CVE-2024-6720.json index c1f2915fb73..9263157e5bf 100644 --- a/2024/6xxx/CVE-2024-6720.json +++ b/2024/6xxx/CVE-2024-6720.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Light Poll", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "1.0.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/d1449be1-ae85-46f4-b5ba-390d25b87723/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/d1449be1-ae85-46f4-b5ba-390d25b87723/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Vuln Seeker Cybersecurity Team" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6988.json b/2024/6xxx/CVE-2024-6988.json index 8471e6c2735..1c82ae988a9 100644 --- a/2024/6xxx/CVE-2024-6988.json +++ b/2024/6xxx/CVE-2024-6988.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6988", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "127.0.6533.72", + "version_value": "127.0.6533.72" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" + }, + { + "url": "https://issues.chromium.org/issues/349198731", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/349198731" } ] } diff --git a/2024/6xxx/CVE-2024-6989.json b/2024/6xxx/CVE-2024-6989.json index af08c5e7b7c..0ac2df5879c 100644 --- a/2024/6xxx/CVE-2024-6989.json +++ b/2024/6xxx/CVE-2024-6989.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6989", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "127.0.6533.72", + "version_value": "127.0.6533.72" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" + }, + { + "url": "https://issues.chromium.org/issues/349342289", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/349342289" } ] } diff --git a/2024/6xxx/CVE-2024-6991.json b/2024/6xxx/CVE-2024-6991.json index 42688e43c70..a8d57c5b396 100644 --- a/2024/6xxx/CVE-2024-6991.json +++ b/2024/6xxx/CVE-2024-6991.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6991", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "127.0.6533.72", + "version_value": "127.0.6533.72" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" + }, + { + "url": "https://issues.chromium.org/issues/346618785", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/346618785" } ] } diff --git a/2024/6xxx/CVE-2024-6994.json b/2024/6xxx/CVE-2024-6994.json index be5265dbaca..7c929f8d08a 100644 --- a/2024/6xxx/CVE-2024-6994.json +++ b/2024/6xxx/CVE-2024-6994.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6994", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "127.0.6533.72", + "version_value": "127.0.6533.72" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" + }, + { + "url": "https://issues.chromium.org/issues/339686368", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/339686368" } ] } diff --git a/2024/6xxx/CVE-2024-6995.json b/2024/6xxx/CVE-2024-6995.json index fbb29b6efce..a78006b6378 100644 --- a/2024/6xxx/CVE-2024-6995.json +++ b/2024/6xxx/CVE-2024-6995.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6995", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "127.0.6533.72", + "version_value": "127.0.6533.72" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" + }, + { + "url": "https://issues.chromium.org/issues/343938078", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/343938078" } ] } diff --git a/2024/6xxx/CVE-2024-6996.json b/2024/6xxx/CVE-2024-6996.json index 12df9fc87d9..1b7ed92ae01 100644 --- a/2024/6xxx/CVE-2024-6996.json +++ b/2024/6xxx/CVE-2024-6996.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6996", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Race", + "cweId": "CWE-362" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "127.0.6533.72", + "version_value": "127.0.6533.72" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" + }, + { + "url": "https://issues.chromium.org/issues/333708039", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/333708039" } ] } diff --git a/2024/6xxx/CVE-2024-6997.json b/2024/6xxx/CVE-2024-6997.json index a6818901433..9da82a2873f 100644 --- a/2024/6xxx/CVE-2024-6997.json +++ b/2024/6xxx/CVE-2024-6997.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6997", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "127.0.6533.72", + "version_value": "127.0.6533.72" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" + }, + { + "url": "https://issues.chromium.org/issues/325293263", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/325293263" } ] } diff --git a/2024/6xxx/CVE-2024-6998.json b/2024/6xxx/CVE-2024-6998.json index 628c4d3c3a9..3bd7a23853a 100644 --- a/2024/6xxx/CVE-2024-6998.json +++ b/2024/6xxx/CVE-2024-6998.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "127.0.6533.72", + "version_value": "127.0.6533.72" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" + }, + { + "url": "https://issues.chromium.org/issues/340098902", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/340098902" } ] } diff --git a/2024/6xxx/CVE-2024-6999.json b/2024/6xxx/CVE-2024-6999.json index 9381c438c2e..15301aaebf2 100644 --- a/2024/6xxx/CVE-2024-6999.json +++ b/2024/6xxx/CVE-2024-6999.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6999", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "127.0.6533.72", + "version_value": "127.0.6533.72" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" + }, + { + "url": "https://issues.chromium.org/issues/340893685", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/340893685" } ] } diff --git a/2024/7xxx/CVE-2024-7000.json b/2024/7xxx/CVE-2024-7000.json index 302634083bb..fcfa704bce2 100644 --- a/2024/7xxx/CVE-2024-7000.json +++ b/2024/7xxx/CVE-2024-7000.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7000", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "127.0.6533.72", + "version_value": "127.0.6533.72" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" + }, + { + "url": "https://issues.chromium.org/issues/339877158", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/339877158" } ] } diff --git a/2024/7xxx/CVE-2024-7001.json b/2024/7xxx/CVE-2024-7001.json index 910891636c8..0c36443d461 100644 --- a/2024/7xxx/CVE-2024-7001.json +++ b/2024/7xxx/CVE-2024-7001.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7001", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "127.0.6533.72", + "version_value": "127.0.6533.72" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" + }, + { + "url": "https://issues.chromium.org/issues/347509736", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/347509736" } ] } diff --git a/2024/7xxx/CVE-2024-7003.json b/2024/7xxx/CVE-2024-7003.json index 73fda27a203..e9d27f64a2c 100644 --- a/2024/7xxx/CVE-2024-7003.json +++ b/2024/7xxx/CVE-2024-7003.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7003", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "127.0.6533.72", + "version_value": "127.0.6533.72" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" + }, + { + "url": "https://issues.chromium.org/issues/338233148", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/338233148" } ] } diff --git a/2024/7xxx/CVE-2024-7004.json b/2024/7xxx/CVE-2024-7004.json index 5bcd1ebee72..7895e8f007b 100644 --- a/2024/7xxx/CVE-2024-7004.json +++ b/2024/7xxx/CVE-2024-7004.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "127.0.6533.72", + "version_value": "127.0.6533.72" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" + }, + { + "url": "https://issues.chromium.org/issues/40063014", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/40063014" } ] } diff --git a/2024/7xxx/CVE-2024-7005.json b/2024/7xxx/CVE-2024-7005.json index 4dde1a3ec72..b881f6f1302 100644 --- a/2024/7xxx/CVE-2024-7005.json +++ b/2024/7xxx/CVE-2024-7005.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7005", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "127.0.6533.72", + "version_value": "127.0.6533.72" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html" + }, + { + "url": "https://issues.chromium.org/issues/40068800", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/40068800" } ] } diff --git a/2024/7xxx/CVE-2024-7563.json b/2024/7xxx/CVE-2024-7563.json new file mode 100644 index 00000000000..59598f54e74 --- /dev/null +++ b/2024/7xxx/CVE-2024-7563.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7563", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7564.json b/2024/7xxx/CVE-2024-7564.json new file mode 100644 index 00000000000..6da88129303 --- /dev/null +++ b/2024/7xxx/CVE-2024-7564.json @@ -0,0 +1,78 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-7564", + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the get_response_json_result endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-24680." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Logsign", + "product": { + "product_data": [ + { + "product_name": "Unified SecOps Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.4.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1021/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1021/" + } + ] + }, + "source": { + "lang": "en", + "value": "Abdessamad Lahlali and Smile Thanapattheerakul of Trend Micro" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7565.json b/2024/7xxx/CVE-2024-7565.json new file mode 100644 index 00000000000..e0aea25105c --- /dev/null +++ b/2024/7xxx/CVE-2024-7565.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7565", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file