From 134da1181e9f312cfdd4982847e7a0e551e61d5d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 21 Nov 2024 21:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/45xxx/CVE-2023-45918.json | 68 ++----------------- 2023/4xxx/CVE-2023-4727.json | 13 ---- 2024/11xxx/CVE-2024-11608.json | 18 +++++ 2024/11xxx/CVE-2024-11609.json | 18 +++++ 2024/11xxx/CVE-2024-11610.json | 18 +++++ 2024/11xxx/CVE-2024-11611.json | 18 +++++ 2024/11xxx/CVE-2024-11612.json | 18 +++++ 2024/11xxx/CVE-2024-11613.json | 18 +++++ 2024/48xxx/CVE-2024-48075.json | 2 +- 2024/50xxx/CVE-2024-50849.json | 2 +- 2024/52xxx/CVE-2024-52615.json | 118 +++++++++++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52616.json | 118 +++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9407.json | 26 ++++++++ 13 files changed, 371 insertions(+), 84 deletions(-) create mode 100644 2024/11xxx/CVE-2024-11608.json create mode 100644 2024/11xxx/CVE-2024-11609.json create mode 100644 2024/11xxx/CVE-2024-11610.json create mode 100644 2024/11xxx/CVE-2024-11611.json create mode 100644 2024/11xxx/CVE-2024-11612.json create mode 100644 2024/11xxx/CVE-2024-11613.json diff --git a/2023/45xxx/CVE-2023-45918.json b/2023/45xxx/CVE-2023-45918.json index ba4f1057da4..009ab676620 100644 --- a/2023/45xxx/CVE-2023-45918.json +++ b/2023/45xxx/CVE-2023-45918.json @@ -1,71 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2023-45918", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45918", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c. NOTE: Multiple third parties have disputed this indicating upstream does not regard it as a security issue." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html", - "refsource": "MISC", - "name": "https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html" - }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20240315-0006/", - "url": "https://security.netapp.com/advisory/ntap-20240315-0006/" - }, - { - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2300290#c1", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300290#c1" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2023/4xxx/CVE-2023-4727.json b/2023/4xxx/CVE-2023-4727.json index ad283540e9f..824f2a4cc20 100644 --- a/2023/4xxx/CVE-2023-4727.json +++ b/2023/4xxx/CVE-2023-4727.json @@ -308,19 +308,6 @@ ] } }, - { - "product_name": "Red Hat Certificate System 10", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 6", "version": { diff --git a/2024/11xxx/CVE-2024-11608.json b/2024/11xxx/CVE-2024-11608.json new file mode 100644 index 00000000000..e722b160bf3 --- /dev/null +++ b/2024/11xxx/CVE-2024-11608.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11608", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11609.json b/2024/11xxx/CVE-2024-11609.json new file mode 100644 index 00000000000..91315b774bc --- /dev/null +++ b/2024/11xxx/CVE-2024-11609.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11609", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11610.json b/2024/11xxx/CVE-2024-11610.json new file mode 100644 index 00000000000..499fb135a3d --- /dev/null +++ b/2024/11xxx/CVE-2024-11610.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11610", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11611.json b/2024/11xxx/CVE-2024-11611.json new file mode 100644 index 00000000000..d69ec95cfed --- /dev/null +++ b/2024/11xxx/CVE-2024-11611.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11611", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11612.json b/2024/11xxx/CVE-2024-11612.json new file mode 100644 index 00000000000..edd8d874305 --- /dev/null +++ b/2024/11xxx/CVE-2024-11612.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11612", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11613.json b/2024/11xxx/CVE-2024-11613.json new file mode 100644 index 00000000000..b851a7152ec --- /dev/null +++ b/2024/11xxx/CVE-2024-11613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/48xxx/CVE-2024-48075.json b/2024/48xxx/CVE-2024-48075.json index ce804fe305a..df7b74b12fc 100644 --- a/2024/48xxx/CVE-2024-48075.json +++ b/2024/48xxx/CVE-2024-48075.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL 09.09.24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message." + "value": "A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message." } ] }, diff --git a/2024/50xxx/CVE-2024-50849.json b/2024/50xxx/CVE-2024-50849.json index cebf0a388da..2ca0ee51b2c 100644 --- a/2024/50xxx/CVE-2024-50849.json +++ b/2024/50xxx/CVE-2024-50849.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross-Site Scripting (XSS) in the \"Rules\" functionality in WordServer 11.8.2 allows a remote authenticated attacker to execute arbitrary code." + "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the \"Rules\" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code." } ] }, diff --git a/2024/52xxx/CVE-2024-52615.json b/2024/52xxx/CVE-2024-52615.json index 4ecb49e739c..dd31ac494f8 100644 --- a/2024/52xxx/CVE-2024-52615.json +++ b/2024/52xxx/CVE-2024-52615.json @@ -1,17 +1,127 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52615", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Insufficiently Random Values", + "cweId": "CWE-330" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-52615", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-52615" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326418", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2326418" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52616.json b/2024/52xxx/CVE-2024-52616.json index b5fa2f860fd..3aceaa72eb5 100644 --- a/2024/52xxx/CVE-2024-52616.json +++ b/2024/52xxx/CVE-2024-52616.json @@ -1,17 +1,127 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Small Space of Random Values", + "cweId": "CWE-334" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-52616", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-52616" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326429", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2326429" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/9xxx/CVE-2024-9407.json b/2024/9xxx/CVE-2024-9407.json index 1e49aadd5d7..937d631eed8 100644 --- a/2024/9xxx/CVE-2024-9407.json +++ b/2024/9xxx/CVE-2024-9407.json @@ -105,6 +105,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2:1.33.11-1.el9_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat OpenShift Container Platform 4", "version": { @@ -158,6 +179,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:9459" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:9926", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:9926" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-9407", "refsource": "MISC",