From 18b2d80070cdd2efa65b58820a09737a38c9acb3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 1 Apr 2024 20:43:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/10xxx/CVE-2015-10123.json | 119 ++++++++- 2018/25xxx/CVE-2018-25090.json | 119 ++++++++- 2023/20xxx/CVE-2023-20236.json | 7 +- 2023/28xxx/CVE-2023-28517.json | 83 +++++- 2023/36xxx/CVE-2023-36238.json | 56 +++- 2023/38xxx/CVE-2023-38723.json | 83 +++++- 2024/0xxx/CVE-2024-0173.json | 85 ++++++- 2024/0xxx/CVE-2024-0521.json | 2 +- 2024/0xxx/CVE-2024-0799.json | 79 +++++- 2024/0xxx/CVE-2024-0800.json | 79 +++++- 2024/0xxx/CVE-2024-0801.json | 78 +++++- 2024/0xxx/CVE-2024-0815.json | 2 +- 2024/0xxx/CVE-2024-0817.json | 2 +- 2024/20xxx/CVE-2024-20315.json | 93 ++++++- 2024/20xxx/CVE-2024-20318.json | 225 +++++++++++++++- 2024/20xxx/CVE-2024-20319.json | 453 ++++++++++++++++++++++++++++++++- 2024/22xxx/CVE-2024-22099.json | 5 + 2024/22xxx/CVE-2024-22185.json | 18 ++ 2024/23xxx/CVE-2024-23121.json | 7 +- 2024/23xxx/CVE-2024-23122.json | 7 +- 2024/23xxx/CVE-2024-23123.json | 7 +- 2024/23xxx/CVE-2024-23204.json | 5 + 2024/23xxx/CVE-2024-23220.json | 5 + 2024/23xxx/CVE-2024-23225.json | 5 + 2024/23xxx/CVE-2024-23226.json | 20 ++ 2024/23xxx/CVE-2024-23230.json | 15 ++ 2024/23xxx/CVE-2024-23235.json | 20 ++ 2024/23xxx/CVE-2024-23246.json | 20 ++ 2024/23xxx/CVE-2024-23247.json | 15 ++ 2024/23xxx/CVE-2024-23254.json | 25 ++ 2024/23xxx/CVE-2024-23257.json | 20 ++ 2024/23xxx/CVE-2024-23258.json | 10 + 2024/23xxx/CVE-2024-23262.json | 5 + 2024/23xxx/CVE-2024-23263.json | 25 ++ 2024/23xxx/CVE-2024-23264.json | 25 ++ 2024/23xxx/CVE-2024-23265.json | 5 + 2024/23xxx/CVE-2024-23266.json | 15 ++ 2024/23xxx/CVE-2024-23269.json | 15 ++ 2024/23xxx/CVE-2024-23274.json | 15 ++ 2024/23xxx/CVE-2024-23276.json | 5 + 2024/23xxx/CVE-2024-23283.json | 15 ++ 2024/23xxx/CVE-2024-23284.json | 25 ++ 2024/23xxx/CVE-2024-23286.json | 5 + 2024/23xxx/CVE-2024-23295.json | 5 + 2024/23xxx/CVE-2024-23296.json | 25 ++ 2024/23xxx/CVE-2024-23907.json | 18 ++ 2024/23xxx/CVE-2024-23919.json | 18 ++ 2024/24xxx/CVE-2024-24692.json | 78 +++++- 2024/24xxx/CVE-2024-24693.json | 78 +++++- 2024/25xxx/CVE-2024-25386.json | 5 + 2024/25xxx/CVE-2024-25939.json | 18 ++ 2024/26xxx/CVE-2024-26021.json | 18 ++ 2024/26xxx/CVE-2024-26027.json | 18 ++ 2024/26xxx/CVE-2024-26259.json | 18 ++ 2024/26xxx/CVE-2024-26529.json | 61 ++++- 2024/26xxx/CVE-2024-26622.json | 5 + 2024/27xxx/CVE-2024-27440.json | 74 +++++- 2024/27xxx/CVE-2024-27507.json | 5 + 2024/27xxx/CVE-2024-27743.json | 10 - 2024/27xxx/CVE-2024-27744.json | 20 -- 2024/27xxx/CVE-2024-27746.json | 10 - 2024/27xxx/CVE-2024-27747.json | 10 - 2024/28xxx/CVE-2024-28035.json | 18 ++ 2024/28xxx/CVE-2024-28169.json | 18 ++ 2024/28xxx/CVE-2024-28172.json | 18 ++ 2024/28xxx/CVE-2024-28194.json | 76 +++++- 2024/28xxx/CVE-2024-28195.json | 81 +++++- 2024/28xxx/CVE-2024-28196.json | 76 +++++- 2024/28xxx/CVE-2024-28623.json | 56 +++- 2024/28xxx/CVE-2024-28960.json | 18 ++ 2024/28xxx/CVE-2024-28981.json | 18 ++ 2024/28xxx/CVE-2024-28982.json | 18 ++ 2024/28xxx/CVE-2024-28983.json | 18 ++ 2024/28xxx/CVE-2024-28984.json | 18 ++ 2024/28xxx/CVE-2024-28985.json | 18 ++ 2024/29xxx/CVE-2024-29006.json | 18 ++ 2024/29xxx/CVE-2024-29007.json | 18 ++ 2024/2xxx/CVE-2024-2182.json | 30 +-- 2024/2xxx/CVE-2024-2400.json | 59 ++++- 2024/2xxx/CVE-2024-2403.json | 60 ++++- 2024/2xxx/CVE-2024-2412.json | 4 +- 2024/2xxx/CVE-2024-2413.json | 93 ++++++- 2024/2xxx/CVE-2024-2418.json | 105 ++++++++ 2024/2xxx/CVE-2024-2431.json | 195 +++++++++++++- 2024/2xxx/CVE-2024-2432.json | 165 +++++++++++- 2024/2xxx/CVE-2024-2433.json | 233 ++++++++++++++++- 2024/2xxx/CVE-2024-2434.json | 18 ++ 2024/2xxx/CVE-2024-2435.json | 18 ++ 2024/2xxx/CVE-2024-2436.json | 18 ++ 2024/2xxx/CVE-2024-2437.json | 18 ++ 2024/2xxx/CVE-2024-2438.json | 18 ++ 2024/2xxx/CVE-2024-2443.json | 18 ++ 92 files changed, 3773 insertions(+), 184 deletions(-) create mode 100644 2024/22xxx/CVE-2024-22185.json create mode 100644 2024/23xxx/CVE-2024-23907.json create mode 100644 2024/23xxx/CVE-2024-23919.json create mode 100644 2024/25xxx/CVE-2024-25939.json create mode 100644 2024/26xxx/CVE-2024-26021.json create mode 100644 2024/26xxx/CVE-2024-26027.json create mode 100644 2024/26xxx/CVE-2024-26259.json create mode 100644 2024/28xxx/CVE-2024-28035.json create mode 100644 2024/28xxx/CVE-2024-28169.json create mode 100644 2024/28xxx/CVE-2024-28172.json create mode 100644 2024/28xxx/CVE-2024-28960.json create mode 100644 2024/28xxx/CVE-2024-28981.json create mode 100644 2024/28xxx/CVE-2024-28982.json create mode 100644 2024/28xxx/CVE-2024-28983.json create mode 100644 2024/28xxx/CVE-2024-28984.json create mode 100644 2024/28xxx/CVE-2024-28985.json create mode 100644 2024/29xxx/CVE-2024-29006.json create mode 100644 2024/29xxx/CVE-2024-29007.json create mode 100644 2024/2xxx/CVE-2024-2418.json create mode 100644 2024/2xxx/CVE-2024-2434.json create mode 100644 2024/2xxx/CVE-2024-2435.json create mode 100644 2024/2xxx/CVE-2024-2436.json create mode 100644 2024/2xxx/CVE-2024-2437.json create mode 100644 2024/2xxx/CVE-2024-2438.json create mode 100644 2024/2xxx/CVE-2024-2443.json diff --git a/2015/10xxx/CVE-2015-10123.json b/2015/10xxx/CVE-2015-10123.json index c5121279365..aca7984b34f 100644 --- a/2015/10xxx/CVE-2015-10123.json +++ b/2015/10xxx/CVE-2015-10123.json @@ -1,17 +1,128 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2015-10123", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WAGO", + "product": { + "product_data": [ + { + "product_name": "Controller BACnet/IP", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "FW13" + } + ] + } + }, + { + "product_name": "Controller BACnet MS/TP", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "FW13" + } + ] + } + }, + { + "product_name": "Ethernet Controller 3rd Generation", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "FW13" + } + ] + } + }, + { + "product_name": "Fieldbus Coupler Ethernet 3rd Generation", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "FW13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2023-039/", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2023-039/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2023-039", + "defect": [ + "CERT@VDE#64546" + ], + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2018/25xxx/CVE-2018-25090.json b/2018/25xxx/CVE-2018-25090.json index f90a2550519..4acaf336fea 100644 --- a/2018/25xxx/CVE-2018-25090.json +++ b/2018/25xxx/CVE-2018-25090.json @@ -1,17 +1,128 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2018-25090", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required.\u00a0This leads to a limited impact of confidentiality and integrity but no impact of availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WAGO", + "product": { + "product_data": [ + { + "product_name": "Controller BACnet/IP", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "FW13" + } + ] + } + }, + { + "product_name": "Controller BACnet MS/TP", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "FW13" + } + ] + } + }, + { + "product_name": "Ethernet Controller 3rd Generation", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "FW13" + } + ] + } + }, + { + "product_name": "Fieldbus Coupler Ethernet 3rd Generation", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "FW13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2023-039/", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2023-039/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2023-039", + "defect": [ + "CERT@VDE#64546" + ], + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/20xxx/CVE-2023-20236.json b/2023/20xxx/CVE-2023-20236.json index 2f0a0598bd8..ec560ffc3d4 100644 --- a/2023/20xxx/CVE-2023-20236.json +++ b/2023/20xxx/CVE-2023-20236.json @@ -412,7 +412,12 @@ "CSCvz63925", "CSCvz63918", "CSCwe12502", - "CSCvz63929" + "CSCvz63929", + "CSCwi31568", + "CSCwh78724", + "CSCwi26526", + "CSCwh70601", + "CSCwh78727" ] }, "exploit": [ diff --git a/2023/28xxx/CVE-2023-28517.json b/2023/28xxx/CVE-2023-28517.json index 4dda75137bf..1ab502056a5 100644 --- a/2023/28xxx/CVE-2023-28517.json +++ b/2023/28xxx/CVE-2023-28517.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250421." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling Partner Engagement Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.1.2, 6.2.0, 6.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7138575", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7138575" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250421", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250421" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36238.json b/2023/36xxx/CVE-2023-36238.json index 054c7cb1476..431d3c44892 100644 --- a/2023/36xxx/CVE-2023-36238.json +++ b/2023/36xxx/CVE-2023-36238.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36238", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36238", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Ek-Saini/security/blob/main/IDOR-Bagisto", + "url": "https://github.com/Ek-Saini/security/blob/main/IDOR-Bagisto" } ] } diff --git a/2023/38xxx/CVE-2023-38723.json b/2023/38xxx/CVE-2023-38723.json index 9453b710f3c..c8310b16fce 100644 --- a/2023/38xxx/CVE-2023-38723.json +++ b/2023/38xxx/CVE-2023-38723.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Maximo Asset Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.6.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7139010", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7139010" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262192", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262192" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0173.json b/2024/0xxx/CVE-2024-0173.json index 7a9e7df645f..8093a1cf74f 100644 --- a/2024/0xxx/CVE-2024-0173.json +++ b/2024/0xxx/CVE-2024-0173.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0173", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-788: Access of Memory Location After End of Buffer", + "cweId": "CWE-788" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "PowerEdge Platform\t", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "N/A", + "version_value": "2.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Dell would like to thank codebreaker1337 for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.8, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0521.json b/2024/0xxx/CVE-2024-0521.json index d133112c056..8cd50b83154 100644 --- a/2024/0xxx/CVE-2024-0521.json +++ b/2024/0xxx/CVE-2024-0521.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-0521", - "ASSIGNER": "security@huntr.com", + "ASSIGNER": "paddle-security@baidu.com", "STATE": "PUBLIC" }, "description": { diff --git a/2024/0xxx/CVE-2024-0799.json b/2024/0xxx/CVE-2024-0799.json index 98bf9f64173..1d5fb7d086b 100644 --- a/2024/0xxx/CVE-2024-0799.json +++ b/2024/0xxx/CVE-2024-0799.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0799", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Arcserve", + "product": { + "product_data": [ + { + "product_name": "Unified Data Protection", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2024-07", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2024-07" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0800.json b/2024/0xxx/CVE-2024-0800.json index ee1d3772d67..d2478089081 100644 --- a/2024/0xxx/CVE-2024-0800.json +++ b/2024/0xxx/CVE-2024-0800.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Arcserve", + "product": { + "product_data": [ + { + "product_name": "Unified Data Protection", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2024-07", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2024-07" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0801.json b/2024/0xxx/CVE-2024-0801.json index 0f605ed0932..ad2b2c1cca8 100644 --- a/2024/0xxx/CVE-2024-0801.json +++ b/2024/0xxx/CVE-2024-0801.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0801", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Arcserve", + "product": { + "product_data": [ + { + "product_name": "Unified Data Protection", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2024-07", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2024-07" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0815.json b/2024/0xxx/CVE-2024-0815.json index 74ec57b216e..910b4295f54 100644 --- a/2024/0xxx/CVE-2024-0815.json +++ b/2024/0xxx/CVE-2024-0815.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-0815", - "ASSIGNER": "security@huntr.com", + "ASSIGNER": "paddle-security@baidu.com", "STATE": "PUBLIC" }, "description": { diff --git a/2024/0xxx/CVE-2024-0817.json b/2024/0xxx/CVE-2024-0817.json index 38c167e7335..1ae3c897a88 100644 --- a/2024/0xxx/CVE-2024-0817.json +++ b/2024/0xxx/CVE-2024-0817.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-0817", - "ASSIGNER": "security@huntr.com", + "ASSIGNER": "paddle-security@baidu.com", "STATE": "PUBLIC" }, "description": { diff --git a/2024/20xxx/CVE-2024-20315.json b/2024/20xxx/CVE-2024-20315.json index 52ddd3f70ef..6f4d54bdc40 100644 --- a/2024/20xxx/CVE-2024-20315.json +++ b/2024/20xxx/CVE-2024-20315.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20315", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.9.1" + }, + { + "version_affected": "=", + "version_value": "7.9.2" + }, + { + "version_affected": "=", + "version_value": "7.10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e" + } + ] + }, + "source": { + "advisory": "cisco-sa-iosxr-acl-bypass-RZU5NL3e", + "discovery": "INTERNAL", + "defects": [ + "CSCwf99658" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" } ] } diff --git a/2024/20xxx/CVE-2024-20318.json b/2024/20xxx/CVE-2024-20318.json index f2c68da5b32..c5110d61459 100644 --- a/2024/20xxx/CVE-2024-20318.json +++ b/2024/20xxx/CVE-2024-20318.json @@ -1,17 +1,234 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20318", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.5.2" + }, + { + "version_affected": "=", + "version_value": "6.5.3" + }, + { + "version_affected": "=", + "version_value": "6.6.2" + }, + { + "version_affected": "=", + "version_value": "6.6.3" + }, + { + "version_affected": "=", + "version_value": "6.6.25" + }, + { + "version_affected": "=", + "version_value": "7.0.1" + }, + { + "version_affected": "=", + "version_value": "7.0.2" + }, + { + "version_affected": "=", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.1.15" + }, + { + "version_affected": "=", + "version_value": "7.1.2" + }, + { + "version_affected": "=", + "version_value": "7.1.3" + }, + { + "version_affected": "=", + "version_value": "6.7.1" + }, + { + "version_affected": "=", + "version_value": "6.7.2" + }, + { + "version_affected": "=", + "version_value": "6.7.3" + }, + { + "version_affected": "=", + "version_value": "7.3.1" + }, + { + "version_affected": "=", + "version_value": "7.3.2" + }, + { + "version_affected": "=", + "version_value": "7.3.3" + }, + { + "version_affected": "=", + "version_value": "7.3.5" + }, + { + "version_affected": "=", + "version_value": "7.4.1" + }, + { + "version_affected": "=", + "version_value": "7.4.2" + }, + { + "version_affected": "=", + "version_value": "6.8.1" + }, + { + "version_affected": "=", + "version_value": "6.8.2" + }, + { + "version_affected": "=", + "version_value": "7.5.1" + }, + { + "version_affected": "=", + "version_value": "7.5.3" + }, + { + "version_affected": "=", + "version_value": "7.5.2" + }, + { + "version_affected": "=", + "version_value": "7.5.4" + }, + { + "version_affected": "=", + "version_value": "7.5.5" + }, + { + "version_affected": "=", + "version_value": "7.6.1" + }, + { + "version_affected": "=", + "version_value": "7.6.2" + }, + { + "version_affected": "=", + "version_value": "7.7.1" + }, + { + "version_affected": "=", + "version_value": "7.7.2" + }, + { + "version_affected": "=", + "version_value": "6.9.1" + }, + { + "version_affected": "=", + "version_value": "6.9.2" + }, + { + "version_affected": "=", + "version_value": "7.8.1" + }, + { + "version_affected": "=", + "version_value": "7.8.2" + }, + { + "version_affected": "=", + "version_value": "7.9.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc" + } + ] + }, + "source": { + "advisory": "cisco-sa-xrl2vpn-jesrU3fc", + "discovery": "EXTERNAL", + "defects": [ + "CSCwe29150" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/20xxx/CVE-2024-20319.json b/2024/20xxx/CVE-2024-20319.json index 815fd59fe05..3cc60a06e6f 100644 --- a/2024/20xxx/CVE-2024-20319.json +++ b/2024/20xxx/CVE-2024-20319.json @@ -1,17 +1,462 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20319", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device.\r\n\r This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination address that could be processed by an affected device that is configured with an SNMP server. A successful exploit could allow the attacker to communicate to the device on the configured SNMP ports. Although an unauthenticated attacker could send UDP datagrams to the configured SNMP port, only an authenticated user can retrieve or modify data using SNMP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.2.0" + }, + { + "version_affected": "=", + "version_value": "5.2.1" + }, + { + "version_affected": "=", + "version_value": "5.2.2" + }, + { + "version_affected": "=", + "version_value": "5.2.4" + }, + { + "version_affected": "=", + "version_value": "5.2.3" + }, + { + "version_affected": "=", + "version_value": "5.2.5" + }, + { + "version_affected": "=", + "version_value": "5.2.47" + }, + { + "version_affected": "=", + "version_value": "5.3.0" + }, + { + "version_affected": "=", + "version_value": "5.3.1" + }, + { + "version_affected": "=", + "version_value": "5.3.2" + }, + { + "version_affected": "=", + "version_value": "5.3.3" + }, + { + "version_affected": "=", + "version_value": "5.3.4" + }, + { + "version_affected": "=", + "version_value": "6.0.0" + }, + { + "version_affected": "=", + "version_value": "6.0.1" + }, + { + "version_affected": "=", + "version_value": "6.0.2" + }, + { + "version_affected": "=", + "version_value": "6.1.1" + }, + { + "version_affected": "=", + "version_value": "6.1.2" + }, + { + "version_affected": "=", + "version_value": "6.1.3" + }, + { + "version_affected": "=", + "version_value": "6.1.4" + }, + { + "version_affected": "=", + "version_value": "6.1.12" + }, + { + "version_affected": "=", + "version_value": "6.1.22" + }, + { + "version_affected": "=", + "version_value": "6.1.32" + }, + { + "version_affected": "=", + "version_value": "6.1.36" + }, + { + "version_affected": "=", + "version_value": "6.1.42" + }, + { + "version_affected": "=", + "version_value": "6.2.1" + }, + { + "version_affected": "=", + "version_value": "6.2.2" + }, + { + "version_affected": "=", + "version_value": "6.2.3" + }, + { + "version_affected": "=", + "version_value": "6.2.25" + }, + { + "version_affected": "=", + "version_value": "6.2.11" + }, + { + "version_affected": "=", + "version_value": "6.3.2" + }, + { + "version_affected": "=", + "version_value": "6.3.3" + }, + { + "version_affected": "=", + "version_value": "6.3.15" + }, + { + "version_affected": "=", + "version_value": "6.4.1" + }, + { + "version_affected": "=", + "version_value": "6.4.2" + }, + { + "version_affected": "=", + "version_value": "6.4.3" + }, + { + "version_affected": "=", + "version_value": "6.5.1" + }, + { + "version_affected": "=", + "version_value": "6.5.2" + }, + { + "version_affected": "=", + "version_value": "6.5.3" + }, + { + "version_affected": "=", + "version_value": "6.5.25" + }, + { + "version_affected": "=", + "version_value": "6.5.26" + }, + { + "version_affected": "=", + "version_value": "6.5.28" + }, + { + "version_affected": "=", + "version_value": "6.5.29" + }, + { + "version_affected": "=", + "version_value": "6.5.32" + }, + { + "version_affected": "=", + "version_value": "6.5.33" + }, + { + "version_affected": "=", + "version_value": "6.6.2" + }, + { + "version_affected": "=", + "version_value": "6.6.3" + }, + { + "version_affected": "=", + "version_value": "6.6.25" + }, + { + "version_affected": "=", + "version_value": "6.6.4" + }, + { + "version_affected": "=", + "version_value": "7.0.1" + }, + { + "version_affected": "=", + "version_value": "7.0.2" + }, + { + "version_affected": "=", + "version_value": "7.0.12" + }, + { + "version_affected": "=", + "version_value": "7.0.14" + }, + { + "version_affected": "=", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.1.15" + }, + { + "version_affected": "=", + "version_value": "7.1.2" + }, + { + "version_affected": "=", + "version_value": "7.1.3" + }, + { + "version_affected": "=", + "version_value": "6.7.1" + }, + { + "version_affected": "=", + "version_value": "6.7.2" + }, + { + "version_affected": "=", + "version_value": "6.7.3" + }, + { + "version_affected": "=", + "version_value": "6.7.4" + }, + { + "version_affected": "=", + "version_value": "7.2.0" + }, + { + "version_affected": "=", + "version_value": "7.2.1" + }, + { + "version_affected": "=", + "version_value": "7.2.2" + }, + { + "version_affected": "=", + "version_value": "7.3.1" + }, + { + "version_affected": "=", + "version_value": "7.3.15" + }, + { + "version_affected": "=", + "version_value": "7.3.2" + }, + { + "version_affected": "=", + "version_value": "7.3.3" + }, + { + "version_affected": "=", + "version_value": "7.3.5" + }, + { + "version_affected": "=", + "version_value": "7.3.6" + }, + { + "version_affected": "=", + "version_value": "7.4.1" + }, + { + "version_affected": "=", + "version_value": "7.4.2" + }, + { + "version_affected": "=", + "version_value": "6.8.1" + }, + { + "version_affected": "=", + "version_value": "6.8.2" + }, + { + "version_affected": "=", + "version_value": "7.5.1" + }, + { + "version_affected": "=", + "version_value": "7.5.3" + }, + { + "version_affected": "=", + "version_value": "7.5.2" + }, + { + "version_affected": "=", + "version_value": "7.5.4" + }, + { + "version_affected": "=", + "version_value": "7.5.5" + }, + { + "version_affected": "=", + "version_value": "7.6.1" + }, + { + "version_affected": "=", + "version_value": "7.6.2" + }, + { + "version_affected": "=", + "version_value": "7.7.1" + }, + { + "version_affected": "=", + "version_value": "7.7.2" + }, + { + "version_affected": "=", + "version_value": "7.7.21" + }, + { + "version_affected": "=", + "version_value": "6.9.1" + }, + { + "version_affected": "=", + "version_value": "6.9.2" + }, + { + "version_affected": "=", + "version_value": "7.8.1" + }, + { + "version_affected": "=", + "version_value": "7.8.2" + }, + { + "version_affected": "=", + "version_value": "7.9.1" + }, + { + "version_affected": "=", + "version_value": "7.9.2" + }, + { + "version_affected": "=", + "version_value": "7.9.21" + }, + { + "version_affected": "=", + "version_value": "7.10.1" + }, + { + "version_affected": "=", + "version_value": "7.10.2" + }, + { + "version_affected": "=", + "version_value": "7.11.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uhv6ZDeF", + "refsource": "MISC", + "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uhv6ZDeF" + } + ] + }, + "source": { + "advisory": "cisco-sa-snmp-uhv6ZDeF", + "discovery": "EXTERNAL", + "defects": [ + "CSCwh31469" + ] + }, + "exploit": [ + { + "lang": "en", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" } ] } diff --git a/2024/22xxx/CVE-2024-22099.json b/2024/22xxx/CVE-2024-22099.json index 56538cc9388..e029181e640 100644 --- a/2024/22xxx/CVE-2024-22099.json +++ b/2024/22xxx/CVE-2024-22099.json @@ -64,6 +64,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/" } ] }, diff --git a/2024/22xxx/CVE-2024-22185.json b/2024/22xxx/CVE-2024-22185.json new file mode 100644 index 00000000000..3ef0347204f --- /dev/null +++ b/2024/22xxx/CVE-2024-22185.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-22185", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/23xxx/CVE-2024-23121.json b/2024/23xxx/CVE-2024-23121.json index b29ce41c5d5..9cdc999e082 100644 --- a/2024/23xxx/CVE-2024-23121.json +++ b/2024/23xxx/CVE-2024-23121.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\n" + "value": "A maliciously crafted MODEL file in libodxdll.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\n" } ] }, @@ -58,6 +58,11 @@ "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002", "refsource": "MISC", "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002" + }, + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004" } ] }, diff --git a/2024/23xxx/CVE-2024-23122.json b/2024/23xxx/CVE-2024-23122.json index 0a229cf4c4b..71263fd962e 100644 --- a/2024/23xxx/CVE-2024-23122.json +++ b/2024/23xxx/CVE-2024-23122.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A maliciously crafted 3DM file when parsed in opennurbs.dll through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\n" + "value": "A maliciously crafted 3DM file in opennurbs.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\n" } ] }, @@ -58,6 +58,11 @@ "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002", "refsource": "MISC", "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002" + }, + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004" } ] }, diff --git a/2024/23xxx/CVE-2024-23123.json b/2024/23xxx/CVE-2024-23123.json index 0b0a3625cb3..2cf0ac0a0f8 100644 --- a/2024/23xxx/CVE-2024-23123.json +++ b/2024/23xxx/CVE-2024-23123.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A maliciously crafted CATPART file when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\n" + "value": "A maliciously crafted CATPART file in CC5Dll.dll or ASMBASE228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\n" } ] }, @@ -58,6 +58,11 @@ "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002", "refsource": "MISC", "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002" + }, + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004" } ] }, diff --git a/2024/23xxx/CVE-2024-23204.json b/2024/23xxx/CVE-2024-23204.json index 8608d57dcf1..22ff4891855 100644 --- a/2024/23xxx/CVE-2024-23204.json +++ b/2024/23xxx/CVE-2024-23204.json @@ -127,6 +127,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23220.json b/2024/23xxx/CVE-2024-23220.json index d6d730e0125..6da2ec4359d 100644 --- a/2024/23xxx/CVE-2024-23220.json +++ b/2024/23xxx/CVE-2024-23220.json @@ -75,6 +75,11 @@ "url": "https://support.apple.com/en-us/HT214081", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214081" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23225.json b/2024/23xxx/CVE-2024-23225.json index 01fad8906ed..fa76433003a 100644 --- a/2024/23xxx/CVE-2024-23225.json +++ b/2024/23xxx/CVE-2024-23225.json @@ -128,6 +128,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/23", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/23" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23226.json b/2024/23xxx/CVE-2024-23226.json index ffddb20444e..39290ba525c 100644 --- a/2024/23xxx/CVE-2024-23226.json +++ b/2024/23xxx/CVE-2024-23226.json @@ -126,6 +126,26 @@ "url": "https://support.apple.com/en-us/HT214088", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214088" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/25", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/25" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/24", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/24" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23230.json b/2024/23xxx/CVE-2024-23230.json index f00b620149b..d61ae23d05e 100644 --- a/2024/23xxx/CVE-2024-23230.json +++ b/2024/23xxx/CVE-2024-23230.json @@ -68,6 +68,21 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23235.json b/2024/23xxx/CVE-2024-23235.json index 497f8581205..f9b86f8b292 100644 --- a/2024/23xxx/CVE-2024-23235.json +++ b/2024/23xxx/CVE-2024-23235.json @@ -131,6 +131,26 @@ "url": "https://support.apple.com/en-us/HT214088", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214088" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/25", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/25" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/24", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/24" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23246.json b/2024/23xxx/CVE-2024-23246.json index 392ef4cbbd0..b54e850a873 100644 --- a/2024/23xxx/CVE-2024-23246.json +++ b/2024/23xxx/CVE-2024-23246.json @@ -131,6 +131,26 @@ "url": "https://support.apple.com/en-us/HT214088", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214088" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/25", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/25" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/24", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/24" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23247.json b/2024/23xxx/CVE-2024-23247.json index 64d6615f253..79e16c25642 100644 --- a/2024/23xxx/CVE-2024-23247.json +++ b/2024/23xxx/CVE-2024-23247.json @@ -68,6 +68,21 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23254.json b/2024/23xxx/CVE-2024-23254.json index 71b78723f70..3927afc5005 100644 --- a/2024/23xxx/CVE-2024-23254.json +++ b/2024/23xxx/CVE-2024-23254.json @@ -143,6 +143,31 @@ "url": "https://support.apple.com/en-us/HT214088", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214088" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/20", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/20" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/25", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/25" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/24", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/24" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23257.json b/2024/23xxx/CVE-2024-23257.json index 504147bfa53..e05cec23760 100644 --- a/2024/23xxx/CVE-2024-23257.json +++ b/2024/23xxx/CVE-2024-23257.json @@ -102,6 +102,26 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23258.json b/2024/23xxx/CVE-2024-23258.json index 273bf748b72..80190d02f1e 100644 --- a/2024/23xxx/CVE-2024-23258.json +++ b/2024/23xxx/CVE-2024-23258.json @@ -75,6 +75,16 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23262.json b/2024/23xxx/CVE-2024-23262.json index b1428909a87..be24501e0c3 100644 --- a/2024/23xxx/CVE-2024-23262.json +++ b/2024/23xxx/CVE-2024-23262.json @@ -80,6 +80,11 @@ "url": "https://support.apple.com/en-us/HT214082", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214082" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23263.json b/2024/23xxx/CVE-2024-23263.json index 1e6003af12d..dba5e9e7f28 100644 --- a/2024/23xxx/CVE-2024-23263.json +++ b/2024/23xxx/CVE-2024-23263.json @@ -148,6 +148,31 @@ "url": "https://support.apple.com/en-us/HT214088", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214088" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/20", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/20" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/25", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/25" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/24", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/24" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23264.json b/2024/23xxx/CVE-2024-23264.json index 00b171a4152..3544773cb49 100644 --- a/2024/23xxx/CVE-2024-23264.json +++ b/2024/23xxx/CVE-2024-23264.json @@ -124,6 +124,31 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/25", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/25" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23265.json b/2024/23xxx/CVE-2024-23265.json index 173fcd5437a..1287e230cef 100644 --- a/2024/23xxx/CVE-2024-23265.json +++ b/2024/23xxx/CVE-2024-23265.json @@ -166,6 +166,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/23", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/23" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23266.json b/2024/23xxx/CVE-2024-23266.json index 8d2c8bd2de5..2aaff25eda3 100644 --- a/2024/23xxx/CVE-2024-23266.json +++ b/2024/23xxx/CVE-2024-23266.json @@ -68,6 +68,21 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23269.json b/2024/23xxx/CVE-2024-23269.json index 55b44b1bbaa..6a1514bc464 100644 --- a/2024/23xxx/CVE-2024-23269.json +++ b/2024/23xxx/CVE-2024-23269.json @@ -68,6 +68,21 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23274.json b/2024/23xxx/CVE-2024-23274.json index eceec1b0918..a732a752d0b 100644 --- a/2024/23xxx/CVE-2024-23274.json +++ b/2024/23xxx/CVE-2024-23274.json @@ -68,6 +68,21 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23276.json b/2024/23xxx/CVE-2024-23276.json index a0a9f429be1..c9c2d9ec72b 100644 --- a/2024/23xxx/CVE-2024-23276.json +++ b/2024/23xxx/CVE-2024-23276.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23283.json b/2024/23xxx/CVE-2024-23283.json index e2ce3561285..c95a7bfc8ba 100644 --- a/2024/23xxx/CVE-2024-23283.json +++ b/2024/23xxx/CVE-2024-23283.json @@ -85,6 +85,21 @@ "url": "https://support.apple.com/en-us/HT214084", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214084" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23284.json b/2024/23xxx/CVE-2024-23284.json index ebf4be30f34..58e72c5936e 100644 --- a/2024/23xxx/CVE-2024-23284.json +++ b/2024/23xxx/CVE-2024-23284.json @@ -148,6 +148,31 @@ "url": "https://support.apple.com/en-us/HT214088", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214088" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/20", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/20" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/25", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/25" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/24", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/24" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23286.json b/2024/23xxx/CVE-2024-23286.json index c491cda3783..040ae2a77d7 100644 --- a/2024/23xxx/CVE-2024-23286.json +++ b/2024/23xxx/CVE-2024-23286.json @@ -166,6 +166,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/23", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/23" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23295.json b/2024/23xxx/CVE-2024-23295.json index 1f0afe5dc9d..d1aea6bcde9 100644 --- a/2024/23xxx/CVE-2024-23295.json +++ b/2024/23xxx/CVE-2024-23295.json @@ -58,6 +58,11 @@ "url": "https://support.apple.com/en-us/HT214087", "refsource": "MISC", "name": "https://support.apple.com/en-us/HT214087" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23296.json b/2024/23xxx/CVE-2024-23296.json index 622e953ca71..d8672adb467 100644 --- a/2024/23xxx/CVE-2024-23296.json +++ b/2024/23xxx/CVE-2024-23296.json @@ -78,6 +78,31 @@ "url": "https://support.apple.com/kb/HT214087", "refsource": "MISC", "name": "https://support.apple.com/kb/HT214087" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/18", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/18" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/21", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/25", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/25" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/24", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/24" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23907.json b/2024/23xxx/CVE-2024-23907.json new file mode 100644 index 00000000000..01a086acc65 --- /dev/null +++ b/2024/23xxx/CVE-2024-23907.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-23907", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/23xxx/CVE-2024-23919.json b/2024/23xxx/CVE-2024-23919.json new file mode 100644 index 00000000000..3c7265630b5 --- /dev/null +++ b/2024/23xxx/CVE-2024-23919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-23919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24692.json b/2024/24xxx/CVE-2024-24692.json index 2af8b9e953f..fc1797da906 100644 --- a/2024/24xxx/CVE-2024-24692.json +++ b/2024/24xxx/CVE-2024-24692.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24692", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zoom.us", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", + "cweId": "CWE-367" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoom Video Communications, Inc.", + "product": { + "product_data": [ + { + "product_name": "Zoom Rooms Client for Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 5.17.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24009/", + "refsource": "MISC", + "name": "https://www.zoom.com/en/trust/security-bulletin/zsb-24009/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/24xxx/CVE-2024-24693.json b/2024/24xxx/CVE-2024-24693.json index 449f5c9696e..59cd89ef725 100644 --- a/2024/24xxx/CVE-2024-24693.json +++ b/2024/24xxx/CVE-2024-24693.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24693", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@zoom.us", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control (CWE-284)", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zoom Video Communications, Inc.", + "product": { + "product_data": [ + { + "product_name": "Zoom Rooms Client for Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 5.17.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24009/", + "refsource": "MISC", + "name": "https://www.zoom.com/en/trust/security-bulletin/zsb-24009/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/25xxx/CVE-2024-25386.json b/2024/25xxx/CVE-2024-25386.json index 77f9d7df63f..605e494f003 100644 --- a/2024/25xxx/CVE-2024-25386.json +++ b/2024/25xxx/CVE-2024-25386.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://gist.github.com/Shulelk/15c9ba8d6b54dd4256a50a24ac7dd0a2", "url": "https://gist.github.com/Shulelk/15c9ba8d6b54dd4256a50a24ac7dd0a2" + }, + { + "refsource": "MISC", + "name": "https://laurelbridge.com/security-notice-cve-2024-25386-potential-vulnerability/", + "url": "https://laurelbridge.com/security-notice-cve-2024-25386-potential-vulnerability/" } ] } diff --git a/2024/25xxx/CVE-2024-25939.json b/2024/25xxx/CVE-2024-25939.json new file mode 100644 index 00000000000..32e8b877293 --- /dev/null +++ b/2024/25xxx/CVE-2024-25939.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-25939", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26021.json b/2024/26xxx/CVE-2024-26021.json new file mode 100644 index 00000000000..2216d0c73db --- /dev/null +++ b/2024/26xxx/CVE-2024-26021.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-26021", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26027.json b/2024/26xxx/CVE-2024-26027.json new file mode 100644 index 00000000000..d2850dce3fd --- /dev/null +++ b/2024/26xxx/CVE-2024-26027.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-26027", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26259.json b/2024/26xxx/CVE-2024-26259.json new file mode 100644 index 00000000000..f288b0e2e86 --- /dev/null +++ b/2024/26xxx/CVE-2024-26259.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-26259", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26529.json b/2024/26xxx/CVE-2024-26529.json index 2d63c5a502e..f2e8e35434f 100644 --- a/2024/26xxx/CVE-2024-26529.json +++ b/2024/26xxx/CVE-2024-26529.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-26529", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-26529", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mz-automation/libiec61850/issues/492", + "refsource": "MISC", + "name": "https://github.com/mz-automation/libiec61850/issues/492" + }, + { + "url": "https://github.com/mz-automation/libiec61850/issues/495", + "refsource": "MISC", + "name": "https://github.com/mz-automation/libiec61850/issues/495" } ] } diff --git a/2024/26xxx/CVE-2024-26622.json b/2024/26xxx/CVE-2024-26622.json index c69dc0cbd91..ce19ad847e5 100644 --- a/2024/26xxx/CVE-2024-26622.json +++ b/2024/26xxx/CVE-2024-26622.json @@ -142,6 +142,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/" } ] }, diff --git a/2024/27xxx/CVE-2024-27440.json b/2024/27xxx/CVE-2024-27440.json index 722ec199de8..3b6c2beac51 100644 --- a/2024/27xxx/CVE-2024-27440.json +++ b/2024/27xxx/CVE-2024-27440.json @@ -1,17 +1,83 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27440", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper server certificate verification" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toyoko Inn IT Solution Co., Ltd.", + "product": { + "product_data": [ + { + "product_name": "Toyoko Inn official App for iOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "prior to 1.13.0" + } + ] + } + }, + { + "product_name": "Toyoko Inn official App for Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "prior 1.3.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270", + "refsource": "MISC", + "name": "https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270" + }, + { + "url": "https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid", + "refsource": "MISC", + "name": "https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid" + }, + { + "url": "https://jvn.jp/en/jp/JVN52919306/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN52919306/" } ] } diff --git a/2024/27xxx/CVE-2024-27507.json b/2024/27xxx/CVE-2024-27507.json index 7bb142f2a02..a922a4139ab 100644 --- a/2024/27xxx/CVE-2024-27507.json +++ b/2024/27xxx/CVE-2024-27507.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2024-34301311f8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVOY7E2QWQRVXZTJGI7Z4KXGSU6BGEKH/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-ef8c8a8b37", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QRV2D4GYUZNZRJHVGFSYSOSZLCETI4E/" } ] } diff --git a/2024/27xxx/CVE-2024-27743.json b/2024/27xxx/CVE-2024-27743.json index 4405e3c4b2c..e17b5e470e4 100644 --- a/2024/27xxx/CVE-2024-27743.json +++ b/2024/27xxx/CVE-2024-27743.json @@ -52,16 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "http://mayurik.com", - "refsource": "MISC", - "name": "http://mayurik.com" - }, - { - "url": "https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html", - "refsource": "MISC", - "name": "https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html" - }, { "refsource": "MISC", "name": "https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27743.md", diff --git a/2024/27xxx/CVE-2024-27744.json b/2024/27xxx/CVE-2024-27744.json index cf44e1de7eb..08bf015291d 100644 --- a/2024/27xxx/CVE-2024-27744.json +++ b/2024/27xxx/CVE-2024-27744.json @@ -52,26 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "http://www.w3.org/2000/svg", - "refsource": "MISC", - "name": "http://www.w3.org/2000/svg" - }, - { - "url": "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd", - "refsource": "MISC", - "name": "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" - }, - { - "url": "http://mayurik.com", - "refsource": "MISC", - "name": "http://mayurik.com" - }, - { - "url": "https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html", - "refsource": "MISC", - "name": "https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html" - }, { "refsource": "MISC", "name": "https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27744.md", diff --git a/2024/27xxx/CVE-2024-27746.json b/2024/27xxx/CVE-2024-27746.json index cd42f32e7d6..633ef38fe25 100644 --- a/2024/27xxx/CVE-2024-27746.json +++ b/2024/27xxx/CVE-2024-27746.json @@ -52,16 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "http://mayurik.com", - "refsource": "MISC", - "name": "http://mayurik.com" - }, - { - "url": "https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html", - "refsource": "MISC", - "name": "https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html" - }, { "refsource": "MISC", "name": "https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27746.md", diff --git a/2024/27xxx/CVE-2024-27747.json b/2024/27xxx/CVE-2024-27747.json index cd2df475af3..e197e7cb16a 100644 --- a/2024/27xxx/CVE-2024-27747.json +++ b/2024/27xxx/CVE-2024-27747.json @@ -52,16 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "http://mayurik.com", - "refsource": "MISC", - "name": "http://mayurik.com" - }, - { - "url": "https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html", - "refsource": "MISC", - "name": "https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html" - }, { "refsource": "MISC", "name": "https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27747.md", diff --git a/2024/28xxx/CVE-2024-28035.json b/2024/28xxx/CVE-2024-28035.json new file mode 100644 index 00000000000..b3d89281933 --- /dev/null +++ b/2024/28xxx/CVE-2024-28035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28169.json b/2024/28xxx/CVE-2024-28169.json new file mode 100644 index 00000000000..e6e3ab5fe99 --- /dev/null +++ b/2024/28xxx/CVE-2024-28169.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28169", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28172.json b/2024/28xxx/CVE-2024-28172.json new file mode 100644 index 00000000000..c65cfd71476 --- /dev/null +++ b/2024/28xxx/CVE-2024-28172.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28172", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28194.json b/2024/28xxx/CVE-2024-28194.json index 5431e2a02a7..db4ddf83027 100644 --- a/2024/28xxx/CVE-2024-28194.json +++ b/2024/28xxx/CVE-2024-28194.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28194", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows attackers to bypass authentication and authenticate as arbitrary YourSpotify users, including admin users. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798: Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Yooooomi", + "product": { + "product_data": [ + { + "product_name": "your_spotify", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-gvcr-g265-j827", + "refsource": "MISC", + "name": "https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-gvcr-g265-j827" + } + ] + }, + "source": { + "advisory": "GHSA-gvcr-g265-j827", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28195.json b/2024/28xxx/CVE-2024-28195.json index 86f5b146095..794d6b2d342 100644 --- a/2024/28xxx/CVE-2024-28195.json +++ b/2024/28xxx/CVE-2024-28195.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28195", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the affected YourSpotify instance. Using repeated CSRF attacks, it is also possible to create a new user on the victim instance and promote the new user to instance administrator if a legitimate administrator visits a website prepared by an attacker. Note: Real-world exploitability of this vulnerability depends on the browser version and browser settings in use by the victim. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Yooooomi", + "product": { + "product_data": [ + { + "product_name": "your_spotify", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-hfgf-99p3-6fjj", + "refsource": "MISC", + "name": "https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-hfgf-99p3-6fjj" + }, + { + "url": "https://github.com/Yooooomi/your_spotify/commit/c3ae87673910c9903bb53088c8b71ed2c9aa54e4", + "refsource": "MISC", + "name": "https://github.com/Yooooomi/your_spotify/commit/c3ae87673910c9903bb53088c8b71ed2c9aa54e4" + } + ] + }, + "source": { + "advisory": "GHSA-hfgf-99p3-6fjj", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28196.json b/2024/28xxx/CVE-2024-28196.json index 4dd731b52fb..e5710db35bf 100644 --- a/2024/28xxx/CVE-2024-28196.json +++ b/2024/28xxx/CVE-2024-28196.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28196", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version < 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger actions, such as allowing signup of other users or deleting the current user account. Clickjacking works by opening the target application in an invisible iframe on an attacker-controlled site and luring a victim to visit the attacker page and interacting with it. By positioning elements over the invisible iframe, a victim can be tricked into triggering malicious or destructive actions in the invisible iframe, while they think they interact with a totally different site altogether. When a victim visits an attacker-controlled site while they are logged into YourSpotify, they can be tricked into performing actions on their YourSpotify instance without their knowledge. These actions include allowing signup of other users or deleting the current user account, resulting in a high impact to the integrity of YourSpotify. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames", + "cweId": "CWE-1021" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Yooooomi", + "product": { + "product_data": [ + { + "product_name": "your_spotify", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-m5x2-6hjm-cggq", + "refsource": "MISC", + "name": "https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-m5x2-6hjm-cggq" + } + ] + }, + "source": { + "advisory": "GHSA-m5x2-6hjm-cggq", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28623.json b/2024/28xxx/CVE-2024-28623.json index a49e9bc65c4..4162e582b39 100644 --- a/2024/28xxx/CVE-2024-28623.json +++ b/2024/28xxx/CVE-2024-28623.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28623", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28623", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/GURJOTEXPERT/ritecms", + "url": "https://github.com/GURJOTEXPERT/ritecms" } ] } diff --git a/2024/28xxx/CVE-2024-28960.json b/2024/28xxx/CVE-2024-28960.json new file mode 100644 index 00000000000..c72b1b1dbca --- /dev/null +++ b/2024/28xxx/CVE-2024-28960.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28960", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28981.json b/2024/28xxx/CVE-2024-28981.json new file mode 100644 index 00000000000..1b6cd30af02 --- /dev/null +++ b/2024/28xxx/CVE-2024-28981.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28981", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28982.json b/2024/28xxx/CVE-2024-28982.json new file mode 100644 index 00000000000..728470ae074 --- /dev/null +++ b/2024/28xxx/CVE-2024-28982.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28982", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28983.json b/2024/28xxx/CVE-2024-28983.json new file mode 100644 index 00000000000..f8571e5e8a4 --- /dev/null +++ b/2024/28xxx/CVE-2024-28983.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28983", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28984.json b/2024/28xxx/CVE-2024-28984.json new file mode 100644 index 00000000000..298b5511a9a --- /dev/null +++ b/2024/28xxx/CVE-2024-28984.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28984", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28985.json b/2024/28xxx/CVE-2024-28985.json new file mode 100644 index 00000000000..b89ee891349 --- /dev/null +++ b/2024/28xxx/CVE-2024-28985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29006.json b/2024/29xxx/CVE-2024-29006.json new file mode 100644 index 00000000000..e1d0da5b5a6 --- /dev/null +++ b/2024/29xxx/CVE-2024-29006.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29006", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29007.json b/2024/29xxx/CVE-2024-29007.json new file mode 100644 index 00000000000..07f4907cd48 --- /dev/null +++ b/2024/29xxx/CVE-2024-29007.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29007", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2182.json b/2024/2xxx/CVE-2024-2182.json index 4056438e122..0c5781c8ee7 100644 --- a/2024/2xxx/CVE-2024-2182.json +++ b/2024/2xxx/CVE-2024-2182.json @@ -132,7 +132,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { @@ -150,19 +150,19 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] @@ -175,7 +175,13 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" } }, { @@ -193,31 +199,25 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] diff --git a/2024/2xxx/CVE-2024-2400.json b/2024/2xxx/CVE-2024-2400.json index f1eb96a2f23..e843e42ad02 100644 --- a/2024/2xxx/CVE-2024-2400.json +++ b/2024/2xxx/CVE-2024-2400.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2400", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "122.0.6261.128", + "version_value": "122.0.6261.128" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html" + }, + { + "url": "https://issues.chromium.org/issues/327696052", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/327696052" } ] } diff --git a/2024/2xxx/CVE-2024-2403.json b/2024/2xxx/CVE-2024-2403.json index a0a1b78341b..e062e7e0440 100644 --- a/2024/2xxx/CVE-2024-2403.json +++ b/2024/2xxx/CVE-2024-2403.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2403", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@devolutions.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nImproper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and\nearlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Devolutions", + "product": { + "product_data": [ + { + "product_name": "Remote Desktop Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2024-0004", + "refsource": "MISC", + "name": "https://devolutions.net/security/advisories/DEVO-2024-0004" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2412.json b/2024/2xxx/CVE-2024-2412.json index 4b73eec12e7..e0e8f4dae7d 100644 --- a/2024/2xxx/CVE-2024-2412.json +++ b/2024/2xxx/CVE-2024-2412.json @@ -68,9 +68,9 @@ "references": { "reference_data": [ { - "url": "https://www.twcert.org.tw/tw/lp-132-1.html", + "url": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html", "refsource": "MISC", - "name": "https://www.twcert.org.tw/tw/lp-132-1.html" + "name": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html" } ] }, diff --git a/2024/2xxx/CVE-2024-2413.json b/2024/2xxx/CVE-2024-2413.json index 65a5e70dcbe..7288f0da718 100644 --- a/2024/2xxx/CVE-2024-2413.json +++ b/2024/2xxx/CVE-2024-2413.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@cert.org.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-321: Use of Hard-coded Cryptographic Key", + "cweId": "CWE-321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intumit", + "product": { + "product_data": [ + { + "product_name": "SmartRobot", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "earlier version", + "version_value": "v6.1.2-202212tw" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TVN-202403002", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to v6.2.0-202303tw or later version or change current encryption key." + } + ], + "value": "Update to v6.2.0-202303tw or later version or change current encryption key." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2418.json b/2024/2xxx/CVE-2024-2418.json new file mode 100644 index 00000000000..06cf45dc2a8 --- /dev/null +++ b/2024/2xxx/CVE-2024-2418.json @@ -0,0 +1,105 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2418", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view_order.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256705 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester Best POS Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /view_order.php. Durch das Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Best POS Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256705", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256705" + }, + { + "url": "https://vuldb.com/?ctiid.256705", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256705" + }, + { + "url": "https://github.com/ycxdzj/CVE_Hunter/blob/main/SQLi-6.md", + "refsource": "MISC", + "name": "https://github.com/ycxdzj/CVE_Hunter/blob/main/SQLi-6.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "hjhctzz (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2431.json b/2024/2xxx/CVE-2024-2431.json index 045ef1c31c3..32224c316e4 100644 --- a/2024/2xxx/CVE-2024-2431.json +++ b/2024/2xxx/CVE-2024-2431.json @@ -1,17 +1,204 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2431", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@paloaltonetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palo Alto Networks", + "product": { + "product_data": [ + { + "product_name": "GlobalProtect App", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.0.4", + "status": "unaffected" + } + ], + "lessThan": "6.0.4", + "status": "affected", + "version": "6.0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "5.1.12", + "status": "unaffected" + } + ], + "lessThan": "5.1.12", + "status": "affected", + "version": "5.1", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "5.2.13", + "status": "unaffected" + } + ], + "lessThan": "5.2.13", + "status": "affected", + "version": "5.2", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "6.1.1", + "status": "unaffected" + } + ], + "lessThan": "6.1.1", + "status": "affected", + "version": "6.1", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "6.2" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2024-2431", + "refsource": "MISC", + "name": "https://security.paloaltonetworks.com/CVE-2024-2431" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "GPC-15349" + ], + "discovery": "EXTERNAL" + }, + "configuration": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This is an issue only if \"Allow User to Disable GlobalProtect App\" is set to \"Allow with Passcode\". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed." + } + ], + "value": "This is an issue only if \"Allow User to Disable GlobalProtect App\" is set to \"Allow with Passcode\". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed." + } + ], + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "You can mitigate this issue by setting \"Allow User to Disable GlobalProtect App\" to \"Disallow\" or \"Allow with Ticket.\"
" + } + ], + "value": "You can mitigate this issue by setting \"Allow User to Disable GlobalProtect App\" to \"Disallow\" or \"Allow with Ticket.\"\n" + } + ], + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.
" + } + ], + "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.
" + } + ], + "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Palo Alto Networks thanks AIG Red Team and Stephen Collyer for discovering and reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2432.json b/2024/2xxx/CVE-2024-2432.json index f895edec5f8..0ef8e53e22d 100644 --- a/2024/2xxx/CVE-2024-2432.json +++ b/2024/2xxx/CVE-2024-2432.json @@ -1,17 +1,174 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2432", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@paloaltonetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palo Alto Networks", + "product": { + "product_data": [ + { + "product_name": "GlobalProtect App", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "5.1.12", + "status": "unaffected" + } + ], + "lessThan": "5.1.12", + "status": "affected", + "version": "5.1", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "6.0.8", + "status": "unaffected" + } + ], + "lessThan": "6.0.8", + "status": "affected", + "version": "6.0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "6.1.2", + "status": "unaffected" + } + ], + "lessThan": "6.1.2", + "status": "affected", + "version": "6.1", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "6.2.1", + "status": "unaffected" + } + ], + "lessThan": "6.2.1", + "status": "affected", + "version": "6.2", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2024-2432", + "refsource": "MISC", + "name": "https://security.paloaltonetworks.com/CVE-2024-2432" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "GPC-18129" + ], + "discovery": "EXTERNAL" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.
" + } + ], + "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.2, GlobalProtect app 6.2.1, and all later GlobalProtect app versions on Windows.
" + } + ], + "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.2, GlobalProtect app 6.2.1, and all later GlobalProtect app versions on Windows.\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Palo Alto Networks thanks Erwin Chan for discovering and reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2433.json b/2024/2xxx/CVE-2024-2433.json index 02f1aecf823..0c3c1461850 100644 --- a/2024/2xxx/CVE-2024-2433.json +++ b/2024/2xxx/CVE-2024-2433.json @@ -1,17 +1,242 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2433", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@paloaltonetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. \n\n\n\nThis issue affects only the web interface of the management plane; the dataplane is unaffected.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palo Alto Networks", + "product": { + "product_data": [ + { + "product_name": "PAN-OS", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "9.0.17-h4", + "status": "unaffected" + } + ], + "lessThan": "9.0.17-h4", + "status": "affected", + "version": "9.0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "9.1.17", + "status": "unaffected" + } + ], + "lessThan": "9.1.17", + "status": "affected", + "version": "9.1", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "10.1.12", + "status": "unaffected" + } + ], + "lessThan": "10.1.12", + "status": "affected", + "version": "10.1", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "10.2.8", + "status": "unaffected" + } + ], + "lessThan": "10.2.8", + "status": "affected", + "version": "10.2", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "11.0.3", + "status": "unaffected" + } + ], + "lessThan": "11.0.3", + "status": "affected", + "version": "11.0", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "11.1" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Cloud NGFW", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "All" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Prisma Access", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "All" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2024-2433", + "refsource": "MISC", + "name": "https://security.paloaltonetworks.com/CVE-2024-2433" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "PAN-181876", + "PAN-218663" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the effect of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.
" + } + ], + "value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the effect of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices .\n" + } + ], + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.
" + } + ], + "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in Panorama on PAN-OS 9.0.17-h4, PAN-OS 9.1.18, PAN-OS 10.1.12, PAN-OS 10.2.11, PAN-OS 11.0.4, and all later PAN-OS versions.
" + } + ], + "value": "This issue is fixed in Panorama on PAN-OS 9.0.17-h4, PAN-OS 9.1.18, PAN-OS 10.1.12, PAN-OS 10.2.11, PAN-OS 11.0.4, and all later PAN-OS versions.\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Palo Alto Networks thanks Omar Eissa (https://de.linkedin.com/in/oeissa) for discovering and reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2434.json b/2024/2xxx/CVE-2024-2434.json new file mode 100644 index 00000000000..ee295cffa1d --- /dev/null +++ b/2024/2xxx/CVE-2024-2434.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2434", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2435.json b/2024/2xxx/CVE-2024-2435.json new file mode 100644 index 00000000000..68c9bebadd8 --- /dev/null +++ b/2024/2xxx/CVE-2024-2435.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2435", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2436.json b/2024/2xxx/CVE-2024-2436.json new file mode 100644 index 00000000000..0271979303d --- /dev/null +++ b/2024/2xxx/CVE-2024-2436.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2436", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2437.json b/2024/2xxx/CVE-2024-2437.json new file mode 100644 index 00000000000..297b7e3b3c1 --- /dev/null +++ b/2024/2xxx/CVE-2024-2437.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2437", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2438.json b/2024/2xxx/CVE-2024-2438.json new file mode 100644 index 00000000000..45acf9a2d75 --- /dev/null +++ b/2024/2xxx/CVE-2024-2438.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2438", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2443.json b/2024/2xxx/CVE-2024-2443.json new file mode 100644 index 00000000000..978a98f26b9 --- /dev/null +++ b/2024/2xxx/CVE-2024-2443.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2443", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file