admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-15 18:00:37 +00:00
parent aa57f1706d
commit 1d0c4b79f6
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
50 changed files with 2252 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

233
2021/1xxx/CVE-2021-1466.json
View File

@ -1,17 +1,242 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-1466",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service (DoS) condition.\r\nThe vulnerability is due to incomplete bounds checks for data that is provided to the vDaemon service of an affected system. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on the affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could allow the attacker to cause the vDaemon listening service to reload and result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Catalyst SD-WAN Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "20.1.1.1"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "19.0.0"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "17.2.10"
},
{
"version_affected": "=",
"version_value": "18.3.6.1"
},
{
"version_affected": "=",
"version_value": "19.0.1a"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "17.2.8"
},
{
"version_affected": "=",
"version_value": "18.3.3.1"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "17.2.6"
},
{
"version_affected": "=",
"version_value": "17.2.9"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "17.2.5"
},
{
"version_affected": "=",
"version_value": "18.3.1.1"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "18.4.0.1"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "17.2.7"
},
{
"version_affected": "=",
"version_value": "17.2.4"
},
{
"version_affected": "=",
"version_value": "18.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vdaemon-bo-RuzzEA2",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vdaemon-bo-RuzzEA2"
}
]
},
"source": {
"advisory": "cisco-sa-sdwan-vdaemon-bo-RuzzEA2",
"discovery": "INTERNAL",
"defects": [
"CSCvt11526"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/RL:X/RC:X/E:X",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
}
]
}

114
2024/11xxx/CVE-2024-11248.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11248",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Tenda AC10 16.03.10.13 gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion formSetRebootTimer der Datei /goform/SetSysAutoRebbotCfg. Durch Manipulation des Arguments rebootTime mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "16.03.10.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.284684",
"refsource": "MISC",
"name": "https://vuldb.com/?id.284684"
},
{
"url": "https://vuldb.com/?ctiid.284684",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.284684"
},
{
"url": "https://vuldb.com/?submit.443204",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.443204"
},
{
"url": "https://tasty-foxtrot-3a8.notion.site/Tenda-AC10v4-formSetRebootTimer-stack-overflow-13d0448e619580bf8ab1df7cfb6c018b",
"refsource": "MISC",
"name": "https://tasty-foxtrot-3a8.notion.site/Tenda-AC10v4-formSetRebootTimer-stack-overflow-13d0448e619580bf8ab1df7cfb6c018b"
},
{
"url": "https://www.tenda.com.cn/",
"refsource": "MISC",
"name": "https://www.tenda.com.cn/"
}
]
},
"credits": [
{
"lang": "en",
"value": "hand_king (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}

114
2024/11xxx/CVE-2024-11250.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11250",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in code-projects Inventory Management up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /model/editProduct.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In code-projects Inventory Management bis 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /model/editProduct.php. Mittels Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "code-projects",
"product": {
"product_data": [
{
"product_name": "Inventory Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.284686",
"refsource": "MISC",
"name": "https://vuldb.com/?id.284686"
},
{
"url": "https://vuldb.com/?ctiid.284686",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.284686"
},
{
"url": "https://vuldb.com/?submit.443272",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.443272"
},
{
"url": "https://github.com/sh3rl0ckpggp/0day/blob/main/inventory-management_authenticated_sqli.md",
"refsource": "MISC",
"name": "https://github.com/sh3rl0ckpggp/0day/blob/main/inventory-management_authenticated_sqli.md"
},
{
"url": "https://code-projects.org/",
"refsource": "MISC",
"name": "https://code-projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "sh3rl0ckpgp (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2024/11xxx/CVE-2024-11264.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11264",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11265.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11265",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11266.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11266",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11267.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11267",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11268.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11268",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

61
2024/46xxx/CVE-2024-46383.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46383",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB and Wifi connected devices in plaintext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://skyworth.com",
"refsource": "MISC",
"name": "http://skyworth.com"
},
{
"refsource": "MISC",
"name": "https://github.com/nitinronge91/Sensitive-Information-disclosure-via-SPI-flash-firmware-for-Hathway-router-CVE-2024-46383",
"url": "https://github.com/nitinronge91/Sensitive-Information-disclosure-via-SPI-flash-firmware-for-Hathway-router-CVE-2024-46383"
}
]
}

56
2024/46xxx/CVE-2024-46462.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46462",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZEDMAIL has to be modified to prevent this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.primx.eu/en/bulletins/security-bulletin-24931936/",
"url": "https://www.primx.eu/en/bulletins/security-bulletin-24931936/"
}
]
}

56
2024/46xxx/CVE-2024-46463.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46463",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "By default, dedicated folders of ORIZON for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ORIZON has to be modified to prevent this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.primx.eu/en/bulletins/security-bulletin-24932297/",
"url": "https://www.primx.eu/en/bulletins/security-bulletin-24932297/"
}
]
}

56
2024/46xxx/CVE-2024-46465.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46465",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "By default, dedicated folders of CRYHOD for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of CRYHOD has to be modified to prevent this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.primx.eu/en/bulletins/security-bulletin-24932296/",
"url": "https://www.primx.eu/en/bulletins/security-bulletin-24932296/"
}
]
}

56
2024/46xxx/CVE-2024-46466.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46466",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 or up to Q.2021.2 (ANSSI qualification submission) can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONECENTRAL has to be modified to prevent this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.primx.eu/en/bulletins/security-bulletin-24931934/",
"url": "https://www.primx.eu/en/bulletins/security-bulletin-24931934/"
}
]
}

56
2024/46xxx/CVE-2024-46467.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46467",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "By default, dedicated folders of ZONEPOINT for Windows up to 2024.1 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONEPOINT has to be modified to prevent this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.primx.eu/en/bulletins/security-bulletin-24932299/",
"url": "https://www.primx.eu/en/bulletins/security-bulletin-24932299/"
}
]
}

58
2024/47xxx/CVE-2024-47759.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47759",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document contents. Upgrade to 10.0.17."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "glpi-project",
"product": {
"product_data": [
{
"product_name": "glpi",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 9.2.0, < 10.0.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-474f-9vpp-xxq5",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-474f-9vpp-xxq5"
}
]
},
"source": {
"advisory": "GHSA-474f-9vpp-xxq5",
"discovery": "UNKNOWN"
}
}

91
2024/52xxx/CVE-2024-52507.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52507",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextcloud Tables app is upgraded to 0.8.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639: Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.3.0, < 0.8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rgvc-xr2w-qq45",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rgvc-xr2w-qq45"
},
{
"url": "https://github.com/nextcloud/tables/pull/1406",
"refsource": "MISC",
"name": "https://github.com/nextcloud/tables/pull/1406"
},
{
"url": "https://github.com/nextcloud/tables/commit/13ca45f1b9f70f694aea81b78bc7416ec840c332",
"refsource": "MISC",
"name": "https://github.com/nextcloud/tables/commit/13ca45f1b9f70f694aea81b78bc7416ec840c332"
},
{
"url": "https://hackerone.com/reports/2705507",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2705507"
}
]
},
"source": {
"advisory": "GHSA-rgvc-xr2w-qq45",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

107
2024/52xxx/CVE-2024-52508.json
View File

@ -1,17 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52508",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would be send to the server of the attacker. It is recommended that the Nextcloud Mail app is upgraded to 1.14.6, 1.15.4, 2.2.11, 3.6.3, 3.7.7 or 4.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.9.0, < 1.14.6"
},
{
"version_affected": "=",
"version_value": ">= 2.1.0, < 2.2.11"
},
{
"version_affected": "=",
"version_value": ">= 3.1.0, < 3.6.3"
},
{
"version_affected": "=",
"version_value": ">= 1.15.0, < 1.15.4"
},
{
"version_affected": "=",
"version_value": ">= 3.7.0, < 3.7.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vmhx-hwph-q6mc",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vmhx-hwph-q6mc"
},
{
"url": "https://github.com/nextcloud/mail/pull/9964",
"refsource": "MISC",
"name": "https://github.com/nextcloud/mail/pull/9964"
},
{
"url": "https://github.com/nextcloud/mail/commit/a84c70e15d814dab6f0e8eda71bbaaf48152079b",
"refsource": "MISC",
"name": "https://github.com/nextcloud/mail/commit/a84c70e15d814dab6f0e8eda71bbaaf48152079b"
},
{
"url": "https://hackerone.com/reports/2508422",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2508422"
}
]
},
"source": {
"advisory": "GHSA-vmhx-hwph-q6mc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
]
}

99
2024/52xxx/CVE-2024-52509.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52509",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">=2.2.0, < 2.2.10"
},
{
"version_affected": "=",
"version_value": ">= 3.6.0, < 3.6.2"
},
{
"version_affected": "=",
"version_value": ">= 3.7.0, < 3.7.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pwpp-fvcr-w862",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pwpp-fvcr-w862"
},
{
"url": "https://github.com/nextcloud/mail/pull/9592",
"refsource": "MISC",
"name": "https://github.com/nextcloud/mail/pull/9592"
},
{
"url": "https://github.com/nextcloud/mail/commit/8d44f1ce44684022aa4e62a3e0462fdadcde6c8b",
"refsource": "MISC",
"name": "https://github.com/nextcloud/mail/commit/8d44f1ce44684022aa4e62a3e0462fdadcde6c8b"
},
{
"url": "https://hackerone.com/reports/1878255",
"refsource": "MISC",
"name": "https://hackerone.com/reports/1878255"
}
]
},
"source": {
"advisory": "GHSA-pwpp-fvcr-w862",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

91
2024/52xxx/CVE-2024-52510.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52510",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Desktop client is upgraded to 3.14.2 or later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.0.0, < 3.14.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r4qc-m9mj-452v",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r4qc-m9mj-452v"
},
{
"url": "https://github.com/nextcloud/desktop/pull/7333",
"refsource": "MISC",
"name": "https://github.com/nextcloud/desktop/pull/7333"
},
{
"url": "https://github.com/nextcloud/desktop/commit/97539218e6f63c3a3fd1694cb7d8aef27c5910d7",
"refsource": "MISC",
"name": "https://github.com/nextcloud/desktop/commit/97539218e6f63c3a3fd1694cb7d8aef27c5910d7"
},
{
"url": "https://hackerone.com/reports/2597504",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2597504"
}
]
},
"source": {
"advisory": "GHSA-r4qc-m9mj-452v",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

91
2024/52xxx/CVE-2024-52511.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52511",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no access to. It is recommended that the Nextcloud Tables is upgraded to 0.8.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639: Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.6.0, < 0.8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4qqp-9h2g-7qg7",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4qqp-9h2g-7qg7"
},
{
"url": "https://github.com/nextcloud/tables/pull/1351",
"refsource": "MISC",
"name": "https://github.com/nextcloud/tables/pull/1351"
},
{
"url": "https://github.com/nextcloud/tables/commit/52846ad81fe192ee977f14c82a229b0d9cdc406c",
"refsource": "MISC",
"name": "https://github.com/nextcloud/tables/commit/52846ad81fe192ee977f14c82a229b0d9cdc406c"
},
{
"url": "https://hackerone.com/reports/2671404",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2671404"
}
]
},
"source": {
"advisory": "GHSA-4qqp-9h2g-7qg7",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
}
]
}

91
2024/52xxx/CVE-2024-52512.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52512",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 6.0.0, < 6.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-784j-x2g5-4g7q",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-784j-x2g5-4g7q"
},
{
"url": "https://github.com/nextcloud/user_oidc/pull/961",
"refsource": "MISC",
"name": "https://github.com/nextcloud/user_oidc/pull/961"
},
{
"url": "https://github.com/nextcloud/user_oidc/commit/c923428d51972f6d04636c6accbecdec0c1b88e9",
"refsource": "MISC",
"name": "https://github.com/nextcloud/user_oidc/commit/c923428d51972f6d04636c6accbecdec0c1b88e9"
},
{
"url": "https://hackerone.com/reports/2720030",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2720030"
}
]
},
"source": {
"advisory": "GHSA-784j-x2g5-4g7q",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

99
2024/52xxx/CVE-2024-52513.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52513",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Server is a self hosted personal cloud system. After receiving a \"Files drop\" or \"Password protected\" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 28.0.0, < 28.0.11"
},
{
"version_affected": "=",
"version_value": ">= 29.0.0, < 29.0.8"
},
{
"version_affected": "=",
"version_value": ">= 30.0.0, < 30.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gxph-5m4j-pfmj",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gxph-5m4j-pfmj"
},
{
"url": "https://github.com/nextcloud/text/pull/6485",
"refsource": "MISC",
"name": "https://github.com/nextcloud/text/pull/6485"
},
{
"url": "https://github.com/nextcloud/text/commit/ca24b25c93b81626b4e457c260243edeab5f1548",
"refsource": "MISC",
"name": "https://github.com/nextcloud/text/commit/ca24b25c93b81626b4e457c260243edeab5f1548"
},
{
"url": "https://hackerone.com/reports/2376900",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2376900"
}
]
},
"source": {
"advisory": "GHSA-gxph-5m4j-pfmj",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

95
2024/52xxx/CVE-2024-52514.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52514",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files depending on the user access control rules. It is recommended that the Nextcloud Server is upgraded to 27.1.9, 28.0.5 or 29.0.0 and Nextcloud Enterprise Server is upgraded to 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5 or 29.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 28.0.0, < 28.0.5"
},
{
"version_affected": "=",
"version_value": ">= 27.0.0, < 27.1.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g8pr-g25r-58xj",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g8pr-g25r-58xj"
},
{
"url": "https://github.com/nextcloud/server/pull/44889",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/44889"
},
{
"url": "https://github.com/nextcloud/server/commit/5fffbcfe8650eab75b00e8d188fbc95b0e43f3a8",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/commit/5fffbcfe8650eab75b00e8d188fbc95b0e43f3a8"
},
{
"url": "https://hackerone.com/reports/2447316",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2447316"
}
]
},
"source": {
"advisory": "GHSA-g8pr-g25r-58xj",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

99
2024/52xxx/CVE-2024-52515.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52515",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview the other file instead. It is recommended that the Nextcloud Server is upgraded to 27.1.10, 28.0.6 or 29.0.1 and Nextcloud Enterprise Server is upgraded to 24.0.12.15, 25.0.13.10, 26.0.13.4, 27.1.10, 28.0.6 or 29.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-706: Use of Incorrectly-Resolved Name or Reference",
"cweId": "CWE-706"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 29.0.0, < 29.0.1"
},
{
"version_affected": "=",
"version_value": ">= 28.0.0, < 28.0.6"
},
{
"version_affected": "=",
"version_value": ">= 27.0.0, < 27.1.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5m5g-hw8c-2236",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5m5g-hw8c-2236"
},
{
"url": "https://github.com/nextcloud/server/pull/45340",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/45340"
},
{
"url": "https://github.com/nextcloud/server/commit/7e1c30f82a63fbea8c269e0eec38291377f32604",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/commit/7e1c30f82a63fbea8c269e0eec38291377f32604"
},
{
"url": "https://hackerone.com/reports/2484499",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2484499"
}
]
},
"source": {
"advisory": "GHSA-5m5g-hw8c-2236",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

81
2024/52xxx/CVE-2024-52522.json
View File

@ -1,18 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52522",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')",
"cweId": "CWE-59"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"cweId": "CWE-61"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-281: Improper Preservation of Permissions",
"cweId": "CWE-281"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rclone",
"product": {
"product_data": [
{
"product_name": "rclone",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.59.0, < 1.68.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv",
"refsource": "MISC",
"name": "https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv"
},
{
"url": "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0",
"refsource": "MISC",
"name": "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0"
}
]
},
"source": {
"advisory": "GHSA-hrxh-9w67-g4cv",
"discovery": "UNKNOWN"
}
}

18
2024/52xxx/CVE-2024-52791.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52791",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52792.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52792",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52793.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52793",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52794.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52794",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52795.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52795",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52796.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52796",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52797.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52797",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52798.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52798",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52799.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52799",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52800.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52800",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52801.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52801",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52802.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52802",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52803.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52803",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52804.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52804",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52805.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52805",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52806.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52806",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52807.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52807",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52808.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52808",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52809.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52809",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52810.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52810",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52811.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52811",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52812.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52812",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52813.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52814.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52814",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52815.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52815",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}