diff --git a/2023/6xxx/CVE-2023-6195.json b/2023/6xxx/CVE-2023-6195.json
index 96ca76fbfe6..5192ca0c5ba 100644
--- a/2023/6xxx/CVE-2023-6195.json
+++ b/2023/6xxx/CVE-2023-6195.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6195",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-918: Server-Side Request Forgery (SSRF)",
+ "cweId": "CWE-918"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GitLab",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "GitLab",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "15.5",
+ "version_value": "16.9.7"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "16.10",
+ "version_value": "16.10.5"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "16.11",
+ "version_value": "16.11.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/432276",
+ "refsource": "MISC",
+ "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/432276"
+ },
+ {
+ "url": "https://hackerone.com/reports/2249268",
+ "refsource": "MISC",
+ "name": "https://hackerone.com/reports/2249268"
+ }
+ ]
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "value": "Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Thanks [imrerad](https://hackerone.com/imrerad) for reporting this vulnerability through our HackerOne bug bounty program"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 2.6,
+ "baseSeverity": "LOW"
}
]
}
diff --git a/2024/13xxx/CVE-2024-13816.json b/2024/13xxx/CVE-2024-13816.json
new file mode 100644
index 00000000000..880bb078f50
--- /dev/null
+++ b/2024/13xxx/CVE-2024-13816.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-13816",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/1xxx/CVE-2024-1211.json b/2024/1xxx/CVE-2024-1211.json
index 0e32e73fe58..102e1b76a3b 100644
--- a/2024/1xxx/CVE-2024-1211.json
+++ b/2024/1xxx/CVE-2024-1211.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1211",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@gitlab.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-352: Cross-Site Request Forgery (CSRF)",
+ "cweId": "CWE-352"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "GitLab",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "GitLab",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "10.6",
+ "version_value": "16.9.7"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "16.10",
+ "version_value": "16.10.5"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "16.11",
+ "version_value": "16.11.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/440313",
+ "refsource": "MISC",
+ "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/440313"
+ },
+ {
+ "url": "https://hackerone.com/reports/2323594",
+ "refsource": "MISC",
+ "name": "https://hackerone.com/reports/2323594"
+ }
+ ]
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "value": "Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Thanks [sim4n6](https://hackerone.com/sim4n6) for reporting this vulnerability through our HackerOne bug bounty program"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2024/23xxx/CVE-2024-23962.json b/2024/23xxx/CVE-2024-23962.json
index c8e88b9be6b..afa9cfc537b 100644
--- a/2024/23xxx/CVE-2024-23962.json
+++ b/2024/23xxx/CVE-2024-23962.json
@@ -1,18 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23962",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Alpine",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Halo9",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-847/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-847/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Alpine conducted a Threat Assessment and Remediation Analysis (TARA) in accordance with ISO21434, and concluded that the vulnerability is classified as \"Sharing the Risk\". Alpine states that they will continue to use the current software without a releasing patch."
+ }
+ ],
+ "value": "Alpine conducted a Threat Assessment and Remediation Analysis (TARA) in accordance with ISO21434, and concluded that the vulnerability is classified as \"Sharing the Risk\". Alpine states that they will continue to use the current software without a releasing patch."
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/23xxx/CVE-2024-23963.json b/2024/23xxx/CVE-2024-23963.json
index 5f7fcdbeb0f..7b492bbf557 100644
--- a/2024/23xxx/CVE-2024-23963.json
+++ b/2024/23xxx/CVE-2024-23963.json
@@ -1,18 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23963",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the PBAP_DecodeVCARD function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Alpine",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Halo9",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-850/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-850/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Alpine conducted a Threat Assessment and Remediation Analysis (TARA) in accordance with ISO21434, and concluded that the vulnerability is classified as \"Sharing the Risk\". Alpine states that they will continue to use the current software without a releasing patch.
"
+ }
+ ],
+ "value": "Alpine conducted a Threat Assessment and Remediation Analysis (TARA) in accordance with ISO21434, and concluded that the vulnerability is classified as \"Sharing the Risk\". Alpine states that they will continue to use the current software without a releasing patch."
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/23xxx/CVE-2024-23968.json b/2024/23xxx/CVE-2024-23968.json
index b7fac2fcfa6..876096b5fa5 100644
--- a/2024/23xxx/CVE-2024-23968.json
+++ b/2024/23xxx/CVE-2024-23968.json
@@ -1,18 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23968",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ChargePoint",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Home Flex",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1050/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1050/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "The vendor states this vulnerability was patched in April 2024.
"
+ }
+ ],
+ "value": "The vendor states this vulnerability was patched in April 2024."
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/23xxx/CVE-2024-23969.json b/2024/23xxx/CVE-2024-23969.json
index f6f955f0cfd..9f5d6689079 100644
--- a/2024/23xxx/CVE-2024-23969.json
+++ b/2024/23xxx/CVE-2024-23969.json
@@ -1,18 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23969",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the wlanchnllst function. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ChargePoint",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Home Flex",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1051/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1051/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "The vendor states this vulnerability was patched in April 2024.\n\n
"
+ }
+ ],
+ "value": "The vendor states this vulnerability was patched in April 2024."
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/23xxx/CVE-2024-23970.json b/2024/23xxx/CVE-2024-23970.json
index 7c515124729..81d24a3bff0 100644
--- a/2024/23xxx/CVE-2024-23970.json
+++ b/2024/23xxx/CVE-2024-23970.json
@@ -1,18 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23970",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ChargePoint",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Home Flex",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1052/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1052/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application\n\n
"
+ }
+ ],
+ "value": "Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/23xxx/CVE-2024-23971.json b/2024/23xxx/CVE-2024-23971.json
index 2e0a3198e00..3ff12eb6a80 100644
--- a/2024/23xxx/CVE-2024-23971.json
+++ b/2024/23xxx/CVE-2024-23971.json
@@ -1,18 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23971",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ChargePoint",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Home Flex",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1053/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1053/"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "The vendor states this vulnerability was patched in April 2024.\n\n
"
+ }
+ ],
+ "value": "The vendor states this vulnerability was patched in April 2024."
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/23xxx/CVE-2024-23973.json b/2024/23xxx/CVE-2024-23973.json
index 35c41d5d09c..1bf79d3078d 100644
--- a/2024/23xxx/CVE-2024-23973.json
+++ b/2024/23xxx/CVE-2024-23973.json
@@ -1,18 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23973",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.\u00a0\n\nThe specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Silicon Labs",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Gecko OS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-873/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-873/"
+ },
+ {
+ "url": "https://community.silabs.com/a45Vm0000000Atp",
+ "refsource": "MISC",
+ "name": "https://community.silabs.com/a45Vm0000000Atp"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Silicon Labs has issued an update to correct this vulnerability. More details can be found at:
https://community.silabs.com/a45Vm0000000Atp"
+ }
+ ],
+ "value": "Silicon Labs has issued an update to correct this vulnerability. More details can be found at:\n https://community.silabs.com/a45Vm0000000Atp"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/24xxx/CVE-2024-24731.json b/2024/24xxx/CVE-2024-24731.json
index 1c874b8eb36..9a5b98e9550 100644
--- a/2024/24xxx/CVE-2024-24731.json
+++ b/2024/24xxx/CVE-2024-24731.json
@@ -1,18 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24731",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Silicon Labs",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Gecko OS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-870/",
+ "refsource": "MISC",
+ "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-870/"
+ },
+ {
+ "url": "https://community.silabs.com/a45Vm0000000Atp",
+ "refsource": "MISC",
+ "name": "https://community.silabs.com/a45Vm0000000Atp"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Silicon Labs has issued an update to correct this vulnerability. More details can be found at:
https://community.silabs.com/a45Vm0000000Atp"
+ }
+ ],
+ "value": "Silicon Labs has issued an update to correct this vulnerability. More details can be found at:\n https://community.silabs.com/a45Vm0000000Atp"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0915.json b/2025/0xxx/CVE-2025-0915.json
new file mode 100644
index 00000000000..fd7b2acc0ea
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0915.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0915",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0916.json b/2025/0xxx/CVE-2025-0916.json
new file mode 100644
index 00000000000..ea3f91c445c
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0916.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0916",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/0xxx/CVE-2025-0917.json b/2025/0xxx/CVE-2025-0917.json
new file mode 100644
index 00000000000..e564e6d4527
--- /dev/null
+++ b/2025/0xxx/CVE-2025-0917.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-0917",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file