From 2b29cdcc9f6d6bffddc49e6766ab4e656e005579 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 26 Sep 2024 22:00:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/3xxx/CVE-2023-3518.json | 19 ++---- 2023/3xxx/CVE-2023-3774.json | 19 ++---- 2023/3xxx/CVE-2023-3775.json | 19 ++---- 2023/41xxx/CVE-2023-41094.json | 15 +---- 2023/5xxx/CVE-2023-5077.json | 19 ++---- 2024/40xxx/CVE-2024-40506.json | 56 ++++++++++++++-- 2024/40xxx/CVE-2024-40507.json | 61 +++++++++++++++-- 2024/40xxx/CVE-2024-40508.json | 61 +++++++++++++++-- 2024/47xxx/CVE-2024-47076.json | 96 ++++++++++++++++++++++++-- 2024/47xxx/CVE-2024-47175.json | 101 ++++++++++++++++++++++++++-- 2024/47xxx/CVE-2024-47176.json | 119 +++++++++++++++++++++++++++++++-- 2024/47xxx/CVE-2024-47177.json | 96 ++++++++++++++++++++++++-- 2024/7xxx/CVE-2024-7259.json | 2 +- 2024/9xxx/CVE-2024-9267.json | 18 +++++ 14 files changed, 602 insertions(+), 99 deletions(-) create mode 100644 2024/9xxx/CVE-2024-9267.json diff --git a/2023/3xxx/CVE-2023-3518.json b/2023/3xxx/CVE-2023-3518.json index 192d5f360ce..cfc0cadeeaa 100644 --- a/2023/3xxx/CVE-2023-3518.json +++ b/2023/3xxx/CVE-2023-3518.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-285 Improper Authorization", - "cweId": "CWE-285" + "value": "CWE-266: Incorrect Privilege Assignment", + "cweId": "CWE-266" } ] } @@ -73,23 +73,16 @@ ] }, "source": { + "advisory": "HCSEC-2023-25", "discovery": "INTERNAL" }, "impact": { "cvss": [ { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "baseSeverity": "HIGH", "baseScore": 7.4, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3774.json b/2023/3xxx/CVE-2023-3774.json index 3e2ba43154d..12a85ef0774 100644 --- a/2023/3xxx/CVE-2023-3774.json +++ b/2023/3xxx/CVE-2023-3774.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-703: Improper Check or Handling of Exceptional Conditions", - "cweId": "CWE-703" + "value": "CWE-248: Uncaught Exception", + "cweId": "CWE-248" } ] } @@ -70,23 +70,16 @@ ] }, "source": { + "advisory": "HCSEC-2023-23", "discovery": "INTERNAL" }, "impact": { "cvss": [ { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "HIGH", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseSeverity": "MEDIUM", "baseScore": 4.9, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3775.json b/2023/3xxx/CVE-2023-3775.json index cb33585ed50..eaa1cab9faf 100644 --- a/2023/3xxx/CVE-2023-3775.json +++ b/2023/3xxx/CVE-2023-3775.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-20: Improper Input Validation", - "cweId": "CWE-20" + "value": "CWE-266: Incorrect Privilege Assignment", + "cweId": "CWE-266" } ] } @@ -73,23 +73,16 @@ ] }, "source": { + "advisory": "HCSEC-2023-29", "discovery": "EXTERNAL" }, "impact": { "cvss": [ { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "HIGH", - "privilegesRequired": "HIGH", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseSeverity": "MEDIUM", "baseScore": 4.2, - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H" + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41094.json b/2023/41xxx/CVE-2023-41094.json index 1c5aab5220f..d14219dcec1 100644 --- a/2023/41xxx/CVE-2023-41094.json +++ b/2023/41xxx/CVE-2023-41094.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "\nTouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration\n\nThis issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected\n\n\n" + "value": "TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration\n\nThis issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected" } ] }, @@ -21,17 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-672 Operation on a Resource after Expiration or Release", - "cweId": "CWE-672" - } - ] - }, - { - "description": [ - { - "lang": "eng", - "value": "CWE-772 Missing Release of Resource after Effective Lifetime", - "cweId": "CWE-772" + "value": "CWE-940 Improper Verification of Source of a Communication Channel", + "cweId": "CWE-940" } ] } diff --git a/2023/5xxx/CVE-2023-5077.json b/2023/5xxx/CVE-2023-5077.json index ff62c1a0154..b7e58c95635 100644 --- a/2023/5xxx/CVE-2023-5077.json +++ b/2023/5xxx/CVE-2023-5077.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", - "cweId": "CWE-732" + "value": "CWE-266: Incorrect Privilege Assignment", + "cweId": "CWE-266" } ] } @@ -75,23 +75,16 @@ ] }, "source": { + "advisory": "HCSEC-2023-30", "discovery": "EXTERNAL" }, "impact": { "cvss": [ { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "HIGH", - "privilegesRequired": "HIGH", - "userInteraction": "REQUIRED", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseSeverity": "HIGH", "baseScore": 7.6, - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H" + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/40xxx/CVE-2024-40506.json b/2024/40xxx/CVE-2024-40506.json index 843bb26763f..cd081f82139 100644 --- a/2024/40xxx/CVE-2024-40506.json +++ b/2024/40xxx/CVE-2024-40506.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40506", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40506", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Jansen-C-Moreira/CVE-2024-40506", + "url": "https://github.com/Jansen-C-Moreira/CVE-2024-40506" } ] } diff --git a/2024/40xxx/CVE-2024-40507.json b/2024/40xxx/CVE-2024-40507.json index ef38b7c8792..39eb3140346 100644 --- a/2024/40xxx/CVE-2024-40507.json +++ b/2024/40xxx/CVE-2024-40507.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40507", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40507", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openpetra/openpetra", + "refsource": "MISC", + "name": "https://github.com/openpetra/openpetra" + }, + { + "refsource": "MISC", + "name": "https://github.com/Jansen-C-Moreira/CVE-2024-40507", + "url": "https://github.com/Jansen-C-Moreira/CVE-2024-40507" } ] } diff --git a/2024/40xxx/CVE-2024-40508.json b/2024/40xxx/CVE-2024-40508.json index 8b2d50865f0..54e57e1893d 100644 --- a/2024/40xxx/CVE-2024-40508.json +++ b/2024/40xxx/CVE-2024-40508.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40508", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40508", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openpetra/openpetra", + "refsource": "MISC", + "name": "https://github.com/openpetra/openpetra" + }, + { + "refsource": "MISC", + "name": "https://github.com/Jansen-C-Moreira/CVE-2024-40508", + "url": "https://github.com/Jansen-C-Moreira/CVE-2024-40508" } ] } diff --git a/2024/47xxx/CVE-2024-47076.json b/2024/47xxx/CVE-2024-47076.json index 1daea798086..e3c0aa9f9ed 100644 --- a/2024/47xxx/CVE-2024-47076.json +++ b/2024/47xxx/CVE-2024-47076.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47076", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenPrinting", + "product": { + "product_data": [ + { + "product_name": "libcupsfilters", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 2.1b1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5" + }, + { + "url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8" + }, + { + "url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47" + }, + { + "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6" + }, + { + "url": "https://www.cups.org", + "refsource": "MISC", + "name": "https://www.cups.org" + } + ] + }, + "source": { + "advisory": "GHSA-w63j-6g73-wmg5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/47xxx/CVE-2024-47175.json b/2024/47xxx/CVE-2024-47175.json index bed9b474c5e..c8bc5321407 100644 --- a/2024/47xxx/CVE-2024-47175.json +++ b/2024/47xxx/CVE-2024-47175.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47175", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenPrinting", + "product": { + "product_data": [ + { + "product_name": "libppd", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 2.1b1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6" + }, + { + "url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8" + }, + { + "url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47" + }, + { + "url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5" + }, + { + "url": "https://www.cups.org", + "refsource": "MISC", + "name": "https://www.cups.org" + }, + { + "url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I", + "refsource": "MISC", + "name": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I" + } + ] + }, + "source": { + "advisory": "GHSA-7xfx-47qg-grp6", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/47xxx/CVE-2024-47176.json b/2024/47xxx/CVE-2024-47176.json index 51630b715f8..5f709064015 100644 --- a/2024/47xxx/CVE-2024-47176.json +++ b/2024/47xxx/CVE-2024-47176.json @@ -1,17 +1,128 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47176", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL.\n\nDue to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-749: Exposed Dangerous Method or Function", + "cweId": "CWE-749" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-1327: Binding to an Unrestricted IP Address", + "cweId": "CWE-1327" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenPrinting", + "product": { + "product_data": [ + { + "product_name": "cups-browsed", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "= 2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8" + }, + { + "url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47" + }, + { + "url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5" + }, + { + "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6" + }, + { + "url": "https://github.com/OpenPrinting/cups-browsed/blob/master/daemon/cups-browsed.c#L13992", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/cups-browsed/blob/master/daemon/cups-browsed.c#L13992" + }, + { + "url": "https://www.cups.org", + "refsource": "MISC", + "name": "https://www.cups.org" + } + ] + }, + "source": { + "advisory": "GHSA-rj88-6mr5-rcw8", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/47xxx/CVE-2024-47177.json b/2024/47xxx/CVE-2024-47177.json index b574ca6f84d..bd49bcfabcc 100644 --- a/2024/47xxx/CVE-2024-47177.json +++ b/2024/47xxx/CVE-2024-47177.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47177", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenPrinting", + "product": { + "product_data": [ + { + "product_name": "cups-filters", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47" + }, + { + "url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8" + }, + { + "url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5" + }, + { + "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6", + "refsource": "MISC", + "name": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6" + }, + { + "url": "https://www.cups.org", + "refsource": "MISC", + "name": "https://www.cups.org" + } + ] + }, + "source": { + "advisory": "GHSA-p9rh-jxmq-gq47", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/7xxx/CVE-2024-7259.json b/2024/7xxx/CVE-2024-7259.json index 513bca13363..d8929eb66f1 100644 --- a/2024/7xxx/CVE-2024-7259.json +++ b/2024/7xxx/CVE-2024-7259.json @@ -42,7 +42,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] diff --git a/2024/9xxx/CVE-2024-9267.json b/2024/9xxx/CVE-2024-9267.json new file mode 100644 index 00000000000..0374c147ca0 --- /dev/null +++ b/2024/9xxx/CVE-2024-9267.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9267", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file