diff --git a/2024/21xxx/CVE-2024-21988.json b/2024/21xxx/CVE-2024-21988.json index 103681f3b70..6b4ddf70806 100644 --- a/2024/21xxx/CVE-2024-21988.json +++ b/2024/21xxx/CVE-2024-21988.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21988", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "StorageGRID (formerly StorageGRID Webscale) versions prior to \n11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive \ninformation via complex MiTM attacks due to a vulnerability in the SSH \ncryptographic implementation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NetApp", + "product": { + "product_data": [ + { + "product_name": "StorageGRID (formerly StorageGRID Webscale)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "11.7.0.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.netapp.com/advisory/ntap-20240614-0010/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240614-0010/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "NTAP-20240614-0010", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30119.json b/2024/30xxx/CVE-2024-30119.json index c688d8dbd23..ffa9bc55987 100644 --- a/2024/30xxx/CVE-2024-30119.json +++ b/2024/30xxx/CVE-2024-30119.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30119", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL DRYiCE Optibot Reset Station\u00a0is impacted by a missing Strict Transport Security Header. \u00a0This could allow an attacker to intercept or manipulate data during redirection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522 Insufficiently Protected Credentials", + "cweId": "CWE-522" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "DRYiCE Optibot Reset Station", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0, 2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113496", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113496" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30120.json b/2024/30xxx/CVE-2024-30120.json index 3a70fda9c41..2201663b70f 100644 --- a/2024/30xxx/CVE-2024-30120.json +++ b/2024/30xxx/CVE-2024-30120.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-563: Assignment to Variable without Use", + "cweId": "CWE-563" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "DRYiCE Optibot Reset Station", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0, 2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113496", + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113496" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/37xxx/CVE-2024-37408.json b/2024/37xxx/CVE-2024-37408.json index 1514918dbbc..7a2796157bd 100644 --- a/2024/37xxx/CVE-2024-37408.json +++ b/2024/37xxx/CVE-2024-37408.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[oss-security] 20240614 Re: Security vulnerability in fprintd", "url": "http://www.openwall.com/lists/oss-security/2024/06/14/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20240614 Re: Security vulnerability in fprintd", + "url": "http://www.openwall.com/lists/oss-security/2024/06/14/3" } ] } diff --git a/2024/6xxx/CVE-2024-6003.json b/2024/6xxx/CVE-2024-6003.json index 011995de002..1908ef55068 100644 --- a/2024/6xxx/CVE-2024-6003.json +++ b/2024/6xxx/CVE-2024-6003.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6003", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268692. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /api/v2/maps. Mittels Manipulieren des Arguments orderColumn mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Guangdong Baolun Electronics", + "product": { + "product_data": [ + { + "product_name": "IP Network Broadcasting Service Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.268692", + "refsource": "MISC", + "name": "https://vuldb.com/?id.268692" + }, + { + "url": "https://vuldb.com/?ctiid.268692", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.268692" + }, + { + "url": "https://vuldb.com/?submit.350714", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.350714" + }, + { + "url": "https://github.com/chennuo17/cve", + "refsource": "MISC", + "name": "https://github.com/chennuo17/cve" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "cnsec (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2024/6xxx/CVE-2024-6026.json b/2024/6xxx/CVE-2024-6026.json new file mode 100644 index 00000000000..b72c0be9d7f --- /dev/null +++ b/2024/6xxx/CVE-2024-6026.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6026", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6027.json b/2024/6xxx/CVE-2024-6027.json new file mode 100644 index 00000000000..48417db0575 --- /dev/null +++ b/2024/6xxx/CVE-2024-6027.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6027", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file