diff --git a/2024/10xxx/CVE-2024-10934.json b/2024/10xxx/CVE-2024-10934.json index 56063bec1fa..678e249abe0 100644 --- a/2024/10xxx/CVE-2024-10934.json +++ b/2024/10xxx/CVE-2024-10934.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10934", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, \navoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-415 Double Free", + "cweId": "CWE-415" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenBSD", + "product": { + "product_data": [ + { + "product_name": "OpenBSD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.5", + "version_value": "7.5 errata 008" + }, + { + "version_affected": "<", + "version_name": "7.4", + "version_value": "7.4 errata 021" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/008_nfs.patch.sig", + "refsource": "MISC", + "name": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/008_nfs.patch.sig" + }, + { + "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/021_nfs.patch.sig", + "refsource": "MISC", + "name": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/021_nfs.patch.sig" + } + ] + }, + "impact": { + "cvss": [ + { + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ] } diff --git a/2024/11xxx/CVE-2024-11256.json b/2024/11xxx/CVE-2024-11256.json index a62d5ebb795..973f37a788d 100644 --- a/2024/11xxx/CVE-2024-11256.json +++ b/2024/11xxx/CVE-2024-11256.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11256", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in 1000 Projects Portfolio Management System MCA 1.0 gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /login.php. Durch das Beeinflussen des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "1000 Projects", + "product": { + "product_data": [ + { + "product_name": "Portfolio Management System MCA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.284711", + "refsource": "MISC", + "name": "https://vuldb.com/?id.284711" + }, + { + "url": "https://vuldb.com/?ctiid.284711", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.284711" + }, + { + "url": "https://vuldb.com/?submit.443370", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.443370" + }, + { + "url": "https://github.com/Hacker0xone/CVE/issues/8", + "refsource": "MISC", + "name": "https://github.com/Hacker0xone/CVE/issues/8" + }, + { + "url": "https://1000projects.org/", + "refsource": "MISC", + "name": "https://1000projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "sqlmap961 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2024/11xxx/CVE-2024-11257.json b/2024/11xxx/CVE-2024-11257.json index 32b20b0493b..54dfba24c35 100644 --- a/2024/11xxx/CVE-2024-11257.json +++ b/2024/11xxx/CVE-2024-11257.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11257", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in 1000 Projects Beauty Parlour Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /admin/forgot-password.php. Mit der Manipulation des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "1000 Projects", + "product": { + "product_data": [ + { + "product_name": "Beauty Parlour Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.284715", + "refsource": "MISC", + "name": "https://vuldb.com/?id.284715" + }, + { + "url": "https://vuldb.com/?ctiid.284715", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.284715" + }, + { + "url": "https://vuldb.com/?submit.443385", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.443385" + }, + { + "url": "https://github.com/Hacker0xone/CVE/issues/10", + "refsource": "MISC", + "name": "https://github.com/Hacker0xone/CVE/issues/10" + }, + { + "url": "https://1000projects.org/", + "refsource": "MISC", + "name": "https://1000projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "polaris0x1 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2024/11xxx/CVE-2024-11258.json b/2024/11xxx/CVE-2024-11258.json index f14ef66e18c..db843f7a5e7 100644 --- a/2024/11xxx/CVE-2024-11258.json +++ b/2024/11xxx/CVE-2024-11258.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11258", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In 1000 Projects Beauty Parlour Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /admin/index.php. Durch die Manipulation des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "1000 Projects", + "product": { + "product_data": [ + { + "product_name": "Beauty Parlour Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.284716", + "refsource": "MISC", + "name": "https://vuldb.com/?id.284716" + }, + { + "url": "https://vuldb.com/?ctiid.284716", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.284716" + }, + { + "url": "https://vuldb.com/?submit.443386", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.443386" + }, + { + "url": "https://github.com/Hacker0xone/CVE/issues/11", + "refsource": "MISC", + "name": "https://github.com/Hacker0xone/CVE/issues/11" + }, + { + "url": "https://1000projects.org/", + "refsource": "MISC", + "name": "https://1000projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "polaris0x1 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2024/11xxx/CVE-2024-11277.json b/2024/11xxx/CVE-2024-11277.json new file mode 100644 index 00000000000..69da6882bdc --- /dev/null +++ b/2024/11xxx/CVE-2024-11277.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11277", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11278.json b/2024/11xxx/CVE-2024-11278.json new file mode 100644 index 00000000000..e05d0aa8b15 --- /dev/null +++ b/2024/11xxx/CVE-2024-11278.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11278", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11279.json b/2024/11xxx/CVE-2024-11279.json new file mode 100644 index 00000000000..8ee68547bb8 --- /dev/null +++ b/2024/11xxx/CVE-2024-11279.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11279", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11280.json b/2024/11xxx/CVE-2024-11280.json new file mode 100644 index 00000000000..490a4e7aff3 --- /dev/null +++ b/2024/11xxx/CVE-2024-11280.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11280", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11281.json b/2024/11xxx/CVE-2024-11281.json new file mode 100644 index 00000000000..ad75e12dde0 --- /dev/null +++ b/2024/11xxx/CVE-2024-11281.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11281", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11282.json b/2024/11xxx/CVE-2024-11282.json new file mode 100644 index 00000000000..21922f6c338 --- /dev/null +++ b/2024/11xxx/CVE-2024-11282.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11282", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24452.json b/2024/24xxx/CVE-2024-24452.json index b8f1ffc7fd7..a21cdf9120e 100644 --- a/2024/24xxx/CVE-2024-24452.json +++ b/2024/24xxx/CVE-2024-24452.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24452", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24452", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An invalid memory access when handling the ProtocolIE_ID field of E-RAB Release Indication messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://athonet.com", + "refsource": "MISC", + "name": "http://athonet.com" + }, + { + "refsource": "MISC", + "name": "https://cellularsecurity.org/ransacked", + "url": "https://cellularsecurity.org/ransacked" } ] } diff --git a/2024/24xxx/CVE-2024-24453.json b/2024/24xxx/CVE-2024-24453.json index e7632979afd..7617cbc79b1 100644 --- a/2024/24xxx/CVE-2024-24453.json +++ b/2024/24xxx/CVE-2024-24453.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24453", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24453", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd information element in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://athonet.com", + "refsource": "MISC", + "name": "http://athonet.com" + }, + { + "refsource": "MISC", + "name": "https://cellularsecurity.org/ransacked", + "url": "https://cellularsecurity.org/ransacked" } ] } diff --git a/2024/24xxx/CVE-2024-24454.json b/2024/24xxx/CVE-2024-24454.json index c246d2361d4..f771483c2e7 100644 --- a/2024/24xxx/CVE-2024-24454.json +++ b/2024/24xxx/CVE-2024-24454.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24454", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24454", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An invalid memory access when handling the ProtocolIE_ID field of E-RAB Modify Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://athonet.com", + "refsource": "MISC", + "name": "http://athonet.com" + }, + { + "refsource": "MISC", + "name": "https://cellularsecurity.org/ransacked", + "url": "https://cellularsecurity.org/ransacked" } ] } diff --git a/2024/24xxx/CVE-2024-24455.json b/2024/24xxx/CVE-2024-24455.json index 0db398260c1..a660b9522d3 100644 --- a/2024/24xxx/CVE-2024-24455.json +++ b/2024/24xxx/CVE-2024-24455.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24455", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24455", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An invalid memory access when handling a UE Context Release message containing an invalid UE identifier in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://athonet.com", + "refsource": "MISC", + "name": "http://athonet.com" + }, + { + "refsource": "MISC", + "name": "https://cellularsecurity.org/ransacked", + "url": "https://cellularsecurity.org/ransacked" } ] } diff --git a/2024/24xxx/CVE-2024-24457.json b/2024/24xxx/CVE-2024-24457.json index 892f198646e..2640ccef9cd 100644 --- a/2024/24xxx/CVE-2024-24457.json +++ b/2024/24xxx/CVE-2024-24457.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24457", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24457", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An invalid memory access when handling the ProtocolIE_ID field of E-RAB Setup List Context SURes messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://athonet.com", + "refsource": "MISC", + "name": "http://athonet.com" + }, + { + "refsource": "MISC", + "name": "https://cellularsecurity.org/ransacked", + "url": "https://cellularsecurity.org/ransacked" } ] } diff --git a/2024/24xxx/CVE-2024-24458.json b/2024/24xxx/CVE-2024-24458.json index 860c1c9da07..0a2a5f9b73d 100644 --- a/2024/24xxx/CVE-2024-24458.json +++ b/2024/24xxx/CVE-2024-24458.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24458", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24458", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An invalid memory access when handling the ENB Configuration Transfer messages containing invalid PLMN Identities in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://athonet.com", + "refsource": "MISC", + "name": "http://athonet.com" + }, + { + "refsource": "MISC", + "name": "https://cellularsecurity.org/ransacked", + "url": "https://cellularsecurity.org/ransacked" } ] } diff --git a/2024/24xxx/CVE-2024-24459.json b/2024/24xxx/CVE-2024-24459.json index 3184c5f76fa..ea13668de1f 100644 --- a/2024/24xxx/CVE-2024-24459.json +++ b/2024/24xxx/CVE-2024-24459.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24459", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24459", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An invalid memory access when handling the ProtocolIE_ID field of S1Setup Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://athonet.com", + "refsource": "MISC", + "name": "http://athonet.com" + }, + { + "refsource": "MISC", + "name": "https://cellularsecurity.org/ransacked", + "url": "https://cellularsecurity.org/ransacked" } ] } diff --git a/2024/3xxx/CVE-2024-3334.json b/2024/3xxx/CVE-2024-3334.json index 8c6a5a72e56..d22f91edcc0 100644 --- a/2024/3xxx/CVE-2024-3334.json +++ b/2024/3xxx/CVE-2024-3334.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3334", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security.reports@fortra.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security bypass vulnerability exists in the Removable Media Encryption (RME)component of Digital Guardian Windows Agents prior to version 8.2.0. This allows a user to circumvent encryption controls by modifying metadata on the USB device thereby compromising the confidentiality of the stored data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-922 Insecure Storage of Sensitive Information", + "cweId": "CWE-922" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortra", + "product": { + "product_data": [ + { + "product_name": "Digital Guardian Agent", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.9.4", + "version_value": "8.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.fortra.com/security/advisories/product-security/fi-2024-013", + "refsource": "MISC", + "name": "https://www.fortra.com/security/advisories/product-security/fi-2024-013" + }, + { + "url": "https://support.fortra.com/endpoint-dlp/kb-articles/dg-support-notice-security-bypass-vulnerability-with-rme-MTQwYTM5NTctZDk4Ny1lZjExLWFjMjEtNjA0NWJkMDFhMzQ3", + "refsource": "MISC", + "name": "https://support.fortra.com/endpoint-dlp/kb-articles/dg-support-notice-security-bypass-vulnerability-with-rme-MTQwYTM5NTctZDk4Ny1lZjExLWFjMjEtNjA0NWJkMDFhMzQ3" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "
There are two things required to remediate the bypass:
1. Upgrade the Windows Agent to version 8.2.0 or above.
2. Apply a new RME rule. For additional details, please see this knowledge base article.
" + } + ], + "value": "There are two things required to remediate the bypass:\n\n1. Upgrade the Windows Agent to version 8.2.0 or above.\n\n2. Apply a new RME rule. For additional details, please see this knowledge base article https://support.fortra.com/endpoint-dlp/kb-articles/dg-support-notice-security-bypass-vulnerability-with-rme-MTQwYTM5NTctZDk4Ny1lZjExLWFjMjEtNjA0NWJkMDFhMzQ3 ." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/44xxx/CVE-2024-44759.json b/2024/44xxx/CVE-2024-44759.json index 8ee152f29a9..aca5a5dd96d 100644 --- a/2024/44xxx/CVE-2024-44759.json +++ b/2024/44xxx/CVE-2024-44759.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-44759", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-44759", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/WarmBrew/web_vul/blob/main/M9ERP/M9ERP-filedown-Doc.md", + "refsource": "MISC", + "name": "https://github.com/WarmBrew/web_vul/blob/main/M9ERP/M9ERP-filedown-Doc.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44759.md", + "url": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44759.md" } ] } diff --git a/2024/44xxx/CVE-2024-44760.json b/2024/44xxx/CVE-2024-44760.json index bb8a9f0ff6a..478633b6191 100644 --- a/2024/44xxx/CVE-2024-44760.json +++ b/2024/44xxx/CVE-2024-44760.json @@ -56,6 +56,11 @@ "url": "https://github.com/WarmBrew/web_vul/blob/main/SunmoEMS/SunmoEMS-info.md", "refsource": "MISC", "name": "https://github.com/WarmBrew/web_vul/blob/main/SunmoEMS/SunmoEMS-info.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44760.md", + "url": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44760.md" } ] } diff --git a/2024/49xxx/CVE-2024-49536.json b/2024/49xxx/CVE-2024-49536.json index 555cc9e838d..c9c6972c31c 100644 --- a/2024/49xxx/CVE-2024-49536.json +++ b/2024/49xxx/CVE-2024-49536.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49536", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Audition", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "24.4.6", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/audition/apsb24-83.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/audition/apsb24-83.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.5, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "NONE", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "LOCAL", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "HIGH", + "modifiedIntegrityImpact": "NONE", + "modifiedPrivilegesRequired": "NONE", + "modifiedScope": "UNCHANGED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "NONE", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "UNCHANGED", + "temporalScore": 5.5, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/9xxx/CVE-2024-9355.json b/2024/9xxx/CVE-2024-9355.json index 79a7f27de02..f6c47d8f836 100644 --- a/2024/9xxx/CVE-2024-9355.json +++ b/2024/9xxx/CVE-2024-9355.json @@ -287,6 +287,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:5.1.1-4.el9_4", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "NBDE Tang Server", "version": { @@ -875,6 +896,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:8847" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:9551", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:9551" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-9355", "refsource": "MISC", @@ -887,6 +913,12 @@ } ] }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], "credits": [ { "lang": "en",