diff --git a/2023/34xxx/CVE-2023-34424.json b/2023/34xxx/CVE-2023-34424.json index 6e5b1d05e48..d445d0ff536 100644 --- a/2023/34xxx/CVE-2023-34424.json +++ b/2023/34xxx/CVE-2023-34424.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34424", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Improper input validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) CSME", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/35xxx/CVE-2023-35061.json b/2023/35xxx/CVE-2023-35061.json index 1053830a3df..367e62df4b3 100644 --- a/2023/35xxx/CVE-2023-35061.json +++ b/2023/35xxx/CVE-2023-35061.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access." + "value": "Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access." } ] }, @@ -59,9 +59,9 @@ "references": { "reference_data": [ { - "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html", "refsource": "MISC", - "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html" + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html" } ] }, diff --git a/2023/35xxx/CVE-2023-35123.json b/2023/35xxx/CVE-2023-35123.json index 9a1bf2c16af..9404af51f7f 100644 --- a/2023/35xxx/CVE-2023-35123.json +++ b/2023/35xxx/CVE-2023-35123.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-35123", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncaught exception in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.14-0, bhs-0.27 may allow an authenticated user to potentially enable denial of service via network access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Uncaught exception in OpenBMC Firmware", + "cweId": "CWE-600" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Server Platforms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before versions egs-1.14-0, bhs-0.27" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" } ] } diff --git a/2023/38xxx/CVE-2023-38655.json b/2023/38xxx/CVE-2023-38655.json index 7f056d7b15b..bea7e5ade27 100644 --- a/2023/38xxx/CVE-2023-38655.json +++ b/2023/38xxx/CVE-2023-38655.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Improper buffer restrictions", + "cweId": "CWE-92" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) AMT and Intel(R) Standard Manageability", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/40xxx/CVE-2023-40067.json b/2023/40xxx/CVE-2023-40067.json index a9ad9e88950..4eda30ecfec 100644 --- a/2023/40xxx/CVE-2023-40067.json +++ b/2023/40xxx/CVE-2023-40067.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40067", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Unchecked return value", + "cweId": "CWE-252" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) CSME", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" } ] } diff --git a/2023/42xxx/CVE-2023-42667.json b/2023/42xxx/CVE-2023-42667.json index dd350222f96..d8a41ae6db1 100644 --- a/2023/42xxx/CVE-2023-42667.json +++ b/2023/42xxx/CVE-2023-42667.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-42667", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Improper isolation", + "cweId": "CWE-1189" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Core(TM) Ultra Processor stream cache mechanism", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/43xxx/CVE-2023-43489.json b/2023/43xxx/CVE-2023-43489.json index f9069dc9921..37b5b5229d1 100644 --- a/2023/43xxx/CVE-2023-43489.json +++ b/2023/43xxx/CVE-2023-43489.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43489", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) CIP software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2.4.10717" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01112.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01112.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/43xxx/CVE-2023-43747.json b/2023/43xxx/CVE-2023-43747.json index 69a726dd276..082ebd27840 100644 --- a/2023/43xxx/CVE-2023-43747.json +++ b/2023/43xxx/CVE-2023-43747.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43747", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Incorrect default permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Connectivity Performance Suite software installers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01102.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01102.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/48xxx/CVE-2023-48361.json b/2023/48xxx/CVE-2023-48361.json index 32a450fb517..0c5024d9be5 100644 --- a/2023/48xxx/CVE-2023-48361.json +++ b/2023/48xxx/CVE-2023-48361.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48361", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + }, + { + "lang": "eng", + "value": "Improper initialization", + "cweId": "CWE-665" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) CSME", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.3, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2023/49xxx/CVE-2023-49141.json b/2023/49xxx/CVE-2023-49141.json index 00d100dfa2e..df673919ec9 100644 --- a/2023/49xxx/CVE-2023-49141.json +++ b/2023/49xxx/CVE-2023-49141.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49141", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Improper isolation", + "cweId": "CWE-1189" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors stream cache mechanism", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/49xxx/CVE-2023-49144.json b/2023/49xxx/CVE-2023-49144.json index 7eb238196aa..6def2a7453f 100644 --- a/2023/49xxx/CVE-2023-49144.json +++ b/2023/49xxx/CVE-2023-49144.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49144", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds read in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.15-0, bhs-0.27 may allow a privileged user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + }, + { + "lang": "eng", + "value": "Out-of-bounds read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Server Platforms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before versions egs-1.15-0, bhs-0.27" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" } ] } diff --git a/2024/21xxx/CVE-2024-21766.json b/2024/21xxx/CVE-2024-21766.json index f41dc9cb987..b942cc73c4c 100644 --- a/2024/21xxx/CVE-2024-21766.json +++ b/2024/21xxx/CVE-2024-21766.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21766", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) oneAPI Math Kernel Library software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2024.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01072.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01072.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/21xxx/CVE-2024-21769.json b/2024/21xxx/CVE-2024-21769.json index 75d9ff70e78..814e0ddc60e 100644 --- a/2024/21xxx/CVE-2024-21769.json +++ b/2024/21xxx/CVE-2024-21769.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21769", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet Connection I219-LM install software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/21xxx/CVE-2024-21784.json b/2024/21xxx/CVE-2024-21784.json index cbeb574d1e4..8dff19ced95 100644 --- a/2024/21xxx/CVE-2024-21784.json +++ b/2024/21xxx/CVE-2024-21784.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21784", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) IPP Cryptography software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2021.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01114.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01114.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/21xxx/CVE-2024-21787.json b/2024/21xxx/CVE-2024-21787.json index aced56d08db..cc0927f2ffb 100644 --- a/2024/21xxx/CVE-2024-21787.json +++ b/2024/21xxx/CVE-2024-21787.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21787", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Inadequate encryption strength", + "cweId": "CWE-326" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BMRA software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 22.08" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00790.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00790.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/21xxx/CVE-2024-21801.json b/2024/21xxx/CVE-2024-21801.json index 27b046a9b19..3fa31a226ab 100644 --- a/2024/21xxx/CVE-2024-21801.json +++ b/2024/21xxx/CVE-2024-21801.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21801", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Insufficient control flow management", + "cweId": "CWE-691" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) TDX module software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 1.5.05.46.698" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01070.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01070.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/21xxx/CVE-2024-21806.json b/2024/21xxx/CVE-2024-21806.json index 644fb3ac014..e098b1bc59e 100644 --- a/2024/21xxx/CVE-2024-21806.json +++ b/2024/21xxx/CVE-2024-21806.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21806", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper conditions check in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Improper conditions check in Linux kernel mode driver", + "cweId": "CWE-754" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet Network Controllers and Adapters E810 Series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 28.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/21xxx/CVE-2024-21807.json b/2024/21xxx/CVE-2024-21807.json index 8888774440a..b145bb30bf9 100644 --- a/2024/21xxx/CVE-2024-21807.json +++ b/2024/21xxx/CVE-2024-21807.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21807", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Improper initialization", + "cweId": "CWE-665" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet Network Controllers and Adapters", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 28.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/21xxx/CVE-2024-21810.json b/2024/21xxx/CVE-2024-21810.json index 44e9d2ec55e..745dc1b0f94 100644 --- a/2024/21xxx/CVE-2024-21810.json +++ b/2024/21xxx/CVE-2024-21810.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21810", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Improper input validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet Network Controllers and Adapters", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 28.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/21xxx/CVE-2024-21844.json b/2024/21xxx/CVE-2024-21844.json index 72bb63f577e..80fd27e9b21 100644 --- a/2024/21xxx/CVE-2024-21844.json +++ b/2024/21xxx/CVE-2024-21844.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21844", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Integer overflow", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) CSME", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" } ] } diff --git a/2024/21xxx/CVE-2024-21857.json b/2024/21xxx/CVE-2024-21857.json index 6eaa526a848..bd28730dbd3 100644 --- a/2024/21xxx/CVE-2024-21857.json +++ b/2024/21xxx/CVE-2024-21857.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21857", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) oneAPI Compiler software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2024.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01057.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01057.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/22xxx/CVE-2024-22184.json b/2024/22xxx/CVE-2024-22184.json index 0b7f9ce7547..35593be3f35 100644 --- a/2024/22xxx/CVE-2024-22184.json +++ b/2024/22xxx/CVE-2024-22184.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22184", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Quartus(R) Prime Pro Edition Design Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 24.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01127.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01127.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/22xxx/CVE-2024-22374.json b/2024/22xxx/CVE-2024-22374.json index 179c584f607..117516c3545 100644 --- a/2024/22xxx/CVE-2024-22374.json +++ b/2024/22xxx/CVE-2024-22374.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22374", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Insufficient control flow management", + "cweId": "CWE-691" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Xeon Processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01073.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01073.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/22xxx/CVE-2024-22376.json b/2024/22xxx/CVE-2024-22376.json index 06f50a4f6ce..88d318843f4 100644 --- a/2024/22xxx/CVE-2024-22376.json +++ b/2024/22xxx/CVE-2024-22376.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22376", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path element", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "installation software for Intel(R) Ethernet Adapter Driver Pack", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 28.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01106.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01106.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/22xxx/CVE-2024-22378.json b/2024/22xxx/CVE-2024-22378.json index 579d919378f..bcb950bcecc 100644 --- a/2024/22xxx/CVE-2024-22378.json +++ b/2024/22xxx/CVE-2024-22378.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22378", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Incorrect default permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel Unite(R) Client Extended Display Plugin software installers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 1.1.352.157" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01095.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01095.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23489.json b/2024/23xxx/CVE-2024-23489.json index 5ad14931671..2639a28be86 100644 --- a/2024/23xxx/CVE-2024-23489.json +++ b/2024/23xxx/CVE-2024-23489.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23489", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) VROC software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 8.6.0.1191" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01128.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01128.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23491.json b/2024/23xxx/CVE-2024-23491.json index 1a9ebd0286c..c560c17c266 100644 --- a/2024/23xxx/CVE-2024-23491.json +++ b/2024/23xxx/CVE-2024-23491.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23491", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Distribution for GDB software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2024.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23495.json b/2024/23xxx/CVE-2024-23495.json index 1be3963e49d..38d115dad2f 100644 --- a/2024/23xxx/CVE-2024-23495.json +++ b/2024/23xxx/CVE-2024-23495.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23495", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Incorrect default permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Distribution for GDB software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2024.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23497.json b/2024/23xxx/CVE-2024-23497.json index e21ad34a002..54870fbca8d 100644 --- a/2024/23xxx/CVE-2024-23497.json +++ b/2024/23xxx/CVE-2024-23497.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23497", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Out-of-bounds write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet Network Controllers and Adapters", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 28.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23499.json b/2024/23xxx/CVE-2024-23499.json index 541f2064975..0aff8c77ac9 100644 --- a/2024/23xxx/CVE-2024-23499.json +++ b/2024/23xxx/CVE-2024-23499.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23499", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Protection mechanism failure", + "cweId": "CWE-693" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet Network Controllers and Adapters E810 Series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 28.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" } ] } diff --git a/2024/23xxx/CVE-2024-23907.json b/2024/23xxx/CVE-2024-23907.json index 01a086acc65..33452e9fc67 100644 --- a/2024/23xxx/CVE-2024-23907.json +++ b/2024/23xxx/CVE-2024-23907.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23907", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) High Level Synthesis Compiler software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 23.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01113.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01113.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23908.json b/2024/23xxx/CVE-2024-23908.json index 0851a66370f..9e1e258b307 100644 --- a/2024/23xxx/CVE-2024-23908.json +++ b/2024/23xxx/CVE-2024-23908.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23908", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Insecure inherited permissions", + "cweId": "CWE-277" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Flexlm License Daemons for Intel(R) FPGA software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version v11.19.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01107.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01107.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23909.json b/2024/23xxx/CVE-2024-23909.json index d056a2ccac8..7482a351017 100644 --- a/2024/23xxx/CVE-2024-23909.json +++ b/2024/23xxx/CVE-2024-23909.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23909", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) FPGA SDK for OpenCL(TM) software technology", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01104.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01104.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23974.json b/2024/23xxx/CVE-2024-23974.json index 01e0f96a65c..52fb1401de7 100644 --- a/2024/23xxx/CVE-2024-23974.json +++ b/2024/23xxx/CVE-2024-23974.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23974", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Incorrect default permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) ISH software installers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01088.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01088.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/23xxx/CVE-2024-23981.json b/2024/23xxx/CVE-2024-23981.json index 3d2d9fa0aa8..06bd76361f9 100644 --- a/2024/23xxx/CVE-2024-23981.json +++ b/2024/23xxx/CVE-2024-23981.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Wrap-around error", + "cweId": "CWE-128" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet Network Controllers and Adapters", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 28.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/24xxx/CVE-2024-24580.json b/2024/24xxx/CVE-2024-24580.json index 980be343c84..4759fb6e1f2 100644 --- a/2024/24xxx/CVE-2024-24580.json +++ b/2024/24xxx/CVE-2024-24580.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24580", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper conditions check in some Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow a privileged user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Improper conditions check", + "cweId": "CWE-92" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Data Center GPU Max Series 1100 and 1550 products", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01094.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01094.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/24xxx/CVE-2024-24853.json b/2024/24xxx/CVE-2024-24853.json index c354c851b3d..693c4903d3b 100644 --- a/2024/24xxx/CVE-2024-24853.json +++ b/2024/24xxx/CVE-2024-24853.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Incorrect behavior order", + "cweId": "CWE-696" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/24xxx/CVE-2024-24973.json b/2024/24xxx/CVE-2024-24973.json index f9fc93af400..175d5f4244c 100644 --- a/2024/24xxx/CVE-2024-24973.json +++ b/2024/24xxx/CVE-2024-24973.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24973", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Improper input validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Distribution for GDB software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2024.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.2, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" } ] } diff --git a/2024/24xxx/CVE-2024-24977.json b/2024/24xxx/CVE-2024-24977.json index e6839ae3616..db653412471 100644 --- a/2024/24xxx/CVE-2024-24977.json +++ b/2024/24xxx/CVE-2024-24977.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24977", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before version 11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) License Manager for FLEXlm product software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 11.19.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01126.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01126.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/24xxx/CVE-2024-24980.json b/2024/24xxx/CVE-2024-24980.json index bda7c747784..c3e8aba7b39 100644 --- a/2024/24xxx/CVE-2024-24980.json +++ b/2024/24xxx/CVE-2024-24980.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24980", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Protection mechanism failure", + "cweId": "CWE-693" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" } ] } diff --git a/2024/24xxx/CVE-2024-24983.json b/2024/24xxx/CVE-2024-24983.json index e4d9320b65b..a90861bdc6b 100644 --- a/2024/24xxx/CVE-2024-24983.json +++ b/2024/24xxx/CVE-2024-24983.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Protection mechanism failure", + "cweId": "CWE-693" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet Network Controllers and Adapters E810 Series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 4.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" } ] } diff --git a/2024/24xxx/CVE-2024-24986.json b/2024/24xxx/CVE-2024-24986.json index e6e1aab7b09..3dc452d6b4c 100644 --- a/2024/24xxx/CVE-2024-24986.json +++ b/2024/24xxx/CVE-2024-24986.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24986", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Ethernet Network Controllers and Adapters", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 28.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/25xxx/CVE-2024-25561.json b/2024/25xxx/CVE-2024-25561.json index be7d0e0b06d..329a0379752 100644 --- a/2024/25xxx/CVE-2024-25561.json +++ b/2024/25xxx/CVE-2024-25561.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Insecure inherited permissions", + "cweId": "CWE-277" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) HID Event Filter software installers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2.2.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01089.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01089.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/25xxx/CVE-2024-25562.json b/2024/25xxx/CVE-2024-25562.json index 4f052c5339a..f6f999885df 100644 --- a/2024/25xxx/CVE-2024-25562.json +++ b/2024/25xxx/CVE-2024-25562.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25562", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper buffer restrictions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Improper buffer restrictions", + "cweId": "CWE-92" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Distribution for GDB software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2024.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/25xxx/CVE-2024-25576.json b/2024/25xxx/CVE-2024-25576.json index 7d7bf5c7ab1..fb9342dc783 100644 --- a/2024/25xxx/CVE-2024-25576.json +++ b/2024/25xxx/CVE-2024-25576.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "improper access control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) FPGA products", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 24.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01087.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01087.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" } ] } diff --git a/2024/25xxx/CVE-2024-25939.json b/2024/25xxx/CVE-2024-25939.json index 32e8b877293..6ad5b1d9653 100644 --- a/2024/25xxx/CVE-2024-25939.json +++ b/2024/25xxx/CVE-2024-25939.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25939", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Mirrored regions with different values", + "cweId": "CWE-1251" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "3rd Generation Intel(R) Xeon(R) Scalable Processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3rd Generation Intel(R) Xeon(R) Scalable Processors" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/26xxx/CVE-2024-26022.json b/2024/26xxx/CVE-2024-26022.json index b7af365f0d2..dd697cee799 100644 --- a/2024/26xxx/CVE-2024-26022.json +++ b/2024/26xxx/CVE-2024-26022.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26022", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01172.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01172.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/26xxx/CVE-2024-26025.json b/2024/26xxx/CVE-2024-26025.json index 69f3115fbe4..161569ea6c6 100644 --- a/2024/26xxx/CVE-2024-26025.json +++ b/2024/26xxx/CVE-2024-26025.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26025", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Incorrect default permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Advisor software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2024.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01110.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01110.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/26xxx/CVE-2024-26027.json b/2024/26xxx/CVE-2024-26027.json index d2850dce3fd..b825974cb1b 100644 --- a/2024/26xxx/CVE-2024-26027.json +++ b/2024/26xxx/CVE-2024-26027.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26027", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Simics Package Manager software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 1.8.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01116.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01116.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/26xxx/CVE-2024-26621.json b/2024/26xxx/CVE-2024-26621.json index 21e3a0bfd1d..886f0ff28a2 100644 --- a/2024/26xxx/CVE-2024-26621.json +++ b/2024/26xxx/CVE-2024-26621.json @@ -63,6 +63,12 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.6.46", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.7.6", "lessThanOrEqual": "6.7.*", @@ -95,6 +101,11 @@ "refsource": "MISC", "name": "https://git.kernel.org/stable/c/87632bc9ecff5ded93433bc0fca428019bdd1cfe" }, + { + "url": "https://git.kernel.org/stable/c/6ea9aa8d97e6563676094cb35755884173269555", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6ea9aa8d97e6563676094cb35755884173269555" + }, { "url": "https://git.kernel.org/stable/c/7432376c913381c5f24d373a87ff629bbde94b47", "refsource": "MISC", @@ -104,125 +115,10 @@ "url": "https://git.kernel.org/stable/c/4ef9ad19e17676b9ef071309bc62020e2373705d", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/4ef9ad19e17676b9ef071309bc62020e2373705d" - }, - { - "url": "https://zolutal.github.io/aslrnt/", - "refsource": "MISC", - "name": "https://zolutal.github.io/aslrnt/" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/08/3", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/08/3" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/08/5", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/08/5" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/08/4", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/08/4" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/08/6", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/08/6" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/08/7", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/08/7" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/08/8", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/08/8" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/09/1", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/09/1" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/10/5", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/10/5" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/10/7", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/10/7" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/10/8", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/10/8" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/11/4", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/11/4" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/11/5", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/11/5" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/11/7", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/11/7" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/12/3", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/12/3" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/13/2", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/13/2" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/13/7", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/13/7" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/15/2", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/15/2" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/15/1", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/15/1" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/16/1", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/16/1" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/16/2", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/16/2" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/29/2", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/29/2" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/30/2", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/30/2" } ] }, "generator": { - "engine": "bippy-a5840b7849dd" + "engine": "bippy-c9c4e1df01b2" } } \ No newline at end of file diff --git a/2024/27xxx/CVE-2024-27461.json b/2024/27xxx/CVE-2024-27461.json index 06e379cce02..3db683a8072 100644 --- a/2024/27xxx/CVE-2024-27461.json +++ b/2024/27xxx/CVE-2024-27461.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27461", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Incorrect default permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) MAS (GUI)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01164.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01164.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/28xxx/CVE-2024-28046.json b/2024/28xxx/CVE-2024-28046.json index 2020dce1360..75e7af6c22c 100644 --- a/2024/28xxx/CVE-2024-28046.json +++ b/2024/28xxx/CVE-2024-28046.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) GPA software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2024.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01105.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01105.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/28xxx/CVE-2024-28050.json b/2024/28xxx/CVE-2024-28050.json index b2c355a46f4..eb909ef6a36 100644 --- a/2024/28xxx/CVE-2024-28050.json +++ b/2024/28xxx/CVE-2024-28050.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28050", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Arc(TM) & Iris(R) Xe Graphics software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 31.0.101.4824" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01130.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01130.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/28xxx/CVE-2024-28172.json b/2024/28xxx/CVE-2024-28172.json index c65cfd71476..6f2ef1c8a1e 100644 --- a/2024/28xxx/CVE-2024-28172.json +++ b/2024/28xxx/CVE-2024-28172.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28172", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) Trace Analyzer and Collector software before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Trace Analyzer and Collector software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2022.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01117.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01117.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/28xxx/CVE-2024-28876.json b/2024/28xxx/CVE-2024-28876.json index 30095d346aa..3fb15538bc9 100644 --- a/2024/28xxx/CVE-2024-28876.json +++ b/2024/28xxx/CVE-2024-28876.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28876", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path for some Intel(R) MPI Library software before version 2021.12 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) MPI Library software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2021.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01115.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01115.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/28xxx/CVE-2024-28887.json b/2024/28xxx/CVE-2024-28887.json index 3b02e20ef22..51021ab98bd 100644 --- a/2024/28xxx/CVE-2024-28887.json +++ b/2024/28xxx/CVE-2024-28887.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28887", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) IPP software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2021.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/28xxx/CVE-2024-28947.json b/2024/28xxx/CVE-2024-28947.json index 8394eac171a..44df914d284 100644 --- a/2024/28xxx/CVE-2024-28947.json +++ b/2024/28xxx/CVE-2024-28947.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28947", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Improper input validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Server Board S2600ST Family firmware", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 02.01.0017" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01121.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01121.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/28xxx/CVE-2024-28953.json b/2024/28xxx/CVE-2024-28953.json index c2f8acfe85d..7be13cb6961 100644 --- a/2024/28xxx/CVE-2024-28953.json +++ b/2024/28xxx/CVE-2024-28953.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28953", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EMON software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 11.44" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01125.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01125.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/29xxx/CVE-2024-29015.json b/2024/29xxx/CVE-2024-29015.json index aebf879cd8e..dc685ff8e5e 100644 --- a/2024/29xxx/CVE-2024-29015.json +++ b/2024/29xxx/CVE-2024-29015.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) VTune(TM) Profiler software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before versions 2024.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01122.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01122.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/34xxx/CVE-2024-34163.json b/2024/34xxx/CVE-2024-34163.json index 3bff7ed4dca..33a01a18d1d 100644 --- a/2024/34xxx/CVE-2024-34163.json +++ b/2024/34xxx/CVE-2024-34163.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34163", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Improper input validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) NUC", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01022.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01022.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2024/39xxx/CVE-2024-39283.json b/2024/39xxx/CVE-2024-39283.json index 4829d4da7e8..973d6c704f4 100644 --- a/2024/39xxx/CVE-2024-39283.json +++ b/2024/39xxx/CVE-2024-39283.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39283", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Incomplete filtering of special elements", + "cweId": "CWE-791" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) TDX module software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version TDX_1.5.01.00.592" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01010.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01010.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" } ] } diff --git a/2024/39xxx/CVE-2024-39472.json b/2024/39xxx/CVE-2024-39472.json index 3b18756292d..8b9564bee1c 100644 --- a/2024/39xxx/CVE-2024-39472.json +++ b/2024/39xxx/CVE-2024-39472.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "0c771b99d6c9", - "version_value": "45cf976008dd" + "version_value": "57835c0e7152" }, { "version_value": "not down converted", @@ -57,6 +57,18 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.1.105", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.46", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.10", "lessThanOrEqual": "*", @@ -78,6 +90,16 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f" + }, + { + "url": "https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5" + }, { "url": "https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a", "refsource": "MISC", diff --git a/2024/41xxx/CVE-2024-41042.json b/2024/41xxx/CVE-2024-41042.json index 00f3ebef208..684d892b3a9 100644 --- a/2024/41xxx/CVE-2024-41042.json +++ b/2024/41xxx/CVE-2024-41042.json @@ -41,7 +41,7 @@ { "version_affected": "<", "version_name": "20a69341f2d0", - "version_value": "9df785aeb7dc" + "version_value": "b6b6e430470e" }, { "version_value": "not down converted", @@ -57,6 +57,18 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.1.105", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.46", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.9.10", "lessThanOrEqual": "6.9.*", @@ -84,6 +96,16 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/b6b6e430470e1c3c5513311cb35a15a205595abe", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b6b6e430470e1c3c5513311cb35a15a205595abe" + }, + { + "url": "https://git.kernel.org/stable/c/717c91c6ed73e248de6a15bc53adefb81446c9d0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/717c91c6ed73e248de6a15bc53adefb81446c9d0" + }, { "url": "https://git.kernel.org/stable/c/9df785aeb7dcc8efd1d4110bb27d26005298ebae", "refsource": "MISC", diff --git a/2024/42xxx/CVE-2024-42258.json b/2024/42xxx/CVE-2024-42258.json index e855bc5e5d2..a8d7d0c4cb6 100644 --- a/2024/42xxx/CVE-2024-42258.json +++ b/2024/42xxx/CVE-2024-42258.json @@ -38,6 +38,16 @@ "product_name": "Linux", "version": { "version_data": [ + { + "version_affected": "<", + "version_name": "87632bc9ecff", + "version_value": "89f2914dd4b4" + }, + { + "version_affected": "<", + "version_name": "6ea9aa8d97e6", + "version_value": "a5c399fe433a" + }, { "version_affected": "<", "version_name": "4ef9ad19e176", @@ -57,6 +67,12 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.1.105", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.10.3", "lessThanOrEqual": "6.10.*", @@ -84,6 +100,16 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/89f2914dd4b47d2fad3deef0d700f9526d98d11f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/89f2914dd4b47d2fad3deef0d700f9526d98d11f" + }, + { + "url": "https://git.kernel.org/stable/c/a5c399fe433a115e9d3693169b5f357f3194af0a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a5c399fe433a115e9d3693169b5f357f3194af0a" + }, { "url": "https://git.kernel.org/stable/c/7e1f4efb8d6140b2ec79bf760c43e1fc186e8dfc", "refsource": "MISC", diff --git a/2024/6xxx/CVE-2024-6123.json b/2024/6xxx/CVE-2024-6123.json index 39a92aaf4b5..9a923d2f434 100644 --- a/2024/6xxx/CVE-2024-6123.json +++ b/2024/6xxx/CVE-2024-6123.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.12.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible." + "value": "The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible." } ] }, @@ -21,7 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" } ] } @@ -41,7 +42,7 @@ { "version_affected": "<=", "version_name": "*", - "version_value": "2.12.2" + "version_value": "2.13.3" } ] } @@ -63,6 +64,11 @@ "url": "https://plugins.trac.wordpress.org/browser/bit-form/tags/2.12.2/includes/Admin/AdminAjax.php#L1176", "refsource": "MISC", "name": "https://plugins.trac.wordpress.org/browser/bit-form/tags/2.12.2/includes/Admin/AdminAjax.php#L1176" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3114814/bit-form/trunk/includes/Admin/AdminAjax.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3114814/bit-form/trunk/includes/Admin/AdminAjax.php" } ] }, diff --git a/2024/7xxx/CVE-2024-7789.json b/2024/7xxx/CVE-2024-7789.json new file mode 100644 index 00000000000..10223bdf33f --- /dev/null +++ b/2024/7xxx/CVE-2024-7789.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7789", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7790.json b/2024/7xxx/CVE-2024-7790.json new file mode 100644 index 00000000000..e9901ef75f6 --- /dev/null +++ b/2024/7xxx/CVE-2024-7790.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7790", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7791.json b/2024/7xxx/CVE-2024-7791.json new file mode 100644 index 00000000000..649a35ceff5 --- /dev/null +++ b/2024/7xxx/CVE-2024-7791.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7791", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7792.json b/2024/7xxx/CVE-2024-7792.json new file mode 100644 index 00000000000..47a27681c79 --- /dev/null +++ b/2024/7xxx/CVE-2024-7792.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7792", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7793.json b/2024/7xxx/CVE-2024-7793.json new file mode 100644 index 00000000000..6d9e471d5c1 --- /dev/null +++ b/2024/7xxx/CVE-2024-7793.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-7793", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file