diff --git a/2024/10xxx/CVE-2024-10126.json b/2024/10xxx/CVE-2024-10126.json
index 5ad46238044..9af08270880 100644
--- a/2024/10xxx/CVE-2024-10126.json
+++ b/2024/10xxx/CVE-2024-10126.json
@@ -1,18 +1,114 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10126",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@m-files.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-552 Files or Directories Accessible to External Parties",
+ "cweId": "CWE-552"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "M-Files Corporation\"",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "M-Files Server",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "24.11",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ },
+ {
+ "status": "unaffected",
+ "version": "23.8 SR7",
+ "versionType": "semver"
+ },
+ {
+ "status": "unaffected",
+ "version": "24.2 SR3",
+ "versionType": "semver"
+ },
+ {
+ "status": "unaffected",
+ "version": "24.8 SR1",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://product.m-files.com/security-advisories/CVE-2024-10126",
+ "refsource": "MISC",
+ "name": "https://product.m-files.com/security-advisories/CVE-2024-10126"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to patched version
"
+ }
+ ],
+ "value": "Update to patched version"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Nicol\u00f2 Vinci"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/10xxx/CVE-2024-10127.json b/2024/10xxx/CVE-2024-10127.json
index b333d3e9c07..54ff8046718 100644
--- a/2024/10xxx/CVE-2024-10127.json
+++ b/2024/10xxx/CVE-2024-10127.json
@@ -1,18 +1,84 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10127",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@m-files.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-303: Incorrect Implementation of Authentication Algorithm",
+ "cweId": "CWE-303"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "M-Files Corporation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "M-Files Server",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "24.11"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://product.m-files.com/security-advisories/CVE-2024-10127",
+ "refsource": "MISC",
+ "name": "https://product.m-files.com/security-advisories/CVE-2024-10127"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to patched version\n\n
"
+ }
+ ],
+ "value": "Update to patched version"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/11xxx/CVE-2024-11176.json b/2024/11xxx/CVE-2024-11176.json
index dbee09ab947..47a1fabbee7 100644
--- a/2024/11xxx/CVE-2024-11176.json
+++ b/2024/11xxx/CVE-2024-11176.json
@@ -1,18 +1,102 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11176",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@m-files.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect calculation of effective permissions."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-682 Incorrect Calculation",
+ "cweId": "CWE-682"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-863 Incorrect Authorization",
+ "cweId": "CWE-863"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-732 Incorrect Permission Assignment for Critical Resource",
+ "cweId": "CWE-732"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "M-Files Corporation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "M-Files Aino",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "24.10"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://product.m-files.com/security-advisories/CVE-2024-11176",
+ "refsource": "MISC",
+ "name": "https://product.m-files.com/security-advisories/CVE-2024-11176"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "INTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to patched version"
+ }
+ ],
+ "value": "Update to patched version"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/11xxx/CVE-2024-11483.json b/2024/11xxx/CVE-2024-11483.json
new file mode 100644
index 00000000000..d3c99b45bc1
--- /dev/null
+++ b/2024/11xxx/CVE-2024-11483.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-11483",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/11xxx/CVE-2024-11484.json b/2024/11xxx/CVE-2024-11484.json
new file mode 100644
index 00000000000..7b4889043f2
--- /dev/null
+++ b/2024/11xxx/CVE-2024-11484.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-11484",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/11xxx/CVE-2024-11485.json b/2024/11xxx/CVE-2024-11485.json
new file mode 100644
index 00000000000..fb82625d7d6
--- /dev/null
+++ b/2024/11xxx/CVE-2024-11485.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-11485",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/11xxx/CVE-2024-11486.json b/2024/11xxx/CVE-2024-11486.json
new file mode 100644
index 00000000000..01f269baf2b
--- /dev/null
+++ b/2024/11xxx/CVE-2024-11486.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-11486",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/11xxx/CVE-2024-11487.json b/2024/11xxx/CVE-2024-11487.json
new file mode 100644
index 00000000000..c62636bc3b0
--- /dev/null
+++ b/2024/11xxx/CVE-2024-11487.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-11487",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/11xxx/CVE-2024-11488.json b/2024/11xxx/CVE-2024-11488.json
new file mode 100644
index 00000000000..690d44fc12e
--- /dev/null
+++ b/2024/11xxx/CVE-2024-11488.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-11488",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/11xxx/CVE-2024-11489.json b/2024/11xxx/CVE-2024-11489.json
new file mode 100644
index 00000000000..57d1acfc227
--- /dev/null
+++ b/2024/11xxx/CVE-2024-11489.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-11489",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/11xxx/CVE-2024-11490.json b/2024/11xxx/CVE-2024-11490.json
new file mode 100644
index 00000000000..b11da5573be
--- /dev/null
+++ b/2024/11xxx/CVE-2024-11490.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-11490",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/11xxx/CVE-2024-11491.json b/2024/11xxx/CVE-2024-11491.json
new file mode 100644
index 00000000000..460486ec0ea
--- /dev/null
+++ b/2024/11xxx/CVE-2024-11491.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-11491",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/11xxx/CVE-2024-11492.json b/2024/11xxx/CVE-2024-11492.json
new file mode 100644
index 00000000000..dde729d5953
--- /dev/null
+++ b/2024/11xxx/CVE-2024-11492.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-11492",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/11xxx/CVE-2024-11493.json b/2024/11xxx/CVE-2024-11493.json
new file mode 100644
index 00000000000..ed0540ad2cd
--- /dev/null
+++ b/2024/11xxx/CVE-2024-11493.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-11493",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file