diff --git a/2021/20xxx/CVE-2021-20451.json b/2021/20xxx/CVE-2021-20451.json index 00d33bec131..6ffe7987942 100644 --- a/2021/20xxx/CVE-2021-20451.json +++ b/2021/20xxx/CVE-2021-20451.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20451", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cognos Controller", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.4.1, 10.4.2, 11.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7149876", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7149876" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196643", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196643" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" } ] } diff --git a/2022/22xxx/CVE-2022-22364.json b/2022/22xxx/CVE-2022-22364.json index 22733c3d337..25bde6ce635 100644 --- a/2022/22xxx/CVE-2022-22364.json +++ b/2022/22xxx/CVE-2022-22364.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22364", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 220903." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action", + "cweId": "CWE-350" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cognos Controller", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.4.1, 10.4.2, 11.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7149876", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7149876" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220903", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220903" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2022/33xxx/CVE-2022-33010.json b/2022/33xxx/CVE-2022-33010.json index 3af4a6249ff..b9d5fe3a901 100644 --- a/2022/33xxx/CVE-2022-33010.json +++ b/2022/33xxx/CVE-2022-33010.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2022-33010", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2023/40xxx/CVE-2023-40695.json b/2023/40xxx/CVE-2023-40695.json index ebed2932d23..25dde992ea5 100644 --- a/2023/40xxx/CVE-2023-40695.json +++ b/2023/40xxx/CVE-2023-40695.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613 Insufficient Session Expiration", + "cweId": "CWE-613" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cognos Controller", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.4.1, 10.4.2, 11.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7149876", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7149876" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264938", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264938" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27453.json b/2024/27xxx/CVE-2024-27453.json index aec26a7afba..a09ec4a54f4 100644 --- a/2024/27xxx/CVE-2024-27453.json +++ b/2024/27xxx/CVE-2024-27453.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-27453", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-27453", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.exsiliumsecurity.com/CVE-2024-27453.html", + "url": "https://www.exsiliumsecurity.com/CVE-2024-27453.html" + }, + { + "refsource": "CONFIRM", + "name": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000118266", + "url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000118266" } ] } diff --git a/2024/33xxx/CVE-2024-33844.json b/2024/33xxx/CVE-2024-33844.json index 3abde75d662..37442569171 100644 --- a/2024/33xxx/CVE-2024-33844.json +++ b/2024/33xxx/CVE-2024-33844.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501", "url": "https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501" + }, + { + "refsource": "CONFIRM", + "name": "https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501/1", + "url": "https://forum.developer.parrot.com/t/cve-2024-33844-bugs-in-anafi-thermal-usa-firmware/22501/1" } ] } diff --git a/2024/34xxx/CVE-2024-34453.json b/2024/34xxx/CVE-2024-34453.json index 18c2aa2745e..4fa8db39ce1 100644 --- a/2024/34xxx/CVE-2024-34453.json +++ b/2024/34xxx/CVE-2024-34453.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-34453", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-34453", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_data&type=connectivity_test (which reaches /system/api.php)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tznb1/TwoNav/issues/9#issuecomment-2022194939", + "refsource": "MISC", + "name": "https://github.com/tznb1/TwoNav/issues/9#issuecomment-2022194939" + }, + { + "url": "https://github.com/tznb1/TwoNav/compare/v2.1.13-20240321...v2.1.14-20240419", + "refsource": "MISC", + "name": "https://github.com/tznb1/TwoNav/compare/v2.1.13-20240321...v2.1.14-20240419" } ] } diff --git a/2024/34xxx/CVE-2024-34454.json b/2024/34xxx/CVE-2024-34454.json new file mode 100644 index 00000000000..0f75b4787c2 --- /dev/null +++ b/2024/34xxx/CVE-2024-34454.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34454", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34455.json b/2024/34xxx/CVE-2024-34455.json new file mode 100644 index 00000000000..b3a30d418e3 --- /dev/null +++ b/2024/34xxx/CVE-2024-34455.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-34455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2024/04/11/13", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2024/04/11/13" + }, + { + "url": "https://github.com/buildroot/buildroot/commit/0b2967e15800421efbdfe3a7a6061cf6bd84134d", + "refsource": "MISC", + "name": "https://github.com/buildroot/buildroot/commit/0b2967e15800421efbdfe3a7a6061cf6bd84134d" + } + ] + } +} \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4471.json b/2024/4xxx/CVE-2024-4471.json new file mode 100644 index 00000000000..6bfa8f85f56 --- /dev/null +++ b/2024/4xxx/CVE-2024-4471.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4471", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file