From 3f13b46f74fd41a5ebc72b84f578b1d4adbaeb68 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 10:04:10 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/0xxx/CVE-2024-0521.json | 2 +- 2024/0xxx/CVE-2024-0815.json | 2 +- 2024/0xxx/CVE-2024-0817.json | 2 +- 2024/22xxx/CVE-2024-22099.json | 5 + 2024/23xxx/CVE-2024-23204.json | 5 + 2024/23xxx/CVE-2024-23225.json | 5 + 2024/23xxx/CVE-2024-23226.json | 5 + 2024/23xxx/CVE-2024-23230.json | 5 + 2024/23xxx/CVE-2024-23235.json | 5 + 2024/23xxx/CVE-2024-23246.json | 5 + 2024/23xxx/CVE-2024-23247.json | 5 + 2024/23xxx/CVE-2024-23254.json | 5 + 2024/23xxx/CVE-2024-23257.json | 10 ++ 2024/23xxx/CVE-2024-23258.json | 5 + 2024/23xxx/CVE-2024-23263.json | 5 + 2024/23xxx/CVE-2024-23264.json | 10 ++ 2024/23xxx/CVE-2024-23265.json | 5 + 2024/23xxx/CVE-2024-23266.json | 5 + 2024/23xxx/CVE-2024-23269.json | 5 + 2024/23xxx/CVE-2024-23274.json | 5 + 2024/23xxx/CVE-2024-23276.json | 5 + 2024/23xxx/CVE-2024-23283.json | 5 + 2024/23xxx/CVE-2024-23284.json | 5 + 2024/23xxx/CVE-2024-23286.json | 5 + 2024/23xxx/CVE-2024-23296.json | 5 + 2024/26xxx/CVE-2024-26622.json | 5 + 2024/27xxx/CVE-2024-27507.json | 5 + 2024/2xxx/CVE-2024-2182.json | 30 ++--- 2024/2xxx/CVE-2024-2400.json | 59 ++++++++- 2024/2xxx/CVE-2024-2403.json | 60 ++++++++- 2024/2xxx/CVE-2024-2412.json | 4 +- 2024/2xxx/CVE-2024-2413.json | 93 ++++++++++++- 2024/2xxx/CVE-2024-2418.json | 95 +++++++++++++- 2024/2xxx/CVE-2024-2431.json | 195 ++++++++++++++++++++++++++- 2024/2xxx/CVE-2024-2432.json | 165 ++++++++++++++++++++++- 2024/2xxx/CVE-2024-2433.json | 233 ++++++++++++++++++++++++++++++++- 2024/2xxx/CVE-2024-2437.json | 8 +- 2024/2xxx/CVE-2024-2438.json | 8 +- 38 files changed, 1030 insertions(+), 56 deletions(-) diff --git a/2024/0xxx/CVE-2024-0521.json b/2024/0xxx/CVE-2024-0521.json index d133112c056..8cd50b83154 100644 --- a/2024/0xxx/CVE-2024-0521.json +++ b/2024/0xxx/CVE-2024-0521.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-0521", - "ASSIGNER": "security@huntr.com", + "ASSIGNER": "paddle-security@baidu.com", "STATE": "PUBLIC" }, "description": { diff --git a/2024/0xxx/CVE-2024-0815.json b/2024/0xxx/CVE-2024-0815.json index 74ec57b216e..910b4295f54 100644 --- a/2024/0xxx/CVE-2024-0815.json +++ b/2024/0xxx/CVE-2024-0815.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-0815", - "ASSIGNER": "security@huntr.com", + "ASSIGNER": "paddle-security@baidu.com", "STATE": "PUBLIC" }, "description": { diff --git a/2024/0xxx/CVE-2024-0817.json b/2024/0xxx/CVE-2024-0817.json index 38c167e7335..1ae3c897a88 100644 --- a/2024/0xxx/CVE-2024-0817.json +++ b/2024/0xxx/CVE-2024-0817.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-0817", - "ASSIGNER": "security@huntr.com", + "ASSIGNER": "paddle-security@baidu.com", "STATE": "PUBLIC" }, "description": { diff --git a/2024/22xxx/CVE-2024-22099.json b/2024/22xxx/CVE-2024-22099.json index 56538cc9388..e029181e640 100644 --- a/2024/22xxx/CVE-2024-22099.json +++ b/2024/22xxx/CVE-2024-22099.json @@ -64,6 +64,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/" } ] }, diff --git a/2024/23xxx/CVE-2024-23204.json b/2024/23xxx/CVE-2024-23204.json index 8608d57dcf1..22ff4891855 100644 --- a/2024/23xxx/CVE-2024-23204.json +++ b/2024/23xxx/CVE-2024-23204.json @@ -127,6 +127,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23225.json b/2024/23xxx/CVE-2024-23225.json index 01fad8906ed..fa76433003a 100644 --- a/2024/23xxx/CVE-2024-23225.json +++ b/2024/23xxx/CVE-2024-23225.json @@ -128,6 +128,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/23", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/23" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23226.json b/2024/23xxx/CVE-2024-23226.json index 2bb5657b411..39290ba525c 100644 --- a/2024/23xxx/CVE-2024-23226.json +++ b/2024/23xxx/CVE-2024-23226.json @@ -141,6 +141,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/24", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/24" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23230.json b/2024/23xxx/CVE-2024-23230.json index 2c59fc5b7bd..d61ae23d05e 100644 --- a/2024/23xxx/CVE-2024-23230.json +++ b/2024/23xxx/CVE-2024-23230.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23235.json b/2024/23xxx/CVE-2024-23235.json index 38169f67c30..f9b86f8b292 100644 --- a/2024/23xxx/CVE-2024-23235.json +++ b/2024/23xxx/CVE-2024-23235.json @@ -146,6 +146,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/24", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/24" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23246.json b/2024/23xxx/CVE-2024-23246.json index 7f4c3a35e65..b54e850a873 100644 --- a/2024/23xxx/CVE-2024-23246.json +++ b/2024/23xxx/CVE-2024-23246.json @@ -146,6 +146,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/24", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/24" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23247.json b/2024/23xxx/CVE-2024-23247.json index 59c41f6ff6e..79e16c25642 100644 --- a/2024/23xxx/CVE-2024-23247.json +++ b/2024/23xxx/CVE-2024-23247.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23254.json b/2024/23xxx/CVE-2024-23254.json index e13ac16d612..3927afc5005 100644 --- a/2024/23xxx/CVE-2024-23254.json +++ b/2024/23xxx/CVE-2024-23254.json @@ -163,6 +163,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/24", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/24" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23257.json b/2024/23xxx/CVE-2024-23257.json index bbec9d9eaec..e05cec23760 100644 --- a/2024/23xxx/CVE-2024-23257.json +++ b/2024/23xxx/CVE-2024-23257.json @@ -112,6 +112,16 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23258.json b/2024/23xxx/CVE-2024-23258.json index eb0e7d7f40b..80190d02f1e 100644 --- a/2024/23xxx/CVE-2024-23258.json +++ b/2024/23xxx/CVE-2024-23258.json @@ -80,6 +80,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23263.json b/2024/23xxx/CVE-2024-23263.json index c692fc6320e..dba5e9e7f28 100644 --- a/2024/23xxx/CVE-2024-23263.json +++ b/2024/23xxx/CVE-2024-23263.json @@ -168,6 +168,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/24", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/24" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23264.json b/2024/23xxx/CVE-2024-23264.json index 283b0dc8a33..3544773cb49 100644 --- a/2024/23xxx/CVE-2024-23264.json +++ b/2024/23xxx/CVE-2024-23264.json @@ -139,6 +139,16 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23265.json b/2024/23xxx/CVE-2024-23265.json index 173fcd5437a..1287e230cef 100644 --- a/2024/23xxx/CVE-2024-23265.json +++ b/2024/23xxx/CVE-2024-23265.json @@ -166,6 +166,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/23", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/23" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23266.json b/2024/23xxx/CVE-2024-23266.json index 92ff58e6a55..2aaff25eda3 100644 --- a/2024/23xxx/CVE-2024-23266.json +++ b/2024/23xxx/CVE-2024-23266.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23269.json b/2024/23xxx/CVE-2024-23269.json index c60b2647bbf..6a1514bc464 100644 --- a/2024/23xxx/CVE-2024-23269.json +++ b/2024/23xxx/CVE-2024-23269.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23274.json b/2024/23xxx/CVE-2024-23274.json index c1e600ffd63..a732a752d0b 100644 --- a/2024/23xxx/CVE-2024-23274.json +++ b/2024/23xxx/CVE-2024-23274.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23276.json b/2024/23xxx/CVE-2024-23276.json index a0a9f429be1..c9c2d9ec72b 100644 --- a/2024/23xxx/CVE-2024-23276.json +++ b/2024/23xxx/CVE-2024-23276.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23283.json b/2024/23xxx/CVE-2024-23283.json index f3ae0c69184..c95a7bfc8ba 100644 --- a/2024/23xxx/CVE-2024-23283.json +++ b/2024/23xxx/CVE-2024-23283.json @@ -95,6 +95,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23284.json b/2024/23xxx/CVE-2024-23284.json index d4fb659dbf8..58e72c5936e 100644 --- a/2024/23xxx/CVE-2024-23284.json +++ b/2024/23xxx/CVE-2024-23284.json @@ -168,6 +168,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/24", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/24" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23286.json b/2024/23xxx/CVE-2024-23286.json index c491cda3783..040ae2a77d7 100644 --- a/2024/23xxx/CVE-2024-23286.json +++ b/2024/23xxx/CVE-2024-23286.json @@ -166,6 +166,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/23", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/23" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/23xxx/CVE-2024-23296.json b/2024/23xxx/CVE-2024-23296.json index 04fe739affe..d8672adb467 100644 --- a/2024/23xxx/CVE-2024-23296.json +++ b/2024/23xxx/CVE-2024-23296.json @@ -98,6 +98,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/24", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/24" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/26", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/26" } ] } diff --git a/2024/26xxx/CVE-2024-26622.json b/2024/26xxx/CVE-2024-26622.json index c69dc0cbd91..ce19ad847e5 100644 --- a/2024/26xxx/CVE-2024-26622.json +++ b/2024/26xxx/CVE-2024-26622.json @@ -142,6 +142,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/" } ] }, diff --git a/2024/27xxx/CVE-2024-27507.json b/2024/27xxx/CVE-2024-27507.json index 7bb142f2a02..a922a4139ab 100644 --- a/2024/27xxx/CVE-2024-27507.json +++ b/2024/27xxx/CVE-2024-27507.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2024-34301311f8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVOY7E2QWQRVXZTJGI7Z4KXGSU6BGEKH/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-ef8c8a8b37", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QRV2D4GYUZNZRJHVGFSYSOSZLCETI4E/" } ] } diff --git a/2024/2xxx/CVE-2024-2182.json b/2024/2xxx/CVE-2024-2182.json index 4056438e122..0c5781c8ee7 100644 --- a/2024/2xxx/CVE-2024-2182.json +++ b/2024/2xxx/CVE-2024-2182.json @@ -132,7 +132,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { @@ -150,19 +150,19 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] @@ -175,7 +175,13 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" } }, { @@ -193,31 +199,25 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] diff --git a/2024/2xxx/CVE-2024-2400.json b/2024/2xxx/CVE-2024-2400.json index f1eb96a2f23..e843e42ad02 100644 --- a/2024/2xxx/CVE-2024-2400.json +++ b/2024/2xxx/CVE-2024-2400.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2400", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "122.0.6261.128", + "version_value": "122.0.6261.128" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html" + }, + { + "url": "https://issues.chromium.org/issues/327696052", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/327696052" } ] } diff --git a/2024/2xxx/CVE-2024-2403.json b/2024/2xxx/CVE-2024-2403.json index a0a1b78341b..e062e7e0440 100644 --- a/2024/2xxx/CVE-2024-2403.json +++ b/2024/2xxx/CVE-2024-2403.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2403", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@devolutions.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nImproper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and\nearlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Devolutions", + "product": { + "product_data": [ + { + "product_name": "Remote Desktop Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2024-0004", + "refsource": "MISC", + "name": "https://devolutions.net/security/advisories/DEVO-2024-0004" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2412.json b/2024/2xxx/CVE-2024-2412.json index 4b73eec12e7..e0e8f4dae7d 100644 --- a/2024/2xxx/CVE-2024-2412.json +++ b/2024/2xxx/CVE-2024-2412.json @@ -68,9 +68,9 @@ "references": { "reference_data": [ { - "url": "https://www.twcert.org.tw/tw/lp-132-1.html", + "url": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html", "refsource": "MISC", - "name": "https://www.twcert.org.tw/tw/lp-132-1.html" + "name": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html" } ] }, diff --git a/2024/2xxx/CVE-2024-2413.json b/2024/2xxx/CVE-2024-2413.json index 65a5e70dcbe..7288f0da718 100644 --- a/2024/2xxx/CVE-2024-2413.json +++ b/2024/2xxx/CVE-2024-2413.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@cert.org.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-321: Use of Hard-coded Cryptographic Key", + "cweId": "CWE-321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intumit", + "product": { + "product_data": [ + { + "product_name": "SmartRobot", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "earlier version", + "version_value": "v6.1.2-202212tw" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TVN-202403002", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to v6.2.0-202303tw or later version or change current encryption key." + } + ], + "value": "Update to v6.2.0-202303tw or later version or change current encryption key." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2418.json b/2024/2xxx/CVE-2024-2418.json index 98838885ee1..06cf45dc2a8 100644 --- a/2024/2xxx/CVE-2024-2418.json +++ b/2024/2xxx/CVE-2024-2418.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2418", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view_order.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256705 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester Best POS Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /view_order.php. Durch das Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Best POS Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256705", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256705" + }, + { + "url": "https://vuldb.com/?ctiid.256705", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256705" + }, + { + "url": "https://github.com/ycxdzj/CVE_Hunter/blob/main/SQLi-6.md", + "refsource": "MISC", + "name": "https://github.com/ycxdzj/CVE_Hunter/blob/main/SQLi-6.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "hjhctzz (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2431.json b/2024/2xxx/CVE-2024-2431.json index 045ef1c31c3..32224c316e4 100644 --- a/2024/2xxx/CVE-2024-2431.json +++ b/2024/2xxx/CVE-2024-2431.json @@ -1,17 +1,204 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2431", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@paloaltonetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palo Alto Networks", + "product": { + "product_data": [ + { + "product_name": "GlobalProtect App", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.0.4", + "status": "unaffected" + } + ], + "lessThan": "6.0.4", + "status": "affected", + "version": "6.0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "5.1.12", + "status": "unaffected" + } + ], + "lessThan": "5.1.12", + "status": "affected", + "version": "5.1", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "5.2.13", + "status": "unaffected" + } + ], + "lessThan": "5.2.13", + "status": "affected", + "version": "5.2", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "6.1.1", + "status": "unaffected" + } + ], + "lessThan": "6.1.1", + "status": "affected", + "version": "6.1", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "6.2" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2024-2431", + "refsource": "MISC", + "name": "https://security.paloaltonetworks.com/CVE-2024-2431" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "GPC-15349" + ], + "discovery": "EXTERNAL" + }, + "configuration": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This is an issue only if \"Allow User to Disable GlobalProtect App\" is set to \"Allow with Passcode\". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed." + } + ], + "value": "This is an issue only if \"Allow User to Disable GlobalProtect App\" is set to \"Allow with Passcode\". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed." + } + ], + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "You can mitigate this issue by setting \"Allow User to Disable GlobalProtect App\" to \"Disallow\" or \"Allow with Ticket.\"
" + } + ], + "value": "You can mitigate this issue by setting \"Allow User to Disable GlobalProtect App\" to \"Disallow\" or \"Allow with Ticket.\"\n" + } + ], + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.
" + } + ], + "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.
" + } + ], + "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Palo Alto Networks thanks AIG Red Team and Stephen Collyer for discovering and reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2432.json b/2024/2xxx/CVE-2024-2432.json index f895edec5f8..0ef8e53e22d 100644 --- a/2024/2xxx/CVE-2024-2432.json +++ b/2024/2xxx/CVE-2024-2432.json @@ -1,17 +1,174 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2432", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@paloaltonetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palo Alto Networks", + "product": { + "product_data": [ + { + "product_name": "GlobalProtect App", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "5.1.12", + "status": "unaffected" + } + ], + "lessThan": "5.1.12", + "status": "affected", + "version": "5.1", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "6.0.8", + "status": "unaffected" + } + ], + "lessThan": "6.0.8", + "status": "affected", + "version": "6.0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "6.1.2", + "status": "unaffected" + } + ], + "lessThan": "6.1.2", + "status": "affected", + "version": "6.1", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "6.2.1", + "status": "unaffected" + } + ], + "lessThan": "6.2.1", + "status": "affected", + "version": "6.2", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2024-2432", + "refsource": "MISC", + "name": "https://security.paloaltonetworks.com/CVE-2024-2432" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "GPC-18129" + ], + "discovery": "EXTERNAL" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.
" + } + ], + "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.2, GlobalProtect app 6.2.1, and all later GlobalProtect app versions on Windows.
" + } + ], + "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.2, GlobalProtect app 6.2.1, and all later GlobalProtect app versions on Windows.\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Palo Alto Networks thanks Erwin Chan for discovering and reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2433.json b/2024/2xxx/CVE-2024-2433.json index 02f1aecf823..0c3c1461850 100644 --- a/2024/2xxx/CVE-2024-2433.json +++ b/2024/2xxx/CVE-2024-2433.json @@ -1,17 +1,242 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2433", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@paloaltonetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. \n\n\n\nThis issue affects only the web interface of the management plane; the dataplane is unaffected.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palo Alto Networks", + "product": { + "product_data": [ + { + "product_name": "PAN-OS", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "9.0.17-h4", + "status": "unaffected" + } + ], + "lessThan": "9.0.17-h4", + "status": "affected", + "version": "9.0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "9.1.17", + "status": "unaffected" + } + ], + "lessThan": "9.1.17", + "status": "affected", + "version": "9.1", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "10.1.12", + "status": "unaffected" + } + ], + "lessThan": "10.1.12", + "status": "affected", + "version": "10.1", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "10.2.8", + "status": "unaffected" + } + ], + "lessThan": "10.2.8", + "status": "affected", + "version": "10.2", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "11.0.3", + "status": "unaffected" + } + ], + "lessThan": "11.0.3", + "status": "affected", + "version": "11.0", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "11.1" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Cloud NGFW", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "All" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Prisma Access", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "All" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2024-2433", + "refsource": "MISC", + "name": "https://security.paloaltonetworks.com/CVE-2024-2433" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "PAN-181876", + "PAN-218663" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the effect of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.
" + } + ], + "value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the effect of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices .\n" + } + ], + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.
" + } + ], + "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in Panorama on PAN-OS 9.0.17-h4, PAN-OS 9.1.18, PAN-OS 10.1.12, PAN-OS 10.2.11, PAN-OS 11.0.4, and all later PAN-OS versions.
" + } + ], + "value": "This issue is fixed in Panorama on PAN-OS 9.0.17-h4, PAN-OS 9.1.18, PAN-OS 10.1.12, PAN-OS 10.2.11, PAN-OS 11.0.4, and all later PAN-OS versions.\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Palo Alto Networks thanks Omar Eissa (https://de.linkedin.com/in/oeissa) for discovering and reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2437.json b/2024/2xxx/CVE-2024-2437.json index 86dce63ef57..297b7e3b3c1 100644 --- a/2024/2xxx/CVE-2024-2437.json +++ b/2024/2xxx/CVE-2024-2437.json @@ -1,17 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2437", - "ASSIGNER": "security@wordfence.com", - "STATE": "REJECT" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-41728. Reason: This candidate is a reservation duplicate of CVE-2023-41728. Notes: All CVE users should reference CVE-2023-41728 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2438.json b/2024/2xxx/CVE-2024-2438.json index dc2b9facc6a..45acf9a2d75 100644 --- a/2024/2xxx/CVE-2024-2438.json +++ b/2024/2xxx/CVE-2024-2438.json @@ -1,17 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2438", - "ASSIGNER": "security@wordfence.com", - "STATE": "REJECT" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-47851. Reason: This candidate is a reservation duplicate of CVE-2023-47851. Notes: All CVE users should reference CVE-2023-47851 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] }