From 41ce9989533ab90d8c7ec15d0d58c7eab4c1c3ec Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 6 Dec 2024 17:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/12xxx/CVE-2024-12254.json | 12 +++- 2024/12xxx/CVE-2024-12315.json | 18 +++++ 2024/12xxx/CVE-2024-12316.json | 18 +++++ 2024/12xxx/CVE-2024-12317.json | 18 +++++ 2024/12xxx/CVE-2024-12318.json | 18 +++++ 2024/12xxx/CVE-2024-12319.json | 18 +++++ 2024/48xxx/CVE-2024-48859.json | 105 ++++++++++++++++++++++++++-- 2024/48xxx/CVE-2024-48863.json | 83 ++++++++++++++++++++-- 2024/48xxx/CVE-2024-48865.json | 105 ++++++++++++++++++++++++++-- 2024/48xxx/CVE-2024-48866.json | 105 ++++++++++++++++++++++++++-- 2024/48xxx/CVE-2024-48867.json | 105 ++++++++++++++++++++++++++-- 2024/48xxx/CVE-2024-48868.json | 105 ++++++++++++++++++++++++++-- 2024/50xxx/CVE-2024-50387.json | 88 +++++++++++++++++++++-- 2024/50xxx/CVE-2024-50388.json | 88 +++++++++++++++++++++-- 2024/50xxx/CVE-2024-50389.json | 83 ++++++++++++++++++++-- 2024/50xxx/CVE-2024-50393.json | 123 +++++++++++++++++++++++++++++++-- 2024/50xxx/CVE-2024-50402.json | 105 ++++++++++++++++++++++++++-- 2024/50xxx/CVE-2024-50403.json | 95 +++++++++++++++++++++++-- 2024/50xxx/CVE-2024-50404.json | 83 ++++++++++++++++++++-- 2024/50xxx/CVE-2024-50677.json | 61 ++++++++++++++-- 2024/53xxx/CVE-2024-53691.json | 105 ++++++++++++++++++++++++++-- 2024/54xxx/CVE-2024-54137.json | 81 ++++++++++++++++++++-- 2024/54xxx/CVE-2024-54143.json | 63 +++++++++++++++-- 2024/54xxx/CVE-2024-54749.json | 56 +++++++++++++-- 2024/55xxx/CVE-2024-55533.json | 18 +++++ 2024/55xxx/CVE-2024-55534.json | 18 +++++ 2024/55xxx/CVE-2024-55535.json | 18 +++++ 2024/55xxx/CVE-2024-55536.json | 18 +++++ 2024/55xxx/CVE-2024-55537.json | 18 +++++ 2024/9xxx/CVE-2024-9287.json | 10 +++ 30 files changed, 1750 insertions(+), 91 deletions(-) create mode 100644 2024/12xxx/CVE-2024-12315.json create mode 100644 2024/12xxx/CVE-2024-12316.json create mode 100644 2024/12xxx/CVE-2024-12317.json create mode 100644 2024/12xxx/CVE-2024-12318.json create mode 100644 2024/12xxx/CVE-2024-12319.json create mode 100644 2024/55xxx/CVE-2024-55533.json create mode 100644 2024/55xxx/CVE-2024-55534.json create mode 100644 2024/55xxx/CVE-2024-55535.json create mode 100644 2024/55xxx/CVE-2024-55536.json create mode 100644 2024/55xxx/CVE-2024-55537.json diff --git a/2024/12xxx/CVE-2024-12254.json b/2024/12xxx/CVE-2024-12254.json index 604848de2cb..c5a30dc59f9 100644 --- a/2024/12xxx/CVE-2024-12254.json +++ b/2024/12xxx/CVE-2024-12254.json @@ -51,7 +51,7 @@ { "version_affected": "<", "version_name": "3.12.0", - "version_value": "3.14.0a1" + "version_value": "3.14.0a2" } ] } @@ -78,6 +78,16 @@ "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/", "refsource": "MISC", "name": "https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/" + }, + { + "url": "https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82" + }, + { + "url": "https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5" } ] }, diff --git a/2024/12xxx/CVE-2024-12315.json b/2024/12xxx/CVE-2024-12315.json new file mode 100644 index 00000000000..1c077c8a542 --- /dev/null +++ b/2024/12xxx/CVE-2024-12315.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12315", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12316.json b/2024/12xxx/CVE-2024-12316.json new file mode 100644 index 00000000000..70a83837a40 --- /dev/null +++ b/2024/12xxx/CVE-2024-12316.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12316", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12317.json b/2024/12xxx/CVE-2024-12317.json new file mode 100644 index 00000000000..883b251b8d6 --- /dev/null +++ b/2024/12xxx/CVE-2024-12317.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12317", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12318.json b/2024/12xxx/CVE-2024-12318.json new file mode 100644 index 00000000000..d9efd49878d --- /dev/null +++ b/2024/12xxx/CVE-2024-12318.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12318", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12319.json b/2024/12xxx/CVE-2024-12319.json new file mode 100644 index 00000000000..c4e3d03cd66 --- /dev/null +++ b/2024/12xxx/CVE-2024-12319.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12319", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/48xxx/CVE-2024-48859.json b/2024/48xxx/CVE-2024-48859.json index a1b5a108386..2a632987adb 100644 --- a/2024/48xxx/CVE-2024-48859.json +++ b/2024/48xxx/CVE-2024-48859.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48859", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.1.x", + "version_value": "5.1.9.2954 build 20241120" + }, + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.2.2950 build 20241114" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.1.x", + "version_value": "h5.1.9.2954 build 20241120" + }, + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.2.2952 build 20241116" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-49", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-49" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-49", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Pwn2Own 2024 - Corentin BAYET of Reverse_Tactics" + } + ] } \ No newline at end of file diff --git a/2024/48xxx/CVE-2024-48863.json b/2024/48xxx/CVE-2024-48863.json index 0d71631ed8b..07afdaf6094 100644 --- a/2024/48xxx/CVE-2024-48863.json +++ b/2024/48xxx/CVE-2024-48863.json @@ -1,18 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48863", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nLicense Center 1.9.43 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "License Center", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.9.x", + "version_value": "1.9.43" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-50", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-50" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-50", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
License Center 1.9.43 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nLicense Center 1.9.43 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Anh Nguyen Le Quoc (h4niz), Tri, Nguyen Huu (trinh), Quy, Cao Ngoc (quycn) of bl4ckh0l3 from Galaxy One" + } + ] } \ No newline at end of file diff --git a/2024/48xxx/CVE-2024-48865.json b/2024/48xxx/CVE-2024-48865.json index c3ea007a6e4..baab8f0c6a1 100644 --- a/2024/48xxx/CVE-2024-48865.json +++ b/2024/48xxx/CVE-2024-48865.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48865", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295", + "cweId": "CWE-295" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.1.x", + "version_value": "5.1.9.2954 build 20241120" + }, + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.2.2950 build 20241114" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.1.x", + "version_value": "h5.1.9.2954 build 20241120" + }, + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.2.2952 build 20241116" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-49", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-49" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-49", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Pwn2Own 2024 - ExLuck of ANHTUD" + } + ] } \ No newline at end of file diff --git a/2024/48xxx/CVE-2024-48866.json b/2024/48xxx/CVE-2024-48866.json index 30a328d2991..6e0e5d6eeb7 100644 --- a/2024/48xxx/CVE-2024-48866.json +++ b/2024/48xxx/CVE-2024-48866.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48866", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-177", + "cweId": "CWE-177" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.1.x", + "version_value": "5.1.9.2954 build 20241120" + }, + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.2.2950 build 20241114" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.1.x", + "version_value": "h5.1.9.2954 build 20241120" + }, + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.2.2952 build 20241116" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-49", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-49" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-49", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Pwn2Own 2024 - Chris Anastasio & Fabius Watson" + } + ] } \ No newline at end of file diff --git a/2024/48xxx/CVE-2024-48867.json b/2024/48xxx/CVE-2024-48867.json index 541e4e95d2c..c88012a367d 100644 --- a/2024/48xxx/CVE-2024-48867.json +++ b/2024/48xxx/CVE-2024-48867.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48867", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-93", + "cweId": "CWE-93" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.1.x", + "version_value": "5.1.9.2954 build 20241120" + }, + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.2.2950 build 20241114" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.1.x", + "version_value": "h5.1.9.2954 build 20241120" + }, + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.2.2952 build 20241116" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-49", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-49" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-49", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Pwn2Own 2024 - Chris Anastasio & Fabius Watson" + } + ] } \ No newline at end of file diff --git a/2024/48xxx/CVE-2024-48868.json b/2024/48xxx/CVE-2024-48868.json index 2cef7b96e34..cebce499886 100644 --- a/2024/48xxx/CVE-2024-48868.json +++ b/2024/48xxx/CVE-2024-48868.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48868", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-93", + "cweId": "CWE-93" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.1.x", + "version_value": "5.1.9.2954 build 20241120" + }, + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.2.2950 build 20241114" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.1.x", + "version_value": "h5.1.9.2954 build 20241120" + }, + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.2.2952 build 20241116" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-49", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-49" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-49", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Pwn2Own 2024 - Chris Anastasio & Fabius Watson" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50387.json b/2024/50xxx/CVE-2024-50387.json index dc42253fd92..242965f29e5 100644 --- a/2024/50xxx/CVE-2024-50387.json +++ b/2024/50xxx/CVE-2024-50387.json @@ -1,18 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50387", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code.\n\nWe have already fixed the vulnerability in the following version:\nSMB Service 4.15.002 and later\nSMB Service h4.15.002 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "SMB Service", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.15.x", + "version_value": "4.15.002" + }, + { + "version_affected": "<", + "version_name": "h4.15.x", + "version_value": "h4.15.002" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-42", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-42" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-42", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
SMB Service 4.15.002 and later
SMB Service h4.15.002 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nSMB Service 4.15.002 and later\nSMB Service h4.15.002 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Pwn2Own 2024 - YingMuo working with DEVCORE Internship Program" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50388.json b/2024/50xxx/CVE-2024-50388.json index 238a600f037..c7cef2d6b91 100644 --- a/2024/50xxx/CVE-2024-50388.json +++ b/2024/50xxx/CVE-2024-50388.json @@ -1,18 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50388", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands.\n\nWe have already fixed the vulnerability in the following version:\nHBS 3 Hybrid Backup Sync 25.1.1.673 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77", + "cweId": "CWE-77" + }, + { + "lang": "eng", + "value": "CWE-78", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "HBS 3 Hybrid Backup Sync", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "25.1.x", + "version_value": "25.1.1.673" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-41", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-41" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-41", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 25.1.1.673 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nHBS 3 Hybrid Backup Sync 25.1.1.673 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Pwn2Own 2024 - Viettel Cyber Security" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50389.json b/2024/50xxx/CVE-2024-50389.json index 14d350daf49..7aa48d6fec9 100644 --- a/2024/50xxx/CVE-2024-50389.json +++ b/2024/50xxx/CVE-2024-50389.json @@ -1,18 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50389", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.4.5.032 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QuRouter", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.4.x", + "version_value": "2.4.5.032" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-45", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-45" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-45", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
QuRouter 2.4.5.032 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nQuRouter 2.4.5.032 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Pwn2Own 2024 - Viettel Cyber Security" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50393.json b/2024/50xxx/CVE-2024-50393.json index 4e270ab5a27..86453257034 100644 --- a/2024/50xxx/CVE-2024-50393.json +++ b/2024/50xxx/CVE-2024-50393.json @@ -1,18 +1,131 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50393", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "5.1.9.2954 build 20241120", + "status": "affected", + "version": "5.1.x", + "versionType": "custom" + }, + { + "lessThan": "5.2.2.2950 build 20241114", + "status": "affected", + "version": "5.2.x", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "5.0.x" + }, + { + "status": "unaffected", + "version": "4.5.x" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.1.x", + "version_value": "h5.1.9.2954 build 20241120" + }, + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.2.2952 build 20241116" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-49", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-49" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-49", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Pwn2Own 2024 - Corentin BAYET of Reverse_Tactics" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50402.json b/2024/50xxx/CVE-2024-50402.json index e9670accd15..b3d592c273e 100644 --- a/2024/50xxx/CVE-2024-50402.json +++ b/2024/50xxx/CVE-2024-50402.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50402", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134", + "cweId": "CWE-134" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.1.x", + "version_value": "5.1.9.2954 build 20241120" + }, + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.2.2950 build 20241114" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.1.x", + "version_value": "h5.1.9.2954 build 20241120" + }, + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.2.2952 build 20241116" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-49", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-49" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-49", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Anh Nguyen Le Quoc (h4niz), Tri, Nguyen Huu (trinh), Quy, Cao Ngoc (quycn) of bl4ckh0l3 from Galaxy One" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50403.json b/2024/50xxx/CVE-2024-50403.json index 59cd8a03f71..6ca99f038ff 100644 --- a/2024/50xxx/CVE-2024-50403.json +++ b/2024/50xxx/CVE-2024-50403.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50403", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134", + "cweId": "CWE-134" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.2.2950 build 20241114" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.2.2952 build 20241116" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-49", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-49" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-49", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.2.2.2952 build 20241116 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.2.2.2952 build 20241116 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Anh Nguyen Le Quoc (h4niz), Tri, Nguyen Huu (trinh), Quy, Cao Ngoc (quycn) of bl4ckh0l3 from Galaxy One" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50404.json b/2024/50xxx/CVE-2024-50404.json index e7493ea3a38..de836885d51 100644 --- a/2024/50xxx/CVE-2024-50404.json +++ b/2024/50xxx/CVE-2024-50404.json @@ -1,18 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50404", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.\n\nWe have already fixed the vulnerability in the following versions:\nQsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59", + "cweId": "CWE-59" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "Qsync Central", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.4.x.x", + "version_value": "4.4.0.16_20240819 ( 2024/08/19 )" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-48", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-48" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-48", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "c411e" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50677.json b/2024/50xxx/CVE-2024-50677.json index 6dd69f309a6..81c344876ad 100644 --- a/2024/50xxx/CVE-2024-50677.json +++ b/2024/50xxx/CVE-2024-50677.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-50677", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-50677", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/oroinc/orocommerce-application", + "refsource": "MISC", + "name": "https://github.com/oroinc/orocommerce-application" + }, + { + "refsource": "MISC", + "name": "https://github.com/ZumiYumi/CVE-2024-50677", + "url": "https://github.com/ZumiYumi/CVE-2024-50677" } ] } diff --git a/2024/53xxx/CVE-2024-53691.json b/2024/53xxx/CVE-2024-53691.json index 84c62f0bafb..1ee5af571d0 100644 --- a/2024/53xxx/CVE-2024-53691.json +++ b/2024/53xxx/CVE-2024-53691.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53691", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.8.2823 build 20240712 and later\nQTS 5.2.0.2802 build 20240620 and later\nQuTS hero h5.1.8.2823 build 20240712 and later\nQuTS hero h5.2.0.2802 build 20240620 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59", + "cweId": "CWE-59" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.1.x", + "version_value": "5.1.8.2823 build 20240712" + }, + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.0.2802 build 20240620" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.1.x", + "version_value": "h5.1.8.2823 build 20240712" + }, + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.0.2802 build 20240620" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-28", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-28" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-28", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QTS 5.2.0.2802 build 20240620 and later
QuTS hero h5.1.8.2823 build 20240712 and later
QuTS hero h5.2.0.2802 build 20240620 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.8.2823 build 20240712 and later\nQTS 5.2.0.2802 build 20240620 and later\nQuTS hero h5.1.8.2823 build 20240712 and later\nQuTS hero h5.2.0.2802 build 20240620 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "c411e" + } + ] } \ No newline at end of file diff --git a/2024/54xxx/CVE-2024-54137.json b/2024/54xxx/CVE-2024-54137.json index fab3d2ce361..971f1b99c39 100644 --- a/2024/54xxx/CVE-2024-54137.json +++ b/2024/54xxx/CVE-2024-54137.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-54137", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "open-quantum-safe", + "product": { + "product_data": [ + { + "product_name": "liboqs", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7", + "refsource": "MISC", + "name": "https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7" + }, + { + "url": "https://github.com/open-quantum-safe/liboqs/commit/cce1bfde4e52c524b087b9687020d283fbde0f24", + "refsource": "MISC", + "name": "https://github.com/open-quantum-safe/liboqs/commit/cce1bfde4e52c524b087b9687020d283fbde0f24" + } + ] + }, + "source": { + "advisory": "GHSA-gpf4-vrrw-r8v7", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/54xxx/CVE-2024-54143.json b/2024/54xxx/CVE-2024-54143.json index 87e3d9d3cd7..66325a64b03 100644 --- a/2024/54xxx/CVE-2024-54143.json +++ b/2024/54xxx/CVE-2024-54143.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-54143", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious image can be served in place of a legitimate one, allowing the attacker to \"poison\" the artifact cache and deliver compromised images to unsuspecting users. This can be combined with other attacks, such as a command injection in Imagebuilder that allows malicious users to inject arbitrary commands into the build process, resulting in the production of malicious firmware images signed with the legitimate build key. This has been patched with 920c8a1." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-328: Use of Weak Hash", + "cweId": "CWE-328" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "openwrt", + "product": { + "product_data": [ + { + "product_name": "asu", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 920c8a1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openwrt/asu/security/advisories/GHSA-r3gq-96h6-3v7q", + "refsource": "MISC", + "name": "https://github.com/openwrt/asu/security/advisories/GHSA-r3gq-96h6-3v7q" + }, + { + "url": "https://github.com/openwrt/asu/commit/920c8a13d97b4d4095f0d939cf0aaae777e0f87e", + "refsource": "MISC", + "name": "https://github.com/openwrt/asu/commit/920c8a13d97b4d4095f0d939cf0aaae777e0f87e" + } + ] + }, + "source": { + "advisory": "GHSA-r3gq-96h6-3v7q", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/54xxx/CVE-2024-54749.json b/2024/54xxx/CVE-2024-54749.json index 167ebad9e97..47a4510f200 100644 --- a/2024/54xxx/CVE-2024-54749.json +++ b/2024/54xxx/CVE-2024-54749.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-54749", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-54749", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://colorful-meadow-5b9.notion.site/U7-Pro_HardCode_vuln-14bc216a1c30802e9c4cd03753e880cc?pvs=4", + "refsource": "MISC", + "name": "https://colorful-meadow-5b9.notion.site/U7-Pro_HardCode_vuln-14bc216a1c30802e9c4cd03753e880cc?pvs=4" } ] } diff --git a/2024/55xxx/CVE-2024-55533.json b/2024/55xxx/CVE-2024-55533.json new file mode 100644 index 00000000000..f3cdb7d007f --- /dev/null +++ b/2024/55xxx/CVE-2024-55533.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-55533", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/55xxx/CVE-2024-55534.json b/2024/55xxx/CVE-2024-55534.json new file mode 100644 index 00000000000..dc75d1e7756 --- /dev/null +++ b/2024/55xxx/CVE-2024-55534.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-55534", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/55xxx/CVE-2024-55535.json b/2024/55xxx/CVE-2024-55535.json new file mode 100644 index 00000000000..771a70fe7db --- /dev/null +++ b/2024/55xxx/CVE-2024-55535.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-55535", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/55xxx/CVE-2024-55536.json b/2024/55xxx/CVE-2024-55536.json new file mode 100644 index 00000000000..0d6944c187e --- /dev/null +++ b/2024/55xxx/CVE-2024-55536.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-55536", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/55xxx/CVE-2024-55537.json b/2024/55xxx/CVE-2024-55537.json new file mode 100644 index 00000000000..ea698da66e7 --- /dev/null +++ b/2024/55xxx/CVE-2024-55537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-55537", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9287.json b/2024/9xxx/CVE-2024-9287.json index fecf1a9d636..cdc5d5ac8fa 100644 --- a/2024/9xxx/CVE-2024-9287.json +++ b/2024/9xxx/CVE-2024-9287.json @@ -54,6 +54,16 @@ "version_name": "3.11.0", "version_value": "3.11.11" }, + { + "version_affected": "<", + "version_name": "3.12.0", + "version_value": "3.12.8" + }, + { + "version_affected": "<", + "version_name": "3.13.0", + "version_value": "3.13.1" + }, { "version_affected": "<", "version_name": "3.14.0a1",