From 41e32ae277cb0f1be92020d04576f38b8e45246c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 23 Sep 2024 18:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/46xxx/CVE-2023-46948.json | 61 +++++++++-- 2024/0xxx/CVE-2024-0001.json | 97 ++++++++++++++++- 2024/0xxx/CVE-2024-0002.json | 121 ++++++++++++++++++++- 2024/0xxx/CVE-2024-0003.json | 121 ++++++++++++++++++++- 2024/0xxx/CVE-2024-0004.json | 136 +++++++++++++++++++++++- 2024/0xxx/CVE-2024-0005.json | 187 ++++++++++++++++++++++++++++++++- 2024/39xxx/CVE-2024-39341.json | 66 ++++++++++-- 2024/39xxx/CVE-2024-39342.json | 66 ++++++++++-- 2024/7xxx/CVE-2024-7557.json | 18 ++-- 2024/9xxx/CVE-2024-9014.json | 87 ++++++++++++++- 2024/9xxx/CVE-2024-9108.json | 18 ++++ 2024/9xxx/CVE-2024-9109.json | 18 ++++ 2024/9xxx/CVE-2024-9110.json | 18 ++++ 13 files changed, 966 insertions(+), 48 deletions(-) create mode 100644 2024/9xxx/CVE-2024-9108.json create mode 100644 2024/9xxx/CVE-2024-9109.json create mode 100644 2024/9xxx/CVE-2024-9110.json diff --git a/2023/46xxx/CVE-2023-46948.json b/2023/46xxx/CVE-2023-46948.json index fd4d88206dc..84f0083dd44 100644 --- a/2023/46xxx/CVE-2023-46948.json +++ b/2023/46xxx/CVE-2023-46948.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46948", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46948", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://temenos.com", + "refsource": "MISC", + "name": "http://temenos.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/AzraelsBlade/CVE-2023-46948", + "url": "https://github.com/AzraelsBlade/CVE-2023-46948" } ] } diff --git a/2024/0xxx/CVE-2024-0001.json b/2024/0xxx/CVE-2024-0001.json index 5cf87423545..939a1ebfe49 100644 --- a/2024/0xxx/CVE-2024-0001.json +++ b/2024/0xxx/CVE-2024-0001.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0001", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@purestorage.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1188 Insecure Default Initialization of Resource", + "cweId": "CWE-1188" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pure Storage", + "product": { + "product_data": [ + { + "product_name": "FlashArray", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.3.0", + "version_value": "6.3.14" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://purestorage.com/security", + "refsource": "MISC", + "name": "https://purestorage.com/security" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "INTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n
\n
This issue is resolved in the following FlashArray Purity releases:\n
" + } + ], + "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later\u00a0\n * Purity//FA versions 6.5.1 or later\u00a0\n * Purity//FA versions 6.6.1 or later." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0002.json b/2024/0xxx/CVE-2024-0002.json index fd7453765ef..a3c7f423050 100644 --- a/2024/0xxx/CVE-2024-0002.json +++ b/2024/0xxx/CVE-2024-0002.json @@ -1,17 +1,130 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@purestorage.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PureStorage", + "product": { + "product_data": [ + { + "product_name": "FlashArray", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5.3.17", + "version_value": "5.3.21" + }, + { + "version_affected": "<=", + "version_name": "6.1.8", + "version_value": "6.1.25" + }, + { + "version_affected": "<=", + "version_name": "6.0.7", + "version_value": "6.0.9" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.17" + }, + { + "version_affected": "<=", + "version_name": "6.3.0", + "version_value": "6.3.14" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.10" + }, + { + "version_affected": "=", + "version_value": "6.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://purestorage.com/security", + "refsource": "MISC", + "name": "https://purestorage.com/security" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "INTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n
\n
This issue is resolved in the following FlashArray Purity releases:\n
" + } + ], + "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later \n * Purity//FA versions 6.5.1 or later \n * Purity//FA versions 6.6.1 or later." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0003.json b/2024/0xxx/CVE-2024-0003.json index d70caa19047..d9d2e5ff44a 100644 --- a/2024/0xxx/CVE-2024-0003.json +++ b/2024/0xxx/CVE-2024-0003.json @@ -1,17 +1,130 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0003", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@purestorage.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PureStorage", + "product": { + "product_data": [ + { + "product_name": "FlashArray", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5.3.17", + "version_value": "5.3.21" + }, + { + "version_affected": "<=", + "version_name": "6.1.8", + "version_value": "6.1.25" + }, + { + "version_affected": "<=", + "version_name": "6.0.7", + "version_value": "6.0.9" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.17" + }, + { + "version_affected": "<=", + "version_name": "6.3.0", + "version_value": "6.3.14" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.10" + }, + { + "version_affected": "=", + "version_value": "6.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://purestorage.com/security", + "refsource": "MISC", + "name": "https://purestorage.com/security" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "INTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n
\n
This issue is resolved in the following FlashArray Purity releases:\n
" + } + ], + "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later \n * Purity//FA versions 6.5.1 or later \n * Purity//FA versions 6.6.1 or later." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0004.json b/2024/0xxx/CVE-2024-0004.json index dfa30d89096..31f9a5f8ad9 100644 --- a/2024/0xxx/CVE-2024-0004.json +++ b/2024/0xxx/CVE-2024-0004.json @@ -1,17 +1,145 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@purestorage.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PureStorage", + "product": { + "product_data": [ + { + "product_name": "FlashArray", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5.0.0", + "version_value": "5.0.11" + }, + { + "version_affected": "<=", + "version_name": "5.1.0", + "version_value": "5.1.17" + }, + { + "version_affected": "<=", + "version_name": "5.2.0", + "version_value": "5.2.7" + }, + { + "version_affected": "<=", + "version_name": "5.3.0", + "version_value": "5.3.21" + }, + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.0.9" + }, + { + "version_affected": "<=", + "version_name": "6.1.0", + "version_value": "6.1.25" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.17" + }, + { + "version_affected": "<=", + "version_name": "6.3.0", + "version_value": "6.3.14" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.10" + }, + { + "version_affected": "=", + "version_value": "6.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://purestorage.com/security", + "refsource": "MISC", + "name": "https://purestorage.com/security" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "INTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n
\n
This issue is resolved in the following FlashArray Purity releases:\n
" + } + ], + "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later \n * Purity//FA versions 6.5.1 or later \n * Purity//FA versions 6.6.1 or later." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0005.json b/2024/0xxx/CVE-2024-0005.json index 8e8205a5dc5..fe3f5884255 100644 --- a/2024/0xxx/CVE-2024-0005.json +++ b/2024/0xxx/CVE-2024-0005.json @@ -1,17 +1,196 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0005", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@purestorage.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PureStorage", + "product": { + "product_data": [ + { + "product_name": "FlashArray", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5.0.0", + "version_value": "5.0.11" + }, + { + "version_affected": "<=", + "version_name": "5.1.0", + "version_value": "5.1.17" + }, + { + "version_affected": "<=", + "version_name": "5.2.0", + "version_value": "5.2.7" + }, + { + "version_affected": "<=", + "version_name": "5.3.0", + "version_value": "5.3.21" + }, + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.0.9" + }, + { + "version_affected": "<=", + "version_name": "6.1.0", + "version_value": "6.1.25" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.17" + }, + { + "version_affected": "<=", + "version_name": "6.3.0", + "version_value": "6.3.14" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.10" + }, + { + "version_affected": "=", + "version_value": "6.5.0" + }, + { + "version_affected": "=", + "version_value": "6.6.0" + } + ] + } + }, + { + "product_name": "FlashBlade", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.0.0", + "version_value": "3.0.9" + }, + { + "version_affected": "<=", + "version_name": "3.1.0", + "version_value": "3.1.15" + }, + { + "version_affected": "<=", + "version_name": "3.2.0", + "version_value": "3.2.10" + }, + { + "version_affected": "<=", + "version_name": "3.3.0", + "version_value": "3.3.11" + }, + { + "version_affected": "<=", + "version_name": "4.0.0", + "version_value": "4.0.6" + }, + { + "version_affected": "<=", + "version_name": "4.1.0", + "version_value": "4.1.10" + }, + { + "version_affected": "<=", + "version_name": "4.2.0", + "version_value": "4.2.3" + }, + { + "version_affected": "<=", + "version_name": "4.3.0", + "version_value": "4.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://purestorage.com/security", + "refsource": "MISC", + "name": "https://purestorage.com/security" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "INTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n
\n
This issue is resolved in the following FlashArray Purity releases:\n
This issue is resolved in the following FlashBlade Purity releases:\n
" + } + ], + "value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later \n * Purity//FA versions 6.5.1 or later \n * Purity//FA versions 6.6.1 or later.\n\n\nThis issue is resolved in the following\u00a0FlashBlade Purity releases:\n\n * Purity//FB versions 4.1.12 or later\n\n * Purity//FB versions 4.3.2 or later" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/39xxx/CVE-2024-39341.json b/2024/39xxx/CVE-2024-39341.json index 59b250f1236..f68bb6cd792 100644 --- a/2024/39xxx/CVE-2024-39341.json +++ b/2024/39xxx/CVE-2024-39341.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-39341", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-39341", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file (i.e. WebAPI.cfg.xml) after the installation process. This file can be accessed without authentication on HTTP port 80 by guessing the correct IIS webroot path. It includes system configuration parameter names and values with sensitive configuration values encrypted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.entrust.com/", + "refsource": "MISC", + "name": "https://www.entrust.com/" + }, + { + "url": "https://trustedcare.entrust.com/login", + "refsource": "MISC", + "name": "https://trustedcare.entrust.com/login" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/VAMorales/21a8700a67d80c263b38e693fd528313", + "url": "https://gist.github.com/VAMorales/21a8700a67d80c263b38e693fd528313" } ] } diff --git a/2024/39xxx/CVE-2024-39342.json b/2024/39xxx/CVE-2024-39342.json index 8e078d18014..7d402aa7b92 100644 --- a/2024/39xxx/CVE-2024-39342.json +++ b/2024/39xxx/CVE-2024-39342.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-39342", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-39342", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. DCG.Security.dll) with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of the software. Combined with the encrypted password that can be obtained from \"WebAPI.cfg.xml\" in CVE-2024-39341, the decryption is trivial and can lead to privilege escalation on the Windows host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.entrust.com/", + "refsource": "MISC", + "name": "https://www.entrust.com/" + }, + { + "url": "https://trustedcare.entrust.com/login", + "refsource": "MISC", + "name": "https://trustedcare.entrust.com/login" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/VAMorales/21a8700a67d80c263b38e693fd528313", + "url": "https://gist.github.com/VAMorales/21a8700a67d80c263b38e693fd528313" } ] } diff --git a/2024/7xxx/CVE-2024-7557.json b/2024/7xxx/CVE-2024-7557.json index 9dea37e3877..a0956128c5e 100644 --- a/2024/7xxx/CVE-2024-7557.json +++ b/2024/7xxx/CVE-2024-7557.json @@ -93,6 +93,12 @@ } ] }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], "credits": [ { "lang": "en", @@ -103,16 +109,16 @@ "cvss": [ { "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.6, + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", + "integrityImpact": "HIGH", "privilegesRequired": "LOW", - "scope": "CHANGED", + "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ] diff --git a/2024/9xxx/CVE-2024-9014.json b/2024/9xxx/CVE-2024-9014.json index f03719d123c..9cab06a9ab9 100644 --- a/2024/9xxx/CVE-2024-9014.json +++ b/2024/9xxx/CVE-2024-9014.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9014", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@postgresql.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pgadmin.org", + "product": { + "product_data": [ + { + "product_name": "pgAdmin 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "8.12", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pgadmin-org/pgadmin4/issues/7945", + "refsource": "MISC", + "name": "https://github.com/pgadmin-org/pgadmin4/issues/7945" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/9xxx/CVE-2024-9108.json b/2024/9xxx/CVE-2024-9108.json new file mode 100644 index 00000000000..683c4e49328 --- /dev/null +++ b/2024/9xxx/CVE-2024-9108.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9108", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9109.json b/2024/9xxx/CVE-2024-9109.json new file mode 100644 index 00000000000..450a606266b --- /dev/null +++ b/2024/9xxx/CVE-2024-9109.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9109", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9110.json b/2024/9xxx/CVE-2024-9110.json new file mode 100644 index 00000000000..f1e86d19058 --- /dev/null +++ b/2024/9xxx/CVE-2024-9110.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9110", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file