admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-23 18:00:36 +00:00
parent 483e34343f
commit 41e32ae277
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
13 changed files with 966 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2023/46xxx/CVE-2023-46948.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46948",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://temenos.com",
"refsource": "MISC",
"name": "http://temenos.com"
},
{
"refsource": "MISC",
"name": "https://github.com/AzraelsBlade/CVE-2023-46948",
"url": "https://github.com/AzraelsBlade/CVE-2023-46948"
}
]
}

97
2024/0xxx/CVE-2024-0001.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0001",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@purestorage.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1188 Insecure Default Initialization of Resource",
"cweId": "CWE-1188"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pure Storage",
"product": {
"product_data": [
{
"product_name": "FlashArray",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.3.0",
"version_value": "6.3.14"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://purestorage.com/security",
"refsource": "MISC",
"name": "https://purestorage.com/security"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n<br>\n<br>This issue is resolved in the following<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;FlashArray Purity </span> releases:\n<br><ul><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.3.15 or later&nbsp;</span></li><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.5.1 or later&nbsp;</span></li><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.6.1 or later.&nbsp;</span></li></ul></span>"
}
],
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later\u00a0\n * Purity//FA versions 6.5.1 or later\u00a0\n * Purity//FA versions 6.6.1 or later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

121
2024/0xxx/CVE-2024-0002.json
View File

@ -1,17 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0002",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@purestorage.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PureStorage",
"product": {
"product_data": [
{
"product_name": "FlashArray",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.3.17",
"version_value": "5.3.21"
},
{
"version_affected": "<=",
"version_name": "6.1.8",
"version_value": "6.1.25"
},
{
"version_affected": "<=",
"version_name": "6.0.7",
"version_value": "6.0.9"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.17"
},
{
"version_affected": "<=",
"version_name": "6.3.0",
"version_value": "6.3.14"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.10"
},
{
"version_affected": "=",
"version_value": "6.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://purestorage.com/security",
"refsource": "MISC",
"name": "https://purestorage.com/security"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n<br>\n<br>This issue is resolved in the following<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;FlashArray Purity </span> releases:\n<br><ul><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.3.15 or later </span></li><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.5.1 or later </span></li><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.6.1 or later.</span></li></ul>"
}
],
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later \n * Purity//FA versions 6.5.1 or later \n * Purity//FA versions 6.6.1 or later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

121
2024/0xxx/CVE-2024-0003.json
View File

@ -1,17 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0003",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@purestorage.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PureStorage",
"product": {
"product_data": [
{
"product_name": "FlashArray",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.3.17",
"version_value": "5.3.21"
},
{
"version_affected": "<=",
"version_name": "6.1.8",
"version_value": "6.1.25"
},
{
"version_affected": "<=",
"version_name": "6.0.7",
"version_value": "6.0.9"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.17"
},
{
"version_affected": "<=",
"version_name": "6.3.0",
"version_value": "6.3.14"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.10"
},
{
"version_affected": "=",
"version_value": "6.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://purestorage.com/security",
"refsource": "MISC",
"name": "https://purestorage.com/security"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n<br>\n<br>This issue is resolved in the following<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;FlashArray Purity </span> releases:\n<br><ul><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.3.15 or later </span></li><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.5.1 or later </span></li><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.6.1 or later.</span></li></ul>"
}
],
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later \n * Purity//FA versions 6.5.1 or later \n * Purity//FA versions 6.6.1 or later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

136
2024/0xxx/CVE-2024-0004.json
View File

@ -1,17 +1,145 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0004",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@purestorage.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PureStorage",
"product": {
"product_data": [
{
"product_name": "FlashArray",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.0.0",
"version_value": "5.0.11"
},
{
"version_affected": "<=",
"version_name": "5.1.0",
"version_value": "5.1.17"
},
{
"version_affected": "<=",
"version_name": "5.2.0",
"version_value": "5.2.7"
},
{
"version_affected": "<=",
"version_name": "5.3.0",
"version_value": "5.3.21"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.9"
},
{
"version_affected": "<=",
"version_name": "6.1.0",
"version_value": "6.1.25"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.17"
},
{
"version_affected": "<=",
"version_name": "6.3.0",
"version_value": "6.3.14"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.10"
},
{
"version_affected": "=",
"version_value": "6.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://purestorage.com/security",
"refsource": "MISC",
"name": "https://purestorage.com/security"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n<br>\n<br>This issue is resolved in the following<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;FlashArray Purity </span> releases:\n<br><ul><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.3.15 or later </span></li><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.5.1 or later </span></li><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.6.1 or later.</span></li></ul>"
}
],
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later \n * Purity//FA versions 6.5.1 or later \n * Purity//FA versions 6.6.1 or later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

187
2024/0xxx/CVE-2024-0005.json
View File

@ -1,17 +1,196 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@purestorage.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PureStorage",
"product": {
"product_data": [
{
"product_name": "FlashArray",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.0.0",
"version_value": "5.0.11"
},
{
"version_affected": "<=",
"version_name": "5.1.0",
"version_value": "5.1.17"
},
{
"version_affected": "<=",
"version_name": "5.2.0",
"version_value": "5.2.7"
},
{
"version_affected": "<=",
"version_name": "5.3.0",
"version_value": "5.3.21"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.9"
},
{
"version_affected": "<=",
"version_name": "6.1.0",
"version_value": "6.1.25"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.17"
},
{
"version_affected": "<=",
"version_name": "6.3.0",
"version_value": "6.3.14"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.10"
},
{
"version_affected": "=",
"version_value": "6.5.0"
},
{
"version_affected": "=",
"version_value": "6.6.0"
}
]
}
},
{
"product_name": "FlashBlade",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.0.0",
"version_value": "3.0.9"
},
{
"version_affected": "<=",
"version_name": "3.1.0",
"version_value": "3.1.15"
},
{
"version_affected": "<=",
"version_name": "3.2.0",
"version_value": "3.2.10"
},
{
"version_affected": "<=",
"version_name": "3.3.0",
"version_value": "3.3.11"
},
{
"version_affected": "<=",
"version_name": "4.0.0",
"version_value": "4.0.6"
},
{
"version_affected": "<=",
"version_name": "4.1.0",
"version_value": "4.1.10"
},
{
"version_affected": "<=",
"version_name": "4.2.0",
"version_value": "4.2.3"
},
{
"version_affected": "<=",
"version_name": "4.3.0",
"version_value": "4.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://purestorage.com/security",
"refsource": "MISC",
"name": "https://purestorage.com/security"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n<br>\n<br>This issue is resolved in the following<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;FlashArray Purity </span> releases:\n<br><ul><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.3.15 or later </span></li><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.5.1 or later </span></li><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FA versions 6.6.1 or later.</span></li></ul><span style=\"background-color: rgb(255, 255, 255);\">This issue is resolved in the following<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;FlashBlade Purity </span> releases:\n<br><ul><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FB versions 4.1.12 or later\n</span></li><li><span style=\"background-color: rgb(255, 255, 255);\">Purity//FB versions 4.3.2 or later</span></li></ul></span>"
}
],
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later \n * Purity//FA versions 6.5.1 or later \n * Purity//FA versions 6.6.1 or later.\n\n\nThis issue is resolved in the following\u00a0FlashBlade Purity releases:\n\n * Purity//FB versions 4.1.12 or later\n\n * Purity//FB versions 4.3.2 or later"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

66
2024/39xxx/CVE-2024-39341.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39341",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file (i.e. WebAPI.cfg.xml) after the installation process. This file can be accessed without authentication on HTTP port 80 by guessing the correct IIS webroot path. It includes system configuration parameter names and values with sensitive configuration values encrypted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.entrust.com/",
"refsource": "MISC",
"name": "https://www.entrust.com/"
},
{
"url": "https://trustedcare.entrust.com/login",
"refsource": "MISC",
"name": "https://trustedcare.entrust.com/login"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/VAMorales/21a8700a67d80c263b38e693fd528313",
"url": "https://gist.github.com/VAMorales/21a8700a67d80c263b38e693fd528313"
}
]
}

66
2024/39xxx/CVE-2024-39342.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39342",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. DCG.Security.dll) with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of the software. Combined with the encrypted password that can be obtained from \"WebAPI.cfg.xml\" in CVE-2024-39341, the decryption is trivial and can lead to privilege escalation on the Windows host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.entrust.com/",
"refsource": "MISC",
"name": "https://www.entrust.com/"
},
{
"url": "https://trustedcare.entrust.com/login",
"refsource": "MISC",
"name": "https://trustedcare.entrust.com/login"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/VAMorales/21a8700a67d80c263b38e693fd528313",
"url": "https://gist.github.com/VAMorales/21a8700a67d80c263b38e693fd528313"
}
]
}

18
2024/7xxx/CVE-2024-7557.json
View File

@ -93,6 +93,12 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"credits": [
{
"lang": "en",
@ -103,16 +109,16 @@
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]

87
2024/9xxx/CVE-2024-9014.json
View File

@ -1,17 +1,96 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@postgresql.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pgadmin.org",
"product": {
"product_data": [
{
"product_name": "pgAdmin 4",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "8.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/pgadmin-org/pgadmin4/issues/7945",
"refsource": "MISC",
"name": "https://github.com/pgadmin-org/pgadmin4/issues/7945"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2024/9xxx/CVE-2024-9108.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9108",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9109.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9109",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9110.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9110",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}