From 47a29a1ca2b6c2e6c7b911e4bc4383d75f0968d3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 14:16:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/26xxx/CVE-2021-26931.json | 10 -- 2022/23xxx/CVE-2022-23222.json | 10 ++ 2023/40xxx/CVE-2023-40547.json | 4 +- 2023/40xxx/CVE-2023-40548.json | 4 +- 2023/4xxx/CVE-2023-4194.json | 4 +- 2023/50xxx/CVE-2023-50702.json | 56 ++++++++- 2023/52xxx/CVE-2023-52159.json | 5 + 2023/6xxx/CVE-2023-6240.json | 4 +- 2023/6xxx/CVE-2023-6780.json | 4 +- 2023/7xxx/CVE-2023-7216.json | 4 +- 2024/21xxx/CVE-2024-21912.json | 97 ++++++++++++++- 2024/21xxx/CVE-2024-21913.json | 97 ++++++++++++++- 2024/21xxx/CVE-2024-21918.json | 97 ++++++++++++++- 2024/21xxx/CVE-2024-21919.json | 97 ++++++++++++++- 2024/21xxx/CVE-2024-21920.json | 97 ++++++++++++++- 2024/25xxx/CVE-2024-25002.json | 85 ++++++++++++- 2024/25xxx/CVE-2024-25136.json | 219 ++++++++++++++++++++++++++++++++- 2024/25xxx/CVE-2024-25137.json | 219 ++++++++++++++++++++++++++++++++- 2024/25xxx/CVE-2024-25138.json | 219 ++++++++++++++++++++++++++++++++- 2024/25xxx/CVE-2024-25175.json | 61 ++++++++- 2024/25xxx/CVE-2024-25956.json | 79 +++++++++++- 2024/25xxx/CVE-2024-25957.json | 79 +++++++++++- 2024/25xxx/CVE-2024-25958.json | 79 +++++++++++- 2024/26xxx/CVE-2024-26577.json | 56 ++++++++- 2024/26xxx/CVE-2024-26644.json | 126 ++++++++++++++++++- 2024/26xxx/CVE-2024-26645.json | 158 +++++++++++++++++++++++- 2024/27xxx/CVE-2024-27455.json | 2 +- 2024/28xxx/CVE-2024-28387.json | 61 ++++++++- 2024/28xxx/CVE-2024-28434.json | 61 ++++++++- 2024/28xxx/CVE-2024-28435.json | 61 ++++++++- 2024/29xxx/CVE-2024-29197.json | 85 ++++++++++++- 2024/29xxx/CVE-2024-29808.json | 79 +++++++++++- 2024/29xxx/CVE-2024-29809.json | 79 +++++++++++- 2024/29xxx/CVE-2024-29810.json | 79 +++++++++++- 2024/29xxx/CVE-2024-29832.json | 79 +++++++++++- 2024/29xxx/CVE-2024-29833.json | 79 +++++++++++- 2024/2xxx/CVE-2024-2212.json | 94 +++++++++++++- 2024/2xxx/CVE-2024-2214.json | 85 ++++++++++++- 2024/2xxx/CVE-2024-2452.json | 94 +++++++++++++- 2024/2xxx/CVE-2024-2866.json | 18 +++ 2024/2xxx/CVE-2024-2892.json | 110 +++++++++++++++++ 2024/2xxx/CVE-2024-2915.json | 70 +++++++++++ 2024/2xxx/CVE-2024-2916.json | 110 +++++++++++++++++ 2024/2xxx/CVE-2024-2917.json | 110 +++++++++++++++++ 2024/2xxx/CVE-2024-2921.json | 70 +++++++++++ 2024/2xxx/CVE-2024-2924.json | 18 +++ 2024/2xxx/CVE-2024-2925.json | 18 +++ 2024/2xxx/CVE-2024-2926.json | 18 +++ 2024/2xxx/CVE-2024-2927.json | 18 +++ 2024/2xxx/CVE-2024-2928.json | 18 +++ 2024/2xxx/CVE-2024-2929.json | 120 ++++++++++++++++++ 2024/2xxx/CVE-2024-2930.json | 18 +++ 2024/2xxx/CVE-2024-2931.json | 18 +++ 2024/2xxx/CVE-2024-2932.json | 18 +++ 2024/2xxx/CVE-2024-2933.json | 18 +++ 2024/2xxx/CVE-2024-2934.json | 18 +++ 2024/2xxx/CVE-2024-2935.json | 18 +++ 2024/2xxx/CVE-2024-2972.json | 18 +++ 2024/2xxx/CVE-2024-2973.json | 18 +++ 2024/30xxx/CVE-2024-30202.json | 68 ++-------- 2024/30xxx/CVE-2024-30203.json | 63 ++-------- 2024/30xxx/CVE-2024-30204.json | 63 ++-------- 2024/30xxx/CVE-2024-30205.json | 12 +- 2024/30xxx/CVE-2024-30271.json | 18 +++ 2024/30xxx/CVE-2024-30378.json | 18 +++ 2024/30xxx/CVE-2024-30379.json | 18 +++ 2024/30xxx/CVE-2024-30380.json | 18 +++ 2024/30xxx/CVE-2024-30381.json | 18 +++ 2024/30xxx/CVE-2024-30382.json | 18 +++ 2024/30xxx/CVE-2024-30383.json | 18 +++ 2024/30xxx/CVE-2024-30384.json | 18 +++ 2024/30xxx/CVE-2024-30385.json | 18 +++ 2024/30xxx/CVE-2024-30386.json | 18 +++ 2024/30xxx/CVE-2024-30387.json | 18 +++ 2024/30xxx/CVE-2024-30388.json | 18 +++ 2024/30xxx/CVE-2024-30389.json | 18 +++ 2024/30xxx/CVE-2024-30390.json | 18 +++ 2024/30xxx/CVE-2024-30391.json | 18 +++ 2024/30xxx/CVE-2024-30392.json | 18 +++ 2024/30xxx/CVE-2024-30393.json | 18 +++ 2024/30xxx/CVE-2024-30394.json | 18 +++ 2024/30xxx/CVE-2024-30395.json | 18 +++ 2024/30xxx/CVE-2024-30396.json | 18 +++ 2024/30xxx/CVE-2024-30397.json | 18 +++ 2024/30xxx/CVE-2024-30398.json | 18 +++ 2024/30xxx/CVE-2024-30399.json | 18 +++ 2024/30xxx/CVE-2024-30400.json | 18 +++ 2024/30xxx/CVE-2024-30401.json | 18 +++ 2024/30xxx/CVE-2024-30402.json | 18 +++ 2024/30xxx/CVE-2024-30403.json | 18 +++ 2024/30xxx/CVE-2024-30404.json | 18 +++ 2024/30xxx/CVE-2024-30405.json | 18 +++ 2024/30xxx/CVE-2024-30406.json | 18 +++ 2024/30xxx/CVE-2024-30407.json | 18 +++ 2024/30xxx/CVE-2024-30408.json | 18 +++ 2024/30xxx/CVE-2024-30409.json | 18 +++ 96 files changed, 4215 insertions(+), 335 deletions(-) create mode 100644 2024/2xxx/CVE-2024-2866.json create mode 100644 2024/2xxx/CVE-2024-2892.json create mode 100644 2024/2xxx/CVE-2024-2915.json create mode 100644 2024/2xxx/CVE-2024-2916.json create mode 100644 2024/2xxx/CVE-2024-2917.json create mode 100644 2024/2xxx/CVE-2024-2921.json create mode 100644 2024/2xxx/CVE-2024-2924.json create mode 100644 2024/2xxx/CVE-2024-2925.json create mode 100644 2024/2xxx/CVE-2024-2926.json create mode 100644 2024/2xxx/CVE-2024-2927.json create mode 100644 2024/2xxx/CVE-2024-2928.json create mode 100644 2024/2xxx/CVE-2024-2929.json create mode 100644 2024/2xxx/CVE-2024-2930.json create mode 100644 2024/2xxx/CVE-2024-2931.json create mode 100644 2024/2xxx/CVE-2024-2932.json create mode 100644 2024/2xxx/CVE-2024-2933.json create mode 100644 2024/2xxx/CVE-2024-2934.json create mode 100644 2024/2xxx/CVE-2024-2935.json create mode 100644 2024/2xxx/CVE-2024-2972.json create mode 100644 2024/2xxx/CVE-2024-2973.json create mode 100644 2024/30xxx/CVE-2024-30271.json create mode 100644 2024/30xxx/CVE-2024-30378.json create mode 100644 2024/30xxx/CVE-2024-30379.json create mode 100644 2024/30xxx/CVE-2024-30380.json create mode 100644 2024/30xxx/CVE-2024-30381.json create mode 100644 2024/30xxx/CVE-2024-30382.json create mode 100644 2024/30xxx/CVE-2024-30383.json create mode 100644 2024/30xxx/CVE-2024-30384.json create mode 100644 2024/30xxx/CVE-2024-30385.json create mode 100644 2024/30xxx/CVE-2024-30386.json create mode 100644 2024/30xxx/CVE-2024-30387.json create mode 100644 2024/30xxx/CVE-2024-30388.json create mode 100644 2024/30xxx/CVE-2024-30389.json create mode 100644 2024/30xxx/CVE-2024-30390.json create mode 100644 2024/30xxx/CVE-2024-30391.json create mode 100644 2024/30xxx/CVE-2024-30392.json create mode 100644 2024/30xxx/CVE-2024-30393.json create mode 100644 2024/30xxx/CVE-2024-30394.json create mode 100644 2024/30xxx/CVE-2024-30395.json create mode 100644 2024/30xxx/CVE-2024-30396.json create mode 100644 2024/30xxx/CVE-2024-30397.json create mode 100644 2024/30xxx/CVE-2024-30398.json create mode 100644 2024/30xxx/CVE-2024-30399.json create mode 100644 2024/30xxx/CVE-2024-30400.json create mode 100644 2024/30xxx/CVE-2024-30401.json create mode 100644 2024/30xxx/CVE-2024-30402.json create mode 100644 2024/30xxx/CVE-2024-30403.json create mode 100644 2024/30xxx/CVE-2024-30404.json create mode 100644 2024/30xxx/CVE-2024-30405.json create mode 100644 2024/30xxx/CVE-2024-30406.json create mode 100644 2024/30xxx/CVE-2024-30407.json create mode 100644 2024/30xxx/CVE-2024-30408.json create mode 100644 2024/30xxx/CVE-2024-30409.json diff --git a/2021/26xxx/CVE-2021-26931.json b/2021/26xxx/CVE-2021-26931.json index 5b477c00d53..ee130991718 100644 --- a/2021/26xxx/CVE-2021-26931.json +++ b/2021/26xxx/CVE-2021-26931.json @@ -86,16 +86,6 @@ "refsource": "MISC", "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7c77474b2d22176d2bfb592ec74e0f2cb71352c9", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7c77474b2d22176d2bfb592ec74e0f2cb71352c9" - }, - { - "refsource": "MISC", - "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a264285ed1cd32e26d9de4f3c8c6855e467fd63", - "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5a264285ed1cd32e26d9de4f3c8c6855e467fd63" - }, - { - "refsource": "MISC", - "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3194a1746e8aabe86075fd3c5e7cf1f4632d7f16", - "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3194a1746e8aabe86075fd3c5e7cf1f4632d7f16" } ] } diff --git a/2022/23xxx/CVE-2022-23222.json b/2022/23xxx/CVE-2022-23222.json index 14cb3e22fdc..61c0f9d26ca 100644 --- a/2022/23xxx/CVE-2022-23222.json +++ b/2022/23xxx/CVE-2022-23222.json @@ -101,6 +101,16 @@ "refsource": "MLIST", "name": "[oss-security] 20220607 Re: Linux Kernel eBPF Improper Input Validation Vulnerability", "url": "http://www.openwall.com/lists/oss-security/2022/06/07/3" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=64620e0a1e712a778095bd35cbb277dc2259281f", + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=64620e0a1e712a778095bd35cbb277dc2259281f" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1194765", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1194765" } ] } diff --git a/2023/40xxx/CVE-2023-40547.json b/2023/40xxx/CVE-2023-40547.json index 015f6993c38..7e6523af296 100644 --- a/2023/40xxx/CVE-2023-40547.json +++ b/2023/40xxx/CVE-2023-40547.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "Out-of-bounds Write", - "cweId": "CWE-787" + "value": "Out-of-bounds Read", + "cweId": "CWE-125" } ] } diff --git a/2023/40xxx/CVE-2023-40548.json b/2023/40xxx/CVE-2023-40548.json index 7553f386f4e..e599db458ea 100644 --- a/2023/40xxx/CVE-2023-40548.json +++ b/2023/40xxx/CVE-2023-40548.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "Integer Overflow or Wraparound", - "cweId": "CWE-190" + "value": "Out-of-bounds Write", + "cweId": "CWE-787" } ] } diff --git a/2023/4xxx/CVE-2023-4194.json b/2023/4xxx/CVE-2023-4194.json index f26df7ddc0c..6b01d9d685d 100644 --- a/2023/4xxx/CVE-2023-4194.json +++ b/2023/4xxx/CVE-2023-4194.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "Incorrect Authorization", - "cweId": "CWE-863" + "value": "Access of Resource Using Incompatible Type ('Type Confusion')", + "cweId": "CWE-843" } ] } diff --git a/2023/50xxx/CVE-2023-50702.json b/2023/50xxx/CVE-2023-50702.json index d4cb5803dd7..b827548ee3d 100644 --- a/2023/50xxx/CVE-2023-50702.json +++ b/2023/50xxx/CVE-2023-50702.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50702", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50702", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\\SSCService). Consequently, low-privileged users can execute arbitrary code as LocalSystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.youtube.com/watch?v=3dCoV33y1WY", + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3dCoV33y1WY" } ] } diff --git a/2023/52xxx/CVE-2023-52159.json b/2023/52xxx/CVE-2023-52159.json index ae029eae943..ea009c7f224 100644 --- a/2023/52xxx/CVE-2023-52159.json +++ b/2023/52xxx/CVE-2023-52159.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://codeberg.org/bizdelnick/gross/wiki/Known-vulnerabilities#cve-2023-52159", "url": "https://codeberg.org/bizdelnick/gross/wiki/Known-vulnerabilities#cve-2023-52159" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20240325 [SECURITY] [DLA 3774-1] gross security update", + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00027.html" } ] } diff --git a/2023/6xxx/CVE-2023-6240.json b/2023/6xxx/CVE-2023-6240.json index 06ace7674a0..df700c4fc70 100644 --- a/2023/6xxx/CVE-2023-6240.json +++ b/2023/6xxx/CVE-2023-6240.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "Use of a Broken or Risky Cryptographic Algorithm", - "cweId": "CWE-327" + "value": "Observable Discrepancy", + "cweId": "CWE-203" } ] } diff --git a/2023/6xxx/CVE-2023-6780.json b/2023/6xxx/CVE-2023-6780.json index d4271eed610..016a8c9dce0 100644 --- a/2023/6xxx/CVE-2023-6780.json +++ b/2023/6xxx/CVE-2023-6780.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "Integer Overflow or Wraparound", - "cweId": "CWE-190" + "value": "Incorrect Calculation of Buffer Size", + "cweId": "CWE-131" } ] } diff --git a/2023/7xxx/CVE-2023-7216.json b/2023/7xxx/CVE-2023-7216.json index 390da984de5..02a5151a4ad 100644 --- a/2023/7xxx/CVE-2023-7216.json +++ b/2023/7xxx/CVE-2023-7216.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", - "cweId": "CWE-22" + "value": "Improper Link Resolution Before File Access ('Link Following')", + "cweId": "CWE-59" } ] } diff --git a/2024/21xxx/CVE-2024-21912.json b/2024/21xxx/CVE-2024-21912.json index 71219683f7d..e57aa5d4e56 100644 --- a/2024/21xxx/CVE-2024-21912.json +++ b/2024/21xxx/CVE-2024-21912.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21912", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@rockwellautomation.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "Arena Simulation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Version 16.00 - 16.20.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html", + "refsource": "MISC", + "name": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to v16.20.03" + } + ], + "value": "Update to v16.20.03" + } + ], + "credits": [ + { + "lang": "en", + "value": "Michael Heinzl" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/21xxx/CVE-2024-21913.json b/2024/21xxx/CVE-2024-21913.json index 4f550d1f3e7..1d81b6899ab 100644 --- a/2024/21xxx/CVE-2024-21913.json +++ b/2024/21xxx/CVE-2024-21913.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21913", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@rockwellautomation.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nA heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "Arena Simulation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Version 16.00 - 16.20.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html", + "refsource": "MISC", + "name": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to v16.20.03" + } + ], + "value": "Update to v16.20.03" + } + ], + "credits": [ + { + "lang": "en", + "value": "Michael Heinzl" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/21xxx/CVE-2024-21918.json b/2024/21xxx/CVE-2024-21918.json index ed6b5c0d04c..3d9b8f123ea 100644 --- a/2024/21xxx/CVE-2024-21918.json +++ b/2024/21xxx/CVE-2024-21918.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21918", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@rockwellautomation.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nA memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "Arena Simulation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Version 16.00 - 16.20.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html", + "refsource": "MISC", + "name": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to v16.20.03" + } + ], + "value": "Update to v16.20.03" + } + ], + "credits": [ + { + "lang": "en", + "value": "Michael Heinzl" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/21xxx/CVE-2024-21919.json b/2024/21xxx/CVE-2024-21919.json index af81270b473..bf94329321a 100644 --- a/2024/21xxx/CVE-2024-21919.json +++ b/2024/21xxx/CVE-2024-21919.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21919", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@rockwellautomation.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-824 Access of Uninitialized Pointer", + "cweId": "CWE-824" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "Arena Simulation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Version 16.00 - 16.20.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html", + "refsource": "MISC", + "name": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to v16.20.03" + } + ], + "value": "Update to v16.20.03" + } + ], + "credits": [ + { + "lang": "en", + "value": "Michael Heinzl" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/21xxx/CVE-2024-21920.json b/2024/21xxx/CVE-2024-21920.json index 5dc9a4df1f2..33f029f9048 100644 --- a/2024/21xxx/CVE-2024-21920.json +++ b/2024/21xxx/CVE-2024-21920.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21920", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@rockwellautomation.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\n\nA memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "Arena Simulation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Version 16.00 - 16.20.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html", + "refsource": "MISC", + "name": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n\n\n" + } + ], + "value": "\n * Do not open untrusted files from unknown sources.\n * For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability.\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Michael Heinzl" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/25xxx/CVE-2024-25002.json b/2024/25xxx/CVE-2024-25002.json index 94fdf24c66b..449f75bcb9d 100644 --- a/2024/25xxx/CVE-2024-25002.json +++ b/2024/25xxx/CVE-2024-25002.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "Network Synchronizer Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "9.30" + } + ] + } + }, + { + "product_name": "Network Synchronizer Standard", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "9.30" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-152190.html", + "refsource": "MISC", + "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-152190.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/25xxx/CVE-2024-25136.json b/2024/25xxx/CVE-2024-25136.json index b1e2e80207d..bfeadf96cc6 100644 --- a/2024/25xxx/CVE-2024-25136.json +++ b/2024/25xxx/CVE-2024-25136.json @@ -1,17 +1,228 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25136", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nThere is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AutomationDirect", + "product": { + "product_data": [ + { + "product_name": "C-MORE EA9 HMI EA9-T6CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T7CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA0-T7CL-R", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T8CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T10CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T10WCL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T12CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T15CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T15CL-R", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-RHMI", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-PGMSW", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01", + "refsource": "MISC", + "name": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "ICSA-24-086-01", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nAutomation-Direct recommends that users update C-MORE EA9 HMI to V6.78.\n\n
" + } + ], + "value": "\nAutomation-Direct recommends that users update C-MORE EA9 HMI to V6.78 https://www.automationdirect.com/support/software-downloads .\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Tomer Goldschmidt of Claroty Research - Team82 reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/25xxx/CVE-2024-25137.json b/2024/25xxx/CVE-2024-25137.json index bae206e7627..6ab86ed4120 100644 --- a/2024/25xxx/CVE-2024-25137.json +++ b/2024/25xxx/CVE-2024-25137.json @@ -1,17 +1,228 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25137", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nIn AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AutomationDirect", + "product": { + "product_data": [ + { + "product_name": "C-MORE EA9 HMI EA9-T6CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T7CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA0-T7CL-R", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T8CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T10CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T10WCL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T12CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T15CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T15CL-R", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-RHMI", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-PGMSW", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01", + "refsource": "MISC", + "name": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "ICSA-24-086-01", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nAutomation-Direct recommends that users update C-MORE EA9 HMI to V6.78.\n\n
" + } + ], + "value": "\nAutomation-Direct recommends that users update C-MORE EA9 HMI to V6.78 https://www.automationdirect.com/support/software-downloads .\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Tomer Goldschmidt of Claroty Research - Team82 reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/25xxx/CVE-2024-25138.json b/2024/25xxx/CVE-2024-25138.json index cf44335fbe9..784e3d4c6b9 100644 --- a/2024/25xxx/CVE-2024-25138.json +++ b/2024/25xxx/CVE-2024-25138.json @@ -1,17 +1,228 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25138", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nIn AutomationDirect C-MORE EA9 HMI, \n\ncredentials used by the platform are stored as plain text on the device.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256", + "cweId": "CWE-256" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AutomationDirect", + "product": { + "product_data": [ + { + "product_name": "C-MORE EA9 HMI EA9-T6CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T7CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA0-T7CL-R", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T8CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T10CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T10WCL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T12CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T15CL", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-T15CL-R", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-RHMI", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + }, + { + "product_name": "C-MORE EA9 HMI EA9-PGMSW", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "6.77" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01", + "refsource": "MISC", + "name": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "ICSA-24-086-01", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nAutomation-Direct recommends that users update C-MORE EA9 HMI to V6.78.\n\n
" + } + ], + "value": "\nAutomation-Direct recommends that users update C-MORE EA9 HMI to V6.78 https://www.automationdirect.com/support/software-downloads .\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Tomer Goldschmidt of Claroty Research - Team82 reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/25xxx/CVE-2024-25175.json b/2024/25xxx/CVE-2024-25175.json index 217a8d55455..f1d6913a4b2 100644 --- a/2024/25xxx/CVE-2024-25175.json +++ b/2024/25xxx/CVE-2024-25175.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25175", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25175", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.kickidler.com/", + "refsource": "MISC", + "name": "https://www.kickidler.com/" + }, + { + "refsource": "MISC", + "name": "https://github.com/jet-pentest/CVE-2024-25175", + "url": "https://github.com/jet-pentest/CVE-2024-25175" } ] } diff --git a/2024/25xxx/CVE-2024-25956.json b/2024/25xxx/CVE-2024-25956.json index 4369b05238c..3dbbd7d488e 100644 --- a/2024/25xxx/CVE-2024-25956.json +++ b/2024/25xxx/CVE-2024-25956.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25956", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Grab for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "N/A", + "version_value": "5.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/25xxx/CVE-2024-25957.json b/2024/25xxx/CVE-2024-25957.json index 51cf653c9be..a405266fe03 100644 --- a/2024/25xxx/CVE-2024-25957.json +++ b/2024/25xxx/CVE-2024-25957.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25957", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532: Insertion of Sensitive Information into Log File", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Grab for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "N/A", + "version_value": "5.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/25xxx/CVE-2024-25958.json b/2024/25xxx/CVE-2024-25958.json index 8a5b8204490..b6039ffcba5 100644 --- a/2024/25xxx/CVE-2024-25958.json +++ b/2024/25xxx/CVE-2024-25958.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25958", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276: Incorrect Default Permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Grab for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "N/A", + "version_value": "5.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000223508/dsa-2024-121-security-update-for-grab-for-windows-vulnerabilities" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/26xxx/CVE-2024-26577.json b/2024/26xxx/CVE-2024-26577.json index aeb8407b587..c41978f8752 100644 --- a/2024/26xxx/CVE-2024-26577.json +++ b/2024/26xxx/CVE-2024-26577.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-26577", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-26577", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/guusec/VSeeDoS", + "refsource": "MISC", + "name": "https://github.com/guusec/VSeeDoS" } ] } diff --git a/2024/26xxx/CVE-2024-26644.json b/2024/26xxx/CVE-2024-26644.json index 42793a54808..3b142408828 100644 --- a/2024/26xxx/CVE-2024-26644.json +++ b/2024/26xxx/CVE-2024-26644.json @@ -1,18 +1,136 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't abort filesystem when attempting to snapshot deleted subvolume\n\nIf the source file descriptor to the snapshot ioctl refers to a deleted\nsubvolume, we get the following abort:\n\n BTRFS: Transaction aborted (error -2)\n WARNING: CPU: 0 PID: 833 at fs/btrfs/transaction.c:1875 create_pending_snapshot+0x1040/0x1190 [btrfs]\n Modules linked in: pata_acpi btrfs ata_piix libata scsi_mod virtio_net blake2b_generic xor net_failover virtio_rng failover scsi_common rng_core raid6_pq libcrc32c\n CPU: 0 PID: 833 Comm: t_snapshot_dele Not tainted 6.7.0-rc6 #2\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014\n RIP: 0010:create_pending_snapshot+0x1040/0x1190 [btrfs]\n RSP: 0018:ffffa09c01337af8 EFLAGS: 00010282\n RAX: 0000000000000000 RBX: ffff9982053e7c78 RCX: 0000000000000027\n RDX: ffff99827dc20848 RSI: 0000000000000001 RDI: ffff99827dc20840\n RBP: ffffa09c01337c00 R08: 0000000000000000 R09: ffffa09c01337998\n R10: 0000000000000003 R11: ffffffffb96da248 R12: fffffffffffffffe\n R13: ffff99820535bb28 R14: ffff99820b7bd000 R15: ffff99820381ea80\n FS: 00007fe20aadabc0(0000) GS:ffff99827dc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000559a120b502f CR3: 00000000055b6000 CR4: 00000000000006f0\n Call Trace:\n \n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n ? __warn+0x81/0x130\n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n ? report_bug+0x171/0x1a0\n ? handle_bug+0x3a/0x70\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n create_pending_snapshots+0x92/0xc0 [btrfs]\n btrfs_commit_transaction+0x66b/0xf40 [btrfs]\n btrfs_mksubvol+0x301/0x4d0 [btrfs]\n btrfs_mksnapshot+0x80/0xb0 [btrfs]\n __btrfs_ioctl_snap_create+0x1c2/0x1d0 [btrfs]\n btrfs_ioctl_snap_create_v2+0xc4/0x150 [btrfs]\n btrfs_ioctl+0x8a6/0x2650 [btrfs]\n ? kmem_cache_free+0x22/0x340\n ? do_sys_openat2+0x97/0xe0\n __x64_sys_ioctl+0x97/0xd0\n do_syscall_64+0x46/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n RIP: 0033:0x7fe20abe83af\n RSP: 002b:00007ffe6eff1360 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fe20abe83af\n RDX: 00007ffe6eff23c0 RSI: 0000000050009417 RDI: 0000000000000003\n RBP: 0000000000000003 R08: 0000000000000000 R09: 00007fe20ad16cd0\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007ffe6eff13c0 R14: 00007fe20ad45000 R15: 0000559a120b6d58\n \n ---[ end trace 0000000000000000 ]---\n BTRFS: error (device vdc: state A) in create_pending_snapshot:1875: errno=-2 No such entry\n BTRFS info (device vdc: state EA): forced readonly\n BTRFS warning (device vdc: state EA): Skipping commit of aborted transaction.\n BTRFS: error (device vdc: state EA) in cleanup_transaction:2055: errno=-2 No such entry\n\nThis happens because create_pending_snapshot() initializes the new root\nitem as a copy of the source root item. This includes the refs field,\nwhich is 0 for a deleted subvolume. The call to btrfs_insert_root()\ntherefore inserts a root with refs == 0. btrfs_get_new_fs_root() then\nfinds the root and returns -ENOENT if refs == 0, which causes\ncreate_pending_snapshot() to abort.\n\nFix it by checking the source root's refs before attempting the\nsnapshot, but after locking subvol_sem to avoid racing with deletion." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f4", + "version_value": "2bdf872bcfe6" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.10.210", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.149", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.76", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.15", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.3", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/2bdf872bcfe629a6202ffd6641615a8ed00e8464", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2bdf872bcfe629a6202ffd6641615a8ed00e8464" + }, + { + "url": "https://git.kernel.org/stable/c/0877497dc97834728e1b528ddf1e1c484292c29c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0877497dc97834728e1b528ddf1e1c484292c29c" + }, + { + "url": "https://git.kernel.org/stable/c/6e6bca99e8d88d989a7cde4c064abea552d5219b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/6e6bca99e8d88d989a7cde4c064abea552d5219b" + }, + { + "url": "https://git.kernel.org/stable/c/ec794a7528199e1be6d47bec03f4755aa75df256", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ec794a7528199e1be6d47bec03f4755aa75df256" + }, + { + "url": "https://git.kernel.org/stable/c/d8680b722f0ff6d7a01ddacc1844e0d52354d6ff", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d8680b722f0ff6d7a01ddacc1844e0d52354d6ff" + }, + { + "url": "https://git.kernel.org/stable/c/7081929ab2572920e94d70be3d332e5c9f97095a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7081929ab2572920e94d70be3d332e5c9f97095a" + } + ] + }, + "generator": { + "engine": "bippy-b4257b672505" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26645.json b/2024/26xxx/CVE-2024-26645.json index d9925ddc539..9756eea2865 100644 --- a/2024/26xxx/CVE-2024-26645.json +++ b/2024/26xxx/CVE-2024-26645.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26645", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Ensure visibility when inserting an element into tracing_map\n\nRunning the following two commands in parallel on a multi-processor\nAArch64 machine can sporadically produce an unexpected warning about\nduplicate histogram entries:\n\n $ while true; do\n echo hist:key=id.syscall:val=hitcount > \\\n /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger\n cat /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/hist\n sleep 0.001\n done\n $ stress-ng --sysbadaddr $(nproc)\n\nThe warning looks as follows:\n\n[ 2911.172474] ------------[ cut here ]------------\n[ 2911.173111] Duplicates detected: 1\n[ 2911.173574] WARNING: CPU: 2 PID: 12247 at kernel/trace/tracing_map.c:983 tracing_map_sort_entries+0x3e0/0x408\n[ 2911.174702] Modules linked in: iscsi_ibft(E) iscsi_boot_sysfs(E) rfkill(E) af_packet(E) nls_iso8859_1(E) nls_cp437(E) vfat(E) fat(E) ena(E) tiny_power_button(E) qemu_fw_cfg(E) button(E) fuse(E) efi_pstore(E) ip_tables(E) x_tables(E) xfs(E) libcrc32c(E) aes_ce_blk(E) aes_ce_cipher(E) crct10dif_ce(E) polyval_ce(E) polyval_generic(E) ghash_ce(E) gf128mul(E) sm4_ce_gcm(E) sm4_ce_ccm(E) sm4_ce(E) sm4_ce_cipher(E) sm4(E) sm3_ce(E) sm3(E) sha3_ce(E) sha512_ce(E) sha512_arm64(E) sha2_ce(E) sha256_arm64(E) nvme(E) sha1_ce(E) nvme_core(E) nvme_auth(E) t10_pi(E) sg(E) scsi_mod(E) scsi_common(E) efivarfs(E)\n[ 2911.174738] Unloaded tainted modules: cppc_cpufreq(E):1\n[ 2911.180985] CPU: 2 PID: 12247 Comm: cat Kdump: loaded Tainted: G E 6.7.0-default #2 1b58bbb22c97e4399dc09f92d309344f69c44a01\n[ 2911.182398] Hardware name: Amazon EC2 c7g.8xlarge/, BIOS 1.0 11/1/2018\n[ 2911.183208] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 2911.184038] pc : tracing_map_sort_entries+0x3e0/0x408\n[ 2911.184667] lr : tracing_map_sort_entries+0x3e0/0x408\n[ 2911.185310] sp : ffff8000a1513900\n[ 2911.185750] x29: ffff8000a1513900 x28: ffff0003f272fe80 x27: 0000000000000001\n[ 2911.186600] x26: ffff0003f272fe80 x25: 0000000000000030 x24: 0000000000000008\n[ 2911.187458] x23: ffff0003c5788000 x22: ffff0003c16710c8 x21: ffff80008017f180\n[ 2911.188310] x20: ffff80008017f000 x19: ffff80008017f180 x18: ffffffffffffffff\n[ 2911.189160] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000a15134b8\n[ 2911.190015] x14: 0000000000000000 x13: 205d373432323154 x12: 5b5d313131333731\n[ 2911.190844] x11: 00000000fffeffff x10: 00000000fffeffff x9 : ffffd1b78274a13c\n[ 2911.191716] x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 000000000057ffa8\n[ 2911.192554] x5 : ffff0012f6c24ec0 x4 : 0000000000000000 x3 : ffff2e5b72b5d000\n[ 2911.193404] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0003ff254480\n[ 2911.194259] Call trace:\n[ 2911.194626] tracing_map_sort_entries+0x3e0/0x408\n[ 2911.195220] hist_show+0x124/0x800\n[ 2911.195692] seq_read_iter+0x1d4/0x4e8\n[ 2911.196193] seq_read+0xe8/0x138\n[ 2911.196638] vfs_read+0xc8/0x300\n[ 2911.197078] ksys_read+0x70/0x108\n[ 2911.197534] __arm64_sys_read+0x24/0x38\n[ 2911.198046] invoke_syscall+0x78/0x108\n[ 2911.198553] el0_svc_common.constprop.0+0xd0/0xf8\n[ 2911.199157] do_el0_svc+0x28/0x40\n[ 2911.199613] el0_svc+0x40/0x178\n[ 2911.200048] el0t_64_sync_handler+0x13c/0x158\n[ 2911.200621] el0t_64_sync+0x1a8/0x1b0\n[ 2911.201115] ---[ end trace 0000000000000000 ]---\n\nThe problem appears to be caused by CPU reordering of writes issued from\n__tracing_map_insert().\n\nThe check for the presence of an element with a given key in this\nfunction is:\n\n val = READ_ONCE(entry->val);\n if (val && keys_match(key, val->key, map->key_size)) ...\n\nThe write of a new entry is:\n\n elt = get_free_elt(map);\n memcpy(elt->key, key, map->key_size);\n entry->val = elt;\n\nThe \"memcpy(elt->key, key, map->key_size);\" and \"entry->val = elt;\"\nstores may become visible in the reversed order on another CPU. This\nsecond CPU might then incorrectly determine that a new key doesn't match\nan already present val->key and subse\n---truncated---" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "c193707dde77", + "version_value": "5022b331c041" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.17", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.17", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.307", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.269", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.210", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.149", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.76", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.15", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.3", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/5022b331c041e8c54b9a6a3251579bd1e8c0fc0b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5022b331c041e8c54b9a6a3251579bd1e8c0fc0b" + }, + { + "url": "https://git.kernel.org/stable/c/dad9b28f675ed99b4dec261db2a397efeb80b74c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/dad9b28f675ed99b4dec261db2a397efeb80b74c" + }, + { + "url": "https://git.kernel.org/stable/c/ef70dfa0b1e5084f32635156c9a5c795352ad860", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ef70dfa0b1e5084f32635156c9a5c795352ad860" + }, + { + "url": "https://git.kernel.org/stable/c/aef1cb00856ccfd614467cfb50b791278992e177", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/aef1cb00856ccfd614467cfb50b791278992e177" + }, + { + "url": "https://git.kernel.org/stable/c/f4f7e696db0274ff560482cc52eddbf0551d4b7a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f4f7e696db0274ff560482cc52eddbf0551d4b7a" + }, + { + "url": "https://git.kernel.org/stable/c/a1eebe76e187dbe11ca299f8dbb6e45d5b1889e7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a1eebe76e187dbe11ca299f8dbb6e45d5b1889e7" + }, + { + "url": "https://git.kernel.org/stable/c/bf4aeff7da85c3becd39fb73bac94122331c30fb", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bf4aeff7da85c3becd39fb73bac94122331c30fb" + }, + { + "url": "https://git.kernel.org/stable/c/2b44760609e9eaafc9d234a6883d042fc21132a7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2b44760609e9eaafc9d234a6883d042fc21132a7" + } + ] + }, + "generator": { + "engine": "bippy-b4257b672505" } } \ No newline at end of file diff --git a/2024/27xxx/CVE-2024-27455.json b/2024/27xxx/CVE-2024-27455.json index 3cab14e780e..18cbad12829 100644 --- a/2024/27xxx/CVE-2024-27455.json +++ b/2024/27xxx/CVE-2024-27455.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.02.03 and Assetwise Information Integrity Server 23.00.04.04." + "value": "In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03." } ] }, diff --git a/2024/28xxx/CVE-2024-28387.json b/2024/28xxx/CVE-2024-28387.json index e692b380078..9ef08358340 100644 --- a/2024/28xxx/CVE-2024-28387.json +++ b/2024/28xxx/CVE-2024-28387.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28387", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28387", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://axonaut.com/integration/detail/prestashop", + "refsource": "MISC", + "name": "https://axonaut.com/integration/detail/prestashop" + }, + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/03/19/axonaut.html", + "url": "https://security.friendsofpresta.org/modules/2024/03/19/axonaut.html" } ] } diff --git a/2024/28xxx/CVE-2024-28434.json b/2024/28xxx/CVE-2024-28434.json index 8df0df25e99..83bb86f7247 100644 --- a/2024/28xxx/CVE-2024-28434.json +++ b/2024/28xxx/CVE-2024-28434.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28434", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28434", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/twentyhq/twenty", + "refsource": "MISC", + "name": "https://github.com/twentyhq/twenty" + }, + { + "refsource": "MISC", + "name": "https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28434", + "url": "https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28434" } ] } diff --git a/2024/28xxx/CVE-2024-28435.json b/2024/28xxx/CVE-2024-28435.json index ec1d8b57233..0b27a79f1ea 100644 --- a/2024/28xxx/CVE-2024-28435.json +++ b/2024/28xxx/CVE-2024-28435.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28435", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28435", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/twentyhq/twenty", + "refsource": "MISC", + "name": "https://github.com/twentyhq/twenty" + }, + { + "refsource": "MISC", + "name": "https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28435", + "url": "https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28435" } ] } diff --git a/2024/29xxx/CVE-2024-29197.json b/2024/29xxx/CVE-2024-29197.json index 2aa558ba310..dad38173c40 100644 --- a/2024/29xxx/CVE-2024-29197.json +++ b/2024/29xxx/CVE-2024-29197.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29197", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and 11.1.6.1.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pimcore", + "product": { + "product_data": [ + { + "product_name": "pimcore", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 11.0.0, < 11.1.6.1" + }, + { + "version_affected": "=", + "version_value": ">= 11.2.0, < 11.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-5737-rqv4-v445", + "refsource": "MISC", + "name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-5737-rqv4-v445" + }, + { + "url": "https://github.com/pimcore/pimcore/commit/3ae43fb1065f9eb62ad2f542b883858d36d57e53", + "refsource": "MISC", + "name": "https://github.com/pimcore/pimcore/commit/3ae43fb1065f9eb62ad2f542b883858d36d57e53" + } + ] + }, + "source": { + "advisory": "GHSA-5737-rqv4-v445", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29808.json b/2024/29xxx/CVE-2024-29808.json index db62c3000ac..cd863350ec9 100644 --- a/2024/29xxx/CVE-2024-29808.json +++ b/2024/29xxx/CVE-2024-29808.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29808", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@appcheck-ng.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "10Web", + "product": { + "product_data": [ + { + "product_name": "PhotoGallery", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.1", + "version_value": "1.8.21" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/", + "refsource": "MISC", + "name": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/" + }, + { + "url": "https://wordpress.org/plugins/photo-gallery/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/photo-gallery/#developers" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.15" + }, + "credits": [ + { + "lang": "en", + "value": "AppCheck Ltd." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/29xxx/CVE-2024-29809.json b/2024/29xxx/CVE-2024-29809.json index a9e466d3396..e371509c401 100644 --- a/2024/29xxx/CVE-2024-29809.json +++ b/2024/29xxx/CVE-2024-29809.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29809", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@appcheck-ng.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "10Web", + "product": { + "product_data": [ + { + "product_name": "PhotoGallery", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.1", + "version_value": "1.8.21" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/", + "refsource": "MISC", + "name": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/" + }, + { + "url": "https://wordpress.org/plugins/photo-gallery/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/photo-gallery/#developers" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.15" + }, + "credits": [ + { + "lang": "en", + "value": "AppCheck Ltd." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/29xxx/CVE-2024-29810.json b/2024/29xxx/CVE-2024-29810.json index 3ee77b13385..4f3e54166b5 100644 --- a/2024/29xxx/CVE-2024-29810.json +++ b/2024/29xxx/CVE-2024-29810.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29810", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@appcheck-ng.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "10Web", + "product": { + "product_data": [ + { + "product_name": "PhotoGallery", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.1", + "version_value": "1.8.21" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/", + "refsource": "MISC", + "name": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/" + }, + { + "url": "https://wordpress.org/plugins/photo-gallery/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/photo-gallery/#developers" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.15" + }, + "credits": [ + { + "lang": "en", + "value": "AppCheck Ltd." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/29xxx/CVE-2024-29832.json b/2024/29xxx/CVE-2024-29832.json index d456054f257..2b62b783234 100644 --- a/2024/29xxx/CVE-2024-29832.json +++ b/2024/29xxx/CVE-2024-29832.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29832", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@appcheck-ng.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue.\nNote that other parameters within a AJAX call, such as image_id, must be valid for this vulnerability to be successfully exploited." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "10Web", + "product": { + "product_data": [ + { + "product_name": "PhotoGallery", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.1", + "version_value": "1.8.21" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/", + "refsource": "MISC", + "name": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/" + }, + { + "url": "https://wordpress.org/plugins/photo-gallery/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/photo-gallery/#developers" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.15" + }, + "credits": [ + { + "lang": "en", + "value": "AppCheck Ltd." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/29xxx/CVE-2024-29833.json b/2024/29xxx/CVE-2024-29833.json index 8b5115f32f9..f9fd175320b 100644 --- a/2024/29xxx/CVE-2024-29833.json +++ b/2024/29xxx/CVE-2024-29833.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29833", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@appcheck-ng.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "10Web", + "product": { + "product_data": [ + { + "product_name": "PhotoGallery", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.1", + "version_value": "1.8.21" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/", + "refsource": "MISC", + "name": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/" + }, + { + "url": "https://wordpress.org/plugins/photo-gallery/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/photo-gallery/#developers" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.15" + }, + "credits": [ + { + "lang": "en", + "value": "AppCheck Ltd." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/2xxx/CVE-2024-2212.json b/2024/2xxx/CVE-2024-2212.json index d89a3e57d15..2b3c6c91c99 100644 --- a/2024/2xxx/CVE-2024-2212.json +++ b/2024/2xxx/CVE-2024-2212.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2212", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@eclipse.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() \nfunctions from the FreeRTOS compatibility API \n(utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing \nparameter checks. This could lead to integer wraparound, \nunder-allocations and heap buffer overflows.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Eclipse Foundation", + "product": { + "product_data": [ + { + "product_name": "ThreadX", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "6.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6", + "refsource": "MISC", + "name": "https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Marco Ivaldi" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2214.json b/2024/2xxx/CVE-2024-2214.json index 825dcb17f03..5e21f7c506a 100644 --- a/2024/2xxx/CVE-2024-2214.json +++ b/2024/2xxx/CVE-2024-2214.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2214", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@eclipse.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the \nXtensa port was missing an array size check causing a memory overwrite. \nThe affected file was ports/xtensa/xcc/src/tx_clib_lock.c\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-129 Improper Validation of Array Index", + "cweId": "CWE-129" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Eclipse Foundation", + "product": { + "product_data": [ + { + "product_name": "ThreadX", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "6.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x", + "refsource": "MISC", + "name": "https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Marco Ivaldi" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2452.json b/2024/2xxx/CVE-2024-2452.json index 4d4ef397dd9..58a8c6ac2d4 100644 --- a/2024/2xxx/CVE-2024-2452.json +++ b/2024/2xxx/CVE-2024-2452.json @@ -1,17 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2452", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@eclipse.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control \nparameters of __portable_aligned_alloc() could cause an integer \nwrap-around and an allocation smaller than expected. This could cause \nsubsequent heap buffer overflows.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Eclipse Foundation", + "product": { + "product_data": [ + { + "product_name": "ThreadX", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "6.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-h963-7vhw-8rpx", + "refsource": "MISC", + "name": "https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-h963-7vhw-8rpx" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Marco Ivaldi" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2866.json b/2024/2xxx/CVE-2024-2866.json new file mode 100644 index 00000000000..f8addf59a12 --- /dev/null +++ b/2024/2xxx/CVE-2024-2866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2892.json b/2024/2xxx/CVE-2024-2892.json new file mode 100644 index 00000000000..55e09dd941e --- /dev/null +++ b/2024/2xxx/CVE-2024-2892.json @@ -0,0 +1,110 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2892", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257935. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Tenda AC7 15.03.06.44 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion formSetCfm der Datei /goform/setcfm. Durch das Manipulieren des Arguments funcpara1 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC7", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.06.44" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257935", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257935" + }, + { + "url": "https://vuldb.com/?ctiid.257935", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257935" + }, + { + "url": "https://vuldb.com/?submit.300355", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.300355" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formSetCfm.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formSetCfm.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "wxhwxhwxh_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2915.json b/2024/2xxx/CVE-2024-2915.json new file mode 100644 index 00000000000..de65942c6bd --- /dev/null +++ b/2024/2xxx/CVE-2024-2915.json @@ -0,0 +1,70 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2915", + "ASSIGNER": "security@devolutions.net", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Devolutions", + "product": { + "product_data": [ + { + "product_name": "Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2024-0005", + "refsource": "MISC", + "name": "https://devolutions.net/security/advisories/DEVO-2024-0005" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2916.json b/2024/2xxx/CVE-2024-2916.json new file mode 100644 index 00000000000..ed70b25d404 --- /dev/null +++ b/2024/2xxx/CVE-2024-2916.json @@ -0,0 +1,110 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2916", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257982 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Campcodes House Rental Management System 1.0 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei ajax.php. Durch Beeinflussen des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "House Rental Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257982", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257982" + }, + { + "url": "https://vuldb.com/?ctiid.257982", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257982" + }, + { + "url": "https://vuldb.com/?submit.303671", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.303671" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System%20-%20vuln%201.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System%20-%20vuln%201.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2917.json b/2024/2xxx/CVE-2024-2917.json new file mode 100644 index 00000000000..f0789b39c53 --- /dev/null +++ b/2024/2xxx/CVE-2024-2917.json @@ -0,0 +1,110 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2917", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257983." + }, + { + "lang": "deu", + "value": "In Campcodes House Rental Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei index.php. Dank der Manipulation des Arguments page mit unbekannten Daten kann eine file inclusion-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-73 File Inclusion", + "cweId": "CWE-73" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Campcodes", + "product": { + "product_data": [ + { + "product_name": "House Rental Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257983", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257983" + }, + { + "url": "https://vuldb.com/?ctiid.257983", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257983" + }, + { + "url": "https://vuldb.com/?submit.303672", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.303672" + }, + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System%20-%20vuln%202.pdf", + "refsource": "MISC", + "name": "https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System%20-%20vuln%202.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2921.json b/2024/2xxx/CVE-2024-2921.json new file mode 100644 index 00000000000..bf226f36eb0 --- /dev/null +++ b/2024/2xxx/CVE-2024-2921.json @@ -0,0 +1,70 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2921", + "ASSIGNER": "security@devolutions.net", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in PAM vault permissions in Devolutions Server 2024.1.6 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Devolutions", + "product": { + "product_data": [ + { + "product_name": "Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2024-0005", + "refsource": "MISC", + "name": "https://devolutions.net/security/advisories/DEVO-2024-0005" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2924.json b/2024/2xxx/CVE-2024-2924.json new file mode 100644 index 00000000000..06b6f48086a --- /dev/null +++ b/2024/2xxx/CVE-2024-2924.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2924", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2925.json b/2024/2xxx/CVE-2024-2925.json new file mode 100644 index 00000000000..3fce0404f9e --- /dev/null +++ b/2024/2xxx/CVE-2024-2925.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2925", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2926.json b/2024/2xxx/CVE-2024-2926.json new file mode 100644 index 00000000000..d73917e3bd9 --- /dev/null +++ b/2024/2xxx/CVE-2024-2926.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2926", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2927.json b/2024/2xxx/CVE-2024-2927.json new file mode 100644 index 00000000000..8cb24a0af00 --- /dev/null +++ b/2024/2xxx/CVE-2024-2927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2928.json b/2024/2xxx/CVE-2024-2928.json new file mode 100644 index 00000000000..1720a8e272e --- /dev/null +++ b/2024/2xxx/CVE-2024-2928.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2928", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2929.json b/2024/2xxx/CVE-2024-2929.json new file mode 100644 index 00000000000..d73f4d1e797 --- /dev/null +++ b/2024/2xxx/CVE-2024-2929.json @@ -0,0 +1,120 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-2929", + "ASSIGNER": "PSIRT@rockwellautomation.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "\nA memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "Arena Simulation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Version 16.00 - 16.20.02" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html", + "refsource": "MISC", + "name": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n\n\n" + } + ], + "value": "\n * Do not open untrusted files from unknown sources.\n * For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability.\n\n\n\n\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Update to v16.20.03 to remediate the issue.

" + } + ], + "value": "Update to v16.20.03 to remediate the issue.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Michael Heinzl" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2930.json b/2024/2xxx/CVE-2024-2930.json new file mode 100644 index 00000000000..03e86b6576c --- /dev/null +++ b/2024/2xxx/CVE-2024-2930.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2930", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2931.json b/2024/2xxx/CVE-2024-2931.json new file mode 100644 index 00000000000..a0401077caa --- /dev/null +++ b/2024/2xxx/CVE-2024-2931.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2931", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2932.json b/2024/2xxx/CVE-2024-2932.json new file mode 100644 index 00000000000..fe2370f514e --- /dev/null +++ b/2024/2xxx/CVE-2024-2932.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2932", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2933.json b/2024/2xxx/CVE-2024-2933.json new file mode 100644 index 00000000000..40987841d3e --- /dev/null +++ b/2024/2xxx/CVE-2024-2933.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2933", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2934.json b/2024/2xxx/CVE-2024-2934.json new file mode 100644 index 00000000000..9053f7bb623 --- /dev/null +++ b/2024/2xxx/CVE-2024-2934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2935.json b/2024/2xxx/CVE-2024-2935.json new file mode 100644 index 00000000000..e62a56374ab --- /dev/null +++ b/2024/2xxx/CVE-2024-2935.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2935", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2972.json b/2024/2xxx/CVE-2024-2972.json new file mode 100644 index 00000000000..2d1c3bdc778 --- /dev/null +++ b/2024/2xxx/CVE-2024-2972.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2972", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2973.json b/2024/2xxx/CVE-2024-2973.json new file mode 100644 index 00000000000..ab62fd54960 --- /dev/null +++ b/2024/2xxx/CVE-2024-2973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30202.json b/2024/30xxx/CVE-2024-30202.json index 3bc6bb8fa04..ebf160d824f 100644 --- a/2024/30xxx/CVE-2024-30202.json +++ b/2024/30xxx/CVE-2024-30202.json @@ -1,71 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30202", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30202", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29", - "refsource": "MISC", - "name": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29" - }, - { - "refsource": "MISC", - "name": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9", - "url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9" - }, - { - "refsource": "MISC", - "name": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb", - "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30203.json b/2024/30xxx/CVE-2024-30203.json index 9de9aa73c6a..4b8aa792aef 100644 --- a/2024/30xxx/CVE-2024-30203.json +++ b/2024/30xxx/CVE-2024-30203.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30203", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30203", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "In Emacs before 29.3, Gnus treats inline MIME contents as trusted." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29", - "refsource": "MISC", - "name": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29" - }, - { - "refsource": "MISC", - "name": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804", - "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30204.json b/2024/30xxx/CVE-2024-30204.json index df63f7f09ed..facd91815f0 100644 --- a/2024/30xxx/CVE-2024-30204.json +++ b/2024/30xxx/CVE-2024-30204.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2024-30204", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30204", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, "description": { "description_data": [ { "lang": "eng", - "value": "In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29", - "refsource": "MISC", - "name": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29" - }, - { - "refsource": "MISC", - "name": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c", - "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/30xxx/CVE-2024-30205.json b/2024/30xxx/CVE-2024-30205.json index 04a4fdee807..b2f0f3a1270 100644 --- a/2024/30xxx/CVE-2024-30205.json +++ b/2024/30xxx/CVE-2024-30205.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23." + "value": "In Emacs before 29.3, Org mode considers contents of remote files to be trusted." } ] }, @@ -56,16 +56,6 @@ "url": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29", "refsource": "MISC", "name": "https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29" - }, - { - "refsource": "MISC", - "name": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d", - "url": "https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d" - }, - { - "refsource": "MISC", - "name": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877", - "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877" } ] } diff --git a/2024/30xxx/CVE-2024-30271.json b/2024/30xxx/CVE-2024-30271.json new file mode 100644 index 00000000000..a86d1830a05 --- /dev/null +++ b/2024/30xxx/CVE-2024-30271.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30271", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30378.json b/2024/30xxx/CVE-2024-30378.json new file mode 100644 index 00000000000..f813cfc5dbf --- /dev/null +++ b/2024/30xxx/CVE-2024-30378.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30378", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30379.json b/2024/30xxx/CVE-2024-30379.json new file mode 100644 index 00000000000..98732442917 --- /dev/null +++ b/2024/30xxx/CVE-2024-30379.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30379", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30380.json b/2024/30xxx/CVE-2024-30380.json new file mode 100644 index 00000000000..0ea8cb9e3e9 --- /dev/null +++ b/2024/30xxx/CVE-2024-30380.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30380", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30381.json b/2024/30xxx/CVE-2024-30381.json new file mode 100644 index 00000000000..5d5429df1a3 --- /dev/null +++ b/2024/30xxx/CVE-2024-30381.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30381", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30382.json b/2024/30xxx/CVE-2024-30382.json new file mode 100644 index 00000000000..9c14b7ac0d7 --- /dev/null +++ b/2024/30xxx/CVE-2024-30382.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30382", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30383.json b/2024/30xxx/CVE-2024-30383.json new file mode 100644 index 00000000000..6b2d6d0e456 --- /dev/null +++ b/2024/30xxx/CVE-2024-30383.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30383", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30384.json b/2024/30xxx/CVE-2024-30384.json new file mode 100644 index 00000000000..1d2b2b2c3ab --- /dev/null +++ b/2024/30xxx/CVE-2024-30384.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30384", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30385.json b/2024/30xxx/CVE-2024-30385.json new file mode 100644 index 00000000000..66a8f8fad46 --- /dev/null +++ b/2024/30xxx/CVE-2024-30385.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30385", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30386.json b/2024/30xxx/CVE-2024-30386.json new file mode 100644 index 00000000000..c395eca07ea --- /dev/null +++ b/2024/30xxx/CVE-2024-30386.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30386", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30387.json b/2024/30xxx/CVE-2024-30387.json new file mode 100644 index 00000000000..7f3ade163a2 --- /dev/null +++ b/2024/30xxx/CVE-2024-30387.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30387", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30388.json b/2024/30xxx/CVE-2024-30388.json new file mode 100644 index 00000000000..3399ea60348 --- /dev/null +++ b/2024/30xxx/CVE-2024-30388.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30388", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30389.json b/2024/30xxx/CVE-2024-30389.json new file mode 100644 index 00000000000..41316560843 --- /dev/null +++ b/2024/30xxx/CVE-2024-30389.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30389", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30390.json b/2024/30xxx/CVE-2024-30390.json new file mode 100644 index 00000000000..7a4ea1a98ae --- /dev/null +++ b/2024/30xxx/CVE-2024-30390.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30390", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30391.json b/2024/30xxx/CVE-2024-30391.json new file mode 100644 index 00000000000..4bdb5b2895c --- /dev/null +++ b/2024/30xxx/CVE-2024-30391.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30391", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30392.json b/2024/30xxx/CVE-2024-30392.json new file mode 100644 index 00000000000..7c24bd323ce --- /dev/null +++ b/2024/30xxx/CVE-2024-30392.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30392", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30393.json b/2024/30xxx/CVE-2024-30393.json new file mode 100644 index 00000000000..e4e25eb91fd --- /dev/null +++ b/2024/30xxx/CVE-2024-30393.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30393", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30394.json b/2024/30xxx/CVE-2024-30394.json new file mode 100644 index 00000000000..4922e76232a --- /dev/null +++ b/2024/30xxx/CVE-2024-30394.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30394", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30395.json b/2024/30xxx/CVE-2024-30395.json new file mode 100644 index 00000000000..072bb3dc149 --- /dev/null +++ b/2024/30xxx/CVE-2024-30395.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30395", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30396.json b/2024/30xxx/CVE-2024-30396.json new file mode 100644 index 00000000000..c7a1ea8e69e --- /dev/null +++ b/2024/30xxx/CVE-2024-30396.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30396", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30397.json b/2024/30xxx/CVE-2024-30397.json new file mode 100644 index 00000000000..dc73b680b68 --- /dev/null +++ b/2024/30xxx/CVE-2024-30397.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30397", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30398.json b/2024/30xxx/CVE-2024-30398.json new file mode 100644 index 00000000000..7128a113d80 --- /dev/null +++ b/2024/30xxx/CVE-2024-30398.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30398", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30399.json b/2024/30xxx/CVE-2024-30399.json new file mode 100644 index 00000000000..75427f4bc41 --- /dev/null +++ b/2024/30xxx/CVE-2024-30399.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30399", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30400.json b/2024/30xxx/CVE-2024-30400.json new file mode 100644 index 00000000000..68fd5b54d6d --- /dev/null +++ b/2024/30xxx/CVE-2024-30400.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30400", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30401.json b/2024/30xxx/CVE-2024-30401.json new file mode 100644 index 00000000000..96bba0a276a --- /dev/null +++ b/2024/30xxx/CVE-2024-30401.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30401", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30402.json b/2024/30xxx/CVE-2024-30402.json new file mode 100644 index 00000000000..aecb32bf446 --- /dev/null +++ b/2024/30xxx/CVE-2024-30402.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30402", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30403.json b/2024/30xxx/CVE-2024-30403.json new file mode 100644 index 00000000000..99ec3cc8675 --- /dev/null +++ b/2024/30xxx/CVE-2024-30403.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30403", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30404.json b/2024/30xxx/CVE-2024-30404.json new file mode 100644 index 00000000000..69a2abf42b9 --- /dev/null +++ b/2024/30xxx/CVE-2024-30404.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30404", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30405.json b/2024/30xxx/CVE-2024-30405.json new file mode 100644 index 00000000000..cf4c6f22ad4 --- /dev/null +++ b/2024/30xxx/CVE-2024-30405.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30405", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30406.json b/2024/30xxx/CVE-2024-30406.json new file mode 100644 index 00000000000..d2d857d4386 --- /dev/null +++ b/2024/30xxx/CVE-2024-30406.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30406", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30407.json b/2024/30xxx/CVE-2024-30407.json new file mode 100644 index 00000000000..4d0e5e49709 --- /dev/null +++ b/2024/30xxx/CVE-2024-30407.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30407", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30408.json b/2024/30xxx/CVE-2024-30408.json new file mode 100644 index 00000000000..d2a8607695c --- /dev/null +++ b/2024/30xxx/CVE-2024-30408.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30408", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30409.json b/2024/30xxx/CVE-2024-30409.json new file mode 100644 index 00000000000..506d70fcbd3 --- /dev/null +++ b/2024/30xxx/CVE-2024-30409.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30409", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file