admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-31 17:00:37 +00:00
parent 82586961a2
commit 4fc143ffef
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
8 changed files with 750 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

156
2024/41xxx/CVE-2024-41952.json
View File

@ -1,17 +1,165 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41952",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zitadel is an open source identity management system. ZITADEL administrators can enable a setting called \"Ignoring unknown usernames\" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report \"Username or Password invalid\". Due to a implementation change to prevent deadlocks calling the database, the flag would not be correctly respected in all cases and an attacker would gain information if an account exist within ZITADEL, since the error message shows \"object not found\" instead of the generic error message. This vulnerability is fixed in 2.58.1, 2.57.1, 2.56.2, 2.55.5, 2.54.8, and 2.53.9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203: Observable Discrepancy",
"cweId": "CWE-203"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zitadel",
"product": {
"product_data": [
{
"product_name": "zitadel",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.53.0, < 2.53.9"
},
{
"version_affected": "=",
"version_value": ">= 2.54.0, < 2.54.8"
},
{
"version_affected": "=",
"version_value": ">= 2.55.0, < 2.55.5"
},
{
"version_affected": "=",
"version_value": ">= 2.56.0, < 2.56.2"
},
{
"version_affected": "=",
"version_value": ">= 2.57.0, < 2.57.1"
},
{
"version_affected": "=",
"version_value": ">= 2.58.0, < 2.58.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-567v-6hmg-6qg7",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-567v-6hmg-6qg7"
},
{
"url": "https://github.com/zitadel/zitadel/commit/0ab0c645ef914298c343fa39cccb1290aba48bf6",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/0ab0c645ef914298c343fa39cccb1290aba48bf6"
},
{
"url": "https://github.com/zitadel/zitadel/commit/3c7d12834e32426416235b9e3374be0f4b9380b8",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/3c7d12834e32426416235b9e3374be0f4b9380b8"
},
{
"url": "https://github.com/zitadel/zitadel/commit/5c2526c98aafd1ba206be2fa4291b1d24c384f6d",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/5c2526c98aafd1ba206be2fa4291b1d24c384f6d"
},
{
"url": "https://github.com/zitadel/zitadel/commit/8565d24fd8df5bd35294313cfbfcc2e15aea20e9",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/8565d24fd8df5bd35294313cfbfcc2e15aea20e9"
},
{
"url": "https://github.com/zitadel/zitadel/commit/b0e71a81ef39667ce2a149ce037c1ca0edbe059d",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/b0e71a81ef39667ce2a149ce037c1ca0edbe059d"
},
{
"url": "https://github.com/zitadel/zitadel/commit/fc1d415b8db5b8d481bb65206ce3fc944c0eecea",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/fc1d415b8db5b8d481bb65206ce3fc944c0eecea"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.53.9",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.53.9"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.54.8",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.54.8"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.55.5",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.55.5"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.56.2",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.56.2"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.57.1",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.57.1"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.58.1",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.58.1"
}
]
},
"source": {
"advisory": "GHSA-567v-6hmg-6qg7",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

170
2024/41xxx/CVE-2024-41953.json
View File

@ -1,17 +1,179 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41953",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potentially lead to a threat where an attacker, without privileges, could send out altered notifications that are part of the registration processes. An attacker could create a malicious link, where the injected code would be rendered as part of the email. On the user's detail page, the username was also not sanitized and would also render HTML, giving an attacker the same vulnerability. While it was possible to inject HTML including javascript, the execution of such scripts would be prevented by most email clients and the Content Security Policy in Console UI. This vulnerability is fixed in 2.58.1, 2.57.1, 2.56.2, 2.55.5, 2.54.8 2.53.9, and 2.52.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zitadel",
"product": {
"product_data": [
{
"product_name": "zitadel",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.52.0, < 2.52.3"
},
{
"version_affected": "=",
"version_value": ">= 2.53.0, < 2.53.9"
},
{
"version_affected": "=",
"version_value": ">= 2.54.0, < 2.54.8"
},
{
"version_affected": "=",
"version_value": ">= 2.55.0, < 2.55.5"
},
{
"version_affected": "=",
"version_value": ">= 2.56.0, < 2.56.2"
},
{
"version_affected": "=",
"version_value": ">= 2.57.0, < 2.57.1"
},
{
"version_affected": "=",
"version_value": ">= 2.58.0, < 2.58.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-v333-7h2p-5fhv",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-v333-7h2p-5fhv"
},
{
"url": "https://github.com/zitadel/zitadel/commit/0e1f99e987b5851caec45a72660fe9f67e425747",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/0e1f99e987b5851caec45a72660fe9f67e425747"
},
{
"url": "https://github.com/zitadel/zitadel/commit/38da602ee1cfc35c0d7918c298fbfc3f3674133b",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/38da602ee1cfc35c0d7918c298fbfc3f3674133b"
},
{
"url": "https://github.com/zitadel/zitadel/commit/4b59cac67bb89c1f3f84a2041dd273d11151d29f",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/4b59cac67bb89c1f3f84a2041dd273d11151d29f"
},
{
"url": "https://github.com/zitadel/zitadel/commit/c1a3fc72dde16e987d8a09aa291e7c2edfc928f7",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/c1a3fc72dde16e987d8a09aa291e7c2edfc928f7"
},
{
"url": "https://github.com/zitadel/zitadel/commit/c353f82f89c6982c0888c6763363296cf4263cb2",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/c353f82f89c6982c0888c6763363296cf4263cb2"
},
{
"url": "https://github.com/zitadel/zitadel/commit/d04ac6df8f2f0243e649b802a8bfa6176cef0923",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/d04ac6df8f2f0243e649b802a8bfa6176cef0923"
},
{
"url": "https://github.com/zitadel/zitadel/commit/f846616a3f022e88e3ea8cea05d3254ad86f1615",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/f846616a3f022e88e3ea8cea05d3254ad86f1615"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.52.3",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.52.3"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.53.9",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.53.9"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.54.8",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.54.8"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.55.5",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.55.5"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.56.2",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.56.2"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.57.1",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.57.1"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.58.1",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.58.1"
}
]
},
"source": {
"advisory": "GHSA-v333-7h2p-5fhv",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

85
2024/6xxx/CVE-2024-6973.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability-report@catonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Input Validation vulnerability in Cato Networks SDP Client on Windows allows OS Command Injection.This issue affects Windows SDP Client: before 5.10.34."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cato Networks",
"product": {
"product_data": [
{
"product_name": "SDP Client",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.10.34"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19756987454237-CVE-2024-6973-Windows-SDP-Client-Remote-Code-Execution-via-crafted-URLs",
"refsource": "MISC",
"name": "https://support.catonetworks.com/hc/en-us/articles/19756987454237-CVE-2024-6973-Windows-SDP-Client-Remote-Code-Execution-via-crafted-URLs"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "AmberWolf"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

94
2024/6xxx/CVE-2024-6974.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6974",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability-report@catonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Untrusted Search Path, Incorrect Default Permissions vulnerability in Cato Networks SDP Client on Windows allows Privilege Escalation.This issue affects SDP Client: before 5.10.34."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path",
"cweId": "CWE-426"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cato Networks",
"product": {
"product_data": [
{
"product_name": "SDP Client",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.10.34"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19762641007133-CVE-2024-6974-Windows-SDP-Client-Local-Privilege-Escalation-via-self-upgrade",
"refsource": "MISC",
"name": "https://support.catonetworks.com/hc/en-us/articles/19762641007133-CVE-2024-6974-Windows-SDP-Client-Local-Privilege-Escalation-via-self-upgrade"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "AmberWolf"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

85
2024/6xxx/CVE-2024-6975.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6975",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability-report@catonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Untrusted Search Path vulnerability in Cato Networks SDP Client on Windows allows Privilege Escalation.This issue affects SDP Client: before 5.10.34."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path",
"cweId": "CWE-426"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cato Networks",
"product": {
"product_data": [
{
"product_name": "SDP Client",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.10.34"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19758025406621-CVE-2024-6975-Windows-SDP-Client-Local-Privilege-Escalation-via-openssl-configuration-file",
"refsource": "MISC",
"name": "https://support.catonetworks.com/hc/en-us/articles/19758025406621-CVE-2024-6975-Windows-SDP-Client-Local-Privilege-Escalation-via-openssl-configuration-file"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "AmberWolf"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

85
2024/6xxx/CVE-2024-6977.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6977",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability-report@catonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cato Networks",
"product": {
"product_data": [
{
"product_name": "SDP Client",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.10.28"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19766795729437-CVE-2024-6977-Windows-SDP-Client-Sensitive-data-in-trace-logs-can-lead-to-account-takeover",
"refsource": "MISC",
"name": "https://support.catonetworks.com/hc/en-us/articles/19766795729437-CVE-2024-6977-Windows-SDP-Client-Sensitive-data-in-trace-logs-can-lead-to-account-takeover"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "AmberWolf"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

85
2024/6xxx/CVE-2024-6978.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6978",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability-report@catonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Input Validation vulnerability in Cato Networks SDP Client on Windows allows Command Injection.This issue affects SDP Client: before 5.10.28."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cato Networks",
"product": {
"product_data": [
{
"product_name": "SDP Client",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.10.34"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19767051500957-CVE-2024-6978-Windows-SDP-Client-Local-root-certificates-can-be-installed-with-low-privileged-users",
"refsource": "MISC",
"name": "https://support.catonetworks.com/hc/en-us/articles/19767051500957-CVE-2024-6978-Windows-SDP-Client-Local-root-certificates-can-be-installed-with-low-privileged-users"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "AmberWolf"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

18
2024/7xxx/CVE-2024-7344.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7344",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}