admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-17 17:00:36 +00:00
parent 02cae939ad
commit 50753dbc4a
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
16 changed files with 2111 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

233
2024/20xxx/CVE-2024-20296.json
View File

@ -1,17 +1,242 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20296",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected device.\r\n\r This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.7.0"
},
{
"version_affected": "=",
"version_value": "2.7.0 p1"
},
{
"version_affected": "=",
"version_value": "2.7.0 p2"
},
{
"version_affected": "=",
"version_value": "2.7.0 p3"
},
{
"version_affected": "=",
"version_value": "2.7.0 p4"
},
{
"version_affected": "=",
"version_value": "2.7.0 p5"
},
{
"version_affected": "=",
"version_value": "2.7.0 p6"
},
{
"version_affected": "=",
"version_value": "2.7.0 p7"
},
{
"version_affected": "=",
"version_value": "2.7.0 p8"
},
{
"version_affected": "=",
"version_value": "2.7.0 p9"
},
{
"version_affected": "=",
"version_value": "2.7.0 p10"
},
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.0 p1"
},
{
"version_affected": "=",
"version_value": "3.0.0 p2"
},
{
"version_affected": "=",
"version_value": "3.0.0 p3"
},
{
"version_affected": "=",
"version_value": "3.0.0 p4"
},
{
"version_affected": "=",
"version_value": "3.0.0 p5"
},
{
"version_affected": "=",
"version_value": "3.0.0 p6"
},
{
"version_affected": "=",
"version_value": "3.0.0 p7"
},
{
"version_affected": "=",
"version_value": "3.0.0 p8"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.1.0 p1"
},
{
"version_affected": "=",
"version_value": "3.1.0 p3"
},
{
"version_affected": "=",
"version_value": "3.1.0 p2"
},
{
"version_affected": "=",
"version_value": "3.1.0 p4"
},
{
"version_affected": "=",
"version_value": "3.1.0 p5"
},
{
"version_affected": "=",
"version_value": "3.1.0 p6"
},
{
"version_affected": "=",
"version_value": "3.1.0 p7"
},
{
"version_affected": "=",
"version_value": "3.1.0 p8"
},
{
"version_affected": "=",
"version_value": "3.1.0 p9"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.2.0 p1"
},
{
"version_affected": "=",
"version_value": "3.2.0 p2"
},
{
"version_affected": "=",
"version_value": "3.2.0 p3"
},
{
"version_affected": "=",
"version_value": "3.2.0 p4"
},
{
"version_affected": "=",
"version_value": "3.2.0 p5"
},
{
"version_affected": "=",
"version_value": "3.2.0 p6"
},
{
"version_affected": "=",
"version_value": "3.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-krW2TxA9",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-krW2TxA9"
}
]
},
"source": {
"advisory": "cisco-sa-ise-file-upload-krW2TxA9",
"discovery": "EXTERNAL",
"defects": [
"CSCwh97876"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
}
]
}

93
2024/20xxx/CVE-2024-20323.json
View File

@ -1,17 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20323",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device.\r\n\r This vulnerability is due to the presence of hard-coded cryptographic material. An attacker in a man-in-the-middle position between Cisco iNode Manager and associated deployed nodes could exploit this vulnerability by using the static cryptographic key to generate a trusted certificate and impersonate an affected device. A successful exploit could allow the attacker to read data that is meant for a legitimate device, modify the startup configuration of an associated node, and, consequently, cause a denial of service (DoS) condition for downstream devices that are connected to the affected node."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Intelligent Node Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
},
{
"product_name": "Cisco Intelligent Node Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-inode-static-key-VUVCeynn",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-inode-static-key-VUVCeynn"
}
]
},
"source": {
"advisory": "cisco-sa-inode-static-key-VUVCeynn",
"discovery": "INTERNAL"
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

458
2024/20xxx/CVE-2024-20395.json
View File

@ -1,17 +1,467 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20395",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information.\r\n\r This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unprotected Transport of Credentials",
"cweId": "CWE-523"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Webex Teams",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.13464.0"
},
{
"version_affected": "=",
"version_value": "3.0.13538.0"
},
{
"version_affected": "=",
"version_value": "3.0.13588.0"
},
{
"version_affected": "=",
"version_value": "3.0.14154.0"
},
{
"version_affected": "=",
"version_value": "3.0.14234.0"
},
{
"version_affected": "=",
"version_value": "3.0.14375.0"
},
{
"version_affected": "=",
"version_value": "3.0.14741.0"
},
{
"version_affected": "=",
"version_value": "3.0.14866.0"
},
{
"version_affected": "=",
"version_value": "3.0.15015.0"
},
{
"version_affected": "=",
"version_value": "3.0.15036.0"
},
{
"version_affected": "=",
"version_value": "3.0.15092.0"
},
{
"version_affected": "=",
"version_value": "3.0.15131.0"
},
{
"version_affected": "=",
"version_value": "3.0.15164.0"
},
{
"version_affected": "=",
"version_value": "3.0.15221.0"
},
{
"version_affected": "=",
"version_value": "3.0.15333.0"
},
{
"version_affected": "=",
"version_value": "3.0.15410.0"
},
{
"version_affected": "=",
"version_value": "3.0.15485.0"
},
{
"version_affected": "=",
"version_value": "3.0.15645.0"
},
{
"version_affected": "=",
"version_value": "3.0.15711.0"
},
{
"version_affected": "=",
"version_value": "3.0.16040.0"
},
{
"version_affected": "=",
"version_value": "3.0.16269.0"
},
{
"version_affected": "=",
"version_value": "3.0.16273.0"
},
{
"version_affected": "=",
"version_value": "3.0.16285.0"
},
{
"version_affected": "=",
"version_value": "4.0"
},
{
"version_affected": "=",
"version_value": "4.1"
},
{
"version_affected": "=",
"version_value": "4.10"
},
{
"version_affected": "=",
"version_value": "4.12"
},
{
"version_affected": "=",
"version_value": "4.13"
},
{
"version_affected": "=",
"version_value": "4.14"
},
{
"version_affected": "=",
"version_value": "4.15"
},
{
"version_affected": "=",
"version_value": "4.16"
},
{
"version_affected": "=",
"version_value": "4.17"
},
{
"version_affected": "=",
"version_value": "4.18"
},
{
"version_affected": "=",
"version_value": "4.19"
},
{
"version_affected": "=",
"version_value": "4.2"
},
{
"version_affected": "=",
"version_value": "4.20"
},
{
"version_affected": "=",
"version_value": "4.3"
},
{
"version_affected": "=",
"version_value": "4.4"
},
{
"version_affected": "=",
"version_value": "4.5"
},
{
"version_affected": "=",
"version_value": "4.6"
},
{
"version_affected": "=",
"version_value": "4.8"
},
{
"version_affected": "=",
"version_value": "4.9"
},
{
"version_affected": "=",
"version_value": "4.1.57"
},
{
"version_affected": "=",
"version_value": "4.1.92"
},
{
"version_affected": "=",
"version_value": "4.10.343"
},
{
"version_affected": "=",
"version_value": "4.11.211"
},
{
"version_affected": "=",
"version_value": "4.12.236"
},
{
"version_affected": "=",
"version_value": "4.13.200"
},
{
"version_affected": "=",
"version_value": "4.2.42"
},
{
"version_affected": "=",
"version_value": "4.2.75"
},
{
"version_affected": "=",
"version_value": "4.5.224"
},
{
"version_affected": "=",
"version_value": "4.6.197"
},
{
"version_affected": "=",
"version_value": "4.7.78"
},
{
"version_affected": "=",
"version_value": "4.8.170"
},
{
"version_affected": "=",
"version_value": "4.9.205"
},
{
"version_affected": "=",
"version_value": "4.9.252"
},
{
"version_affected": "=",
"version_value": "4.9.269"
},
{
"version_affected": "=",
"version_value": "42.1.0.169"
},
{
"version_affected": "=",
"version_value": "42.1.0.21190"
},
{
"version_affected": "=",
"version_value": "42.1.0.2219"
},
{
"version_affected": "=",
"version_value": "42.10"
},
{
"version_affected": "=",
"version_value": "42.10.0.23814"
},
{
"version_affected": "=",
"version_value": "42.10.0.24000"
},
{
"version_affected": "=",
"version_value": "42.11"
},
{
"version_affected": "=",
"version_value": "42.11.0.24187"
},
{
"version_affected": "=",
"version_value": "42.12"
},
{
"version_affected": "=",
"version_value": "42.12.0.24485"
},
{
"version_affected": "=",
"version_value": "42.2"
},
{
"version_affected": "=",
"version_value": "42.2.0.21338"
},
{
"version_affected": "=",
"version_value": "42.2.0.21486"
},
{
"version_affected": "=",
"version_value": "42.3"
},
{
"version_affected": "=",
"version_value": "42.3.0.21576"
},
{
"version_affected": "=",
"version_value": "42.4.1.22032"
},
{
"version_affected": "=",
"version_value": "42.5.0.22259"
},
{
"version_affected": "=",
"version_value": "42.6"
},
{
"version_affected": "=",
"version_value": "42.6.0.22565"
},
{
"version_affected": "=",
"version_value": "42.6.0.22645"
},
{
"version_affected": "=",
"version_value": "42.7"
},
{
"version_affected": "=",
"version_value": "42.7.0.22904"
},
{
"version_affected": "=",
"version_value": "42.7.0.23054"
},
{
"version_affected": "=",
"version_value": "42.8"
},
{
"version_affected": "=",
"version_value": "42.8.0.23214"
},
{
"version_affected": "=",
"version_value": "42.8.0.23281"
},
{
"version_affected": "=",
"version_value": "42.9"
},
{
"version_affected": "=",
"version_value": "42.9.0.23494"
},
{
"version_affected": "=",
"version_value": "43.1"
},
{
"version_affected": "=",
"version_value": "43.1.0.24716"
},
{
"version_affected": "=",
"version_value": "43.2"
},
{
"version_affected": "=",
"version_value": "43.2.0.25157"
},
{
"version_affected": "=",
"version_value": "43.2.0.25211"
},
{
"version_affected": "=",
"version_value": "43.3"
},
{
"version_affected": "=",
"version_value": "43.3.0.25468"
},
{
"version_affected": "=",
"version_value": "43.4"
},
{
"version_affected": "=",
"version_value": "43.4.0.25788"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
}
]
},
"source": {
"advisory": "cisco-sa-webex-app-ZjNm8X8j",
"discovery": "EXTERNAL",
"defects": [
"CSCwj36941",
"CSCwj36943"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

257
2024/20xxx/CVE-2024-20396.json
View File

@ -1,17 +1,266 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20396",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information.\r\n\r This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Webex Teams",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.13464.0"
},
{
"version_affected": "=",
"version_value": "3.0.13538.0"
},
{
"version_affected": "=",
"version_value": "3.0.13588.0"
},
{
"version_affected": "=",
"version_value": "3.0.14154.0"
},
{
"version_affected": "=",
"version_value": "3.0.14234.0"
},
{
"version_affected": "=",
"version_value": "3.0.14375.0"
},
{
"version_affected": "=",
"version_value": "3.0.14741.0"
},
{
"version_affected": "=",
"version_value": "3.0.14866.0"
},
{
"version_affected": "=",
"version_value": "3.0.15015.0"
},
{
"version_affected": "=",
"version_value": "3.0.15036.0"
},
{
"version_affected": "=",
"version_value": "3.0.15092.0"
},
{
"version_affected": "=",
"version_value": "3.0.15131.0"
},
{
"version_affected": "=",
"version_value": "3.0.15164.0"
},
{
"version_affected": "=",
"version_value": "3.0.15221.0"
},
{
"version_affected": "=",
"version_value": "3.0.15333.0"
},
{
"version_affected": "=",
"version_value": "3.0.15410.0"
},
{
"version_affected": "=",
"version_value": "3.0.15485.0"
},
{
"version_affected": "=",
"version_value": "3.0.15645.0"
},
{
"version_affected": "=",
"version_value": "3.0.15711.0"
},
{
"version_affected": "=",
"version_value": "3.0.16040.0"
},
{
"version_affected": "=",
"version_value": "3.0.16269.0"
},
{
"version_affected": "=",
"version_value": "3.0.16273.0"
},
{
"version_affected": "=",
"version_value": "3.0.16285.0"
},
{
"version_affected": "=",
"version_value": "42.1.0.21190"
},
{
"version_affected": "=",
"version_value": "42.10.0.23814"
},
{
"version_affected": "=",
"version_value": "42.11.0.24187"
},
{
"version_affected": "=",
"version_value": "42.12.0.24485"
},
{
"version_affected": "=",
"version_value": "42.2.0.21338"
},
{
"version_affected": "=",
"version_value": "42.2.0.21486"
},
{
"version_affected": "=",
"version_value": "42.3.0.21576"
},
{
"version_affected": "=",
"version_value": "42.4.1.22032"
},
{
"version_affected": "=",
"version_value": "42.5.0.22259"
},
{
"version_affected": "=",
"version_value": "42.6.0.22565"
},
{
"version_affected": "=",
"version_value": "42.6.0.22645"
},
{
"version_affected": "=",
"version_value": "42.7.0.22904"
},
{
"version_affected": "=",
"version_value": "42.7.0.23054"
},
{
"version_affected": "=",
"version_value": "42.8.0.23214"
},
{
"version_affected": "=",
"version_value": "42.8.0.23281"
},
{
"version_affected": "=",
"version_value": "42.9.0.23494"
},
{
"version_affected": "=",
"version_value": "43.1.0.24716"
},
{
"version_affected": "=",
"version_value": "43.2.0.25157"
},
{
"version_affected": "=",
"version_value": "43.2.0.25211"
},
{
"version_affected": "=",
"version_value": "43.3.0.25468"
},
{
"version_affected": "=",
"version_value": "43.4.0.25788"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-ZjNm8X8j"
}
]
},
"source": {
"advisory": "cisco-sa-webex-app-ZjNm8X8j",
"discovery": "EXTERNAL",
"defects": [
"CSCwj36947"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

377
2024/20xxx/CVE-2024-20400.json
View File

@ -1,17 +1,386 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20400",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.\r\n\r Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Video Communication Server (VCS) Expressway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "X8.5.1"
},
{
"version_affected": "=",
"version_value": "X8.5.3"
},
{
"version_affected": "=",
"version_value": "X8.5"
},
{
"version_affected": "=",
"version_value": "X8.6.1"
},
{
"version_affected": "=",
"version_value": "X8.6"
},
{
"version_affected": "=",
"version_value": "X8.1.1"
},
{
"version_affected": "=",
"version_value": "X8.1.2"
},
{
"version_affected": "=",
"version_value": "X8.1"
},
{
"version_affected": "=",
"version_value": "X8.2.1"
},
{
"version_affected": "=",
"version_value": "X8.2.2"
},
{
"version_affected": "=",
"version_value": "X8.2"
},
{
"version_affected": "=",
"version_value": "X8.7.1"
},
{
"version_affected": "=",
"version_value": "X8.7.2"
},
{
"version_affected": "=",
"version_value": "X8.7.3"
},
{
"version_affected": "=",
"version_value": "X8.7"
},
{
"version_affected": "=",
"version_value": "X8.8.1"
},
{
"version_affected": "=",
"version_value": "X8.8.2"
},
{
"version_affected": "=",
"version_value": "X8.8.3"
},
{
"version_affected": "=",
"version_value": "X8.8"
},
{
"version_affected": "=",
"version_value": "X8.9.1"
},
{
"version_affected": "=",
"version_value": "X8.9.2"
},
{
"version_affected": "=",
"version_value": "X8.9"
},
{
"version_affected": "=",
"version_value": "X8.10.0"
},
{
"version_affected": "=",
"version_value": "X8.10.1"
},
{
"version_affected": "=",
"version_value": "X8.10.2"
},
{
"version_affected": "=",
"version_value": "X8.10.3"
},
{
"version_affected": "=",
"version_value": "X8.10.4"
},
{
"version_affected": "=",
"version_value": "X12.5.8"
},
{
"version_affected": "=",
"version_value": "X12.5.9"
},
{
"version_affected": "=",
"version_value": "X12.5.0"
},
{
"version_affected": "=",
"version_value": "X12.5.2"
},
{
"version_affected": "=",
"version_value": "X12.5.7"
},
{
"version_affected": "=",
"version_value": "X12.5.3"
},
{
"version_affected": "=",
"version_value": "X12.5.4"
},
{
"version_affected": "=",
"version_value": "X12.5.5"
},
{
"version_affected": "=",
"version_value": "X12.5.1"
},
{
"version_affected": "=",
"version_value": "X12.5.6"
},
{
"version_affected": "=",
"version_value": "X12.6.0"
},
{
"version_affected": "=",
"version_value": "X12.6.1"
},
{
"version_affected": "=",
"version_value": "X12.6.2"
},
{
"version_affected": "=",
"version_value": "X12.6.3"
},
{
"version_affected": "=",
"version_value": "X12.6.4"
},
{
"version_affected": "=",
"version_value": "X12.7.0"
},
{
"version_affected": "=",
"version_value": "X12.7.1"
},
{
"version_affected": "=",
"version_value": "X8.11.1"
},
{
"version_affected": "=",
"version_value": "X8.11.2"
},
{
"version_affected": "=",
"version_value": "X8.11.4"
},
{
"version_affected": "=",
"version_value": "X8.11.3"
},
{
"version_affected": "=",
"version_value": "X8.11.0"
},
{
"version_affected": "=",
"version_value": "X14.0.1"
},
{
"version_affected": "=",
"version_value": "X14.0.3"
},
{
"version_affected": "=",
"version_value": "X14.0.2"
},
{
"version_affected": "=",
"version_value": "X14.0.4"
},
{
"version_affected": "=",
"version_value": "X14.0.5"
},
{
"version_affected": "=",
"version_value": "X14.0.6"
},
{
"version_affected": "=",
"version_value": "X14.0.7"
},
{
"version_affected": "=",
"version_value": "X14.0.8"
},
{
"version_affected": "=",
"version_value": "X14.0.9"
},
{
"version_affected": "=",
"version_value": "X14.0.10"
},
{
"version_affected": "=",
"version_value": "X14.0.11"
},
{
"version_affected": "=",
"version_value": "X14.2.1"
},
{
"version_affected": "=",
"version_value": "X14.2.2"
},
{
"version_affected": "=",
"version_value": "X14.2.5"
},
{
"version_affected": "=",
"version_value": "X14.2.6"
},
{
"version_affected": "=",
"version_value": "X14.2.0"
},
{
"version_affected": "=",
"version_value": "X14.2.7"
},
{
"version_affected": "=",
"version_value": "X14.3.0"
},
{
"version_affected": "=",
"version_value": "X14.3.1"
},
{
"version_affected": "=",
"version_value": "X14.3.2"
},
{
"version_affected": "=",
"version_value": "X14.3.3"
},
{
"version_affected": "=",
"version_value": "X14.3.4"
},
{
"version_affected": "=",
"version_value": "X14.3.5"
},
{
"version_affected": "=",
"version_value": "X15.0.0"
},
{
"version_affected": "=",
"version_value": "X15.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-redirect-KJsFuXgj"
}
]
},
"source": {
"advisory": "cisco-sa-expressway-redirect-KJsFuXgj",
"discovery": "INTERNAL",
"defects": [
"CSCwa25104"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

85
2024/20xxx/CVE-2024-20401.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20401",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system.\r\n\r This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.\r\n\r Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Absolute Path Traversal",
"cweId": "CWE-36"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Secure Email",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH"
}
]
},
"source": {
"advisory": "cisco-sa-esa-afw-bGG2UsjH",
"discovery": "EXTERNAL",
"defects": [
"CSCwj53998"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

85
2024/20xxx/CVE-2024-20416.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20416",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.\r\n\r This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Length Parameter Inconsistency",
"cweId": "CWE-130"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-7pqFU2e",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-7pqFU2e"
}
]
},
"source": {
"advisory": "cisco-sa-sb-rv34x-rce-7pqFU2e",
"discovery": "EXTERNAL",
"defects": [
"CSCwk32012"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

85
2024/20xxx/CVE-2024-20419.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20419",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.\r\n\r This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unverified Password Change",
"cweId": "CWE-620"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Smart Software Manager On-Prem",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8-202206"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy"
}
]
},
"source": {
"advisory": "cisco-sa-cssm-auth-sLw3uhUy",
"discovery": "EXTERNAL",
"defects": [
"CSCwk21399"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

153
2024/20xxx/CVE-2024-20429.json
View File

@ -1,17 +1,162 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20429",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device.\r\n\r This vulnerability is due to insufficient input validation in certain portions of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To successfully exploit this vulnerability, an attacker would need at least valid Operator credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Secure Email",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.3-238"
},
{
"version_affected": "=",
"version_value": "11.1.0-069"
},
{
"version_affected": "=",
"version_value": "11.1.0-131"
},
{
"version_affected": "=",
"version_value": "11.1.0-128"
},
{
"version_affected": "=",
"version_value": "12.0.0-419"
},
{
"version_affected": "=",
"version_value": "12.1.0-071"
},
{
"version_affected": "=",
"version_value": "12.1.0-087"
},
{
"version_affected": "=",
"version_value": "12.1.0-089"
},
{
"version_affected": "=",
"version_value": "13.0.0-392"
},
{
"version_affected": "=",
"version_value": "13.0.5-007"
},
{
"version_affected": "=",
"version_value": "13.5.1-277"
},
{
"version_affected": "=",
"version_value": "13.5.4-038"
},
{
"version_affected": "=",
"version_value": "12.5.0-066"
},
{
"version_affected": "=",
"version_value": "12.5.4-041"
},
{
"version_affected": "=",
"version_value": "12.5.3-041"
},
{
"version_affected": "=",
"version_value": "14.0.0-698"
},
{
"version_affected": "=",
"version_value": "14.2.0-620"
},
{
"version_affected": "=",
"version_value": "14.2.1-020"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-priv-esc-ssti-xNO2EOGZ",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-priv-esc-ssti-xNO2EOGZ"
}
]
},
"source": {
"advisory": "cisco-sa-esa-priv-esc-ssti-xNO2EOGZ",
"discovery": "INTERNAL",
"defects": [
"CSCwf61949"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

189
2024/20xxx/CVE-2024-20435.json
View File

@ -1,17 +1,198 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20435",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root.\r\n\r This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execution with Unnecessary Privileges",
"cweId": "CWE-250"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Secure Web Appliance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.7.0-406"
},
{
"version_affected": "=",
"version_value": "11.7.0-418"
},
{
"version_affected": "=",
"version_value": "11.7.1-049"
},
{
"version_affected": "=",
"version_value": "11.7.1-006"
},
{
"version_affected": "=",
"version_value": "11.7.1-020"
},
{
"version_affected": "=",
"version_value": "11.7.2-011"
},
{
"version_affected": "=",
"version_value": "11.8.0-414"
},
{
"version_affected": "=",
"version_value": "11.8.1-023"
},
{
"version_affected": "=",
"version_value": "11.8.3-018"
},
{
"version_affected": "=",
"version_value": "11.8.3-021"
},
{
"version_affected": "=",
"version_value": "12.0.1-268"
},
{
"version_affected": "=",
"version_value": "12.0.3-007"
},
{
"version_affected": "=",
"version_value": "12.5.2-007"
},
{
"version_affected": "=",
"version_value": "12.5.1-011"
},
{
"version_affected": "=",
"version_value": "12.5.4-005"
},
{
"version_affected": "=",
"version_value": "12.5.5-004"
},
{
"version_affected": "=",
"version_value": "12.5.6-008"
},
{
"version_affected": "=",
"version_value": "14.5.0-498"
},
{
"version_affected": "=",
"version_value": "14.5.1-016"
},
{
"version_affected": "=",
"version_value": "14.5.2-011"
},
{
"version_affected": "=",
"version_value": "14.0.3-014"
},
{
"version_affected": "=",
"version_value": "14.0.2-012"
},
{
"version_affected": "=",
"version_value": "14.0.4-005"
},
{
"version_affected": "=",
"version_value": "14.0.5-007"
},
{
"version_affected": "=",
"version_value": "15.0.0-322"
},
{
"version_affected": "=",
"version_value": "15.0.0-355"
},
{
"version_affected": "=",
"version_value": "15.1.0-287"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC"
}
]
},
"source": {
"advisory": "cisco-sa-swa-priv-esc-7uHpZsCC",
"discovery": "EXTERNAL",
"defects": [
"CSCwj30015"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

5
2024/29xxx/CVE-2024-29120.json
View File

@ -59,6 +59,11 @@
"url": "https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/17/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/17/4"
}
]
},

5
2024/35xxx/CVE-2024-35056.json
View File

@ -56,6 +56,11 @@
"refsource": "CONFIRM",
"name": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze",
"url": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/advisories/GHSA-gpgj-xrgw-8mx2",
"url": "https://github.com/advisories/GHSA-gpgj-xrgw-8mx2"
}
]
}

5
2024/35xxx/CVE-2024-35057.json
View File

@ -56,6 +56,11 @@
"refsource": "CONFIRM",
"name": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze",
"url": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/advisories/GHSA-jf28-v5f6-cvpr",
"url": "https://github.com/advisories/GHSA-jf28-v5f6-cvpr"
}
]
}

89
2024/38xxx/CVE-2024-38870.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38870",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@manageengine.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ManageEngine",
"product": {
"product_data": [
{
"product_name": "OpManager, OpManager Plus, OpManager MSP, OpManager Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "128104"
},
{
"version_affected": "<",
"version_name": "128151",
"version_value": "128238"
},
{
"version_affected": "<",
"version_name": "128247",
"version_value": "128250"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.manageengine.com/network-monitoring/security-updates/cve-2024-38870.html",
"refsource": "MISC",
"name": "https://www.manageengine.com/network-monitoring/security-updates/cve-2024-38870.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

18
2024/6xxx/CVE-2024-6836.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6836",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6837.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6837",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}