"-Synchronized-Data."

2025-05-07 03:02:46 +00:00 · 2024-10-14 07:00:31 +00:00 · 2024-10-14 07:00:31 +00:00 · 5373aef26a
commit 5373aef26a
parent 7ab9fa309a
5 changed files with 29 additions and 27 deletions
--- a/2023/48xxx/CVE-2023-48387.json
+++ b/2023/48xxx/CVE-2023-48387.json
@ -11,7 +11,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "TAIWAN-CA(TWCA) JCICSecurityTool  fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution.\n\n"
+                "value": "TAIWAN-CA(TWCA) JCICSecurityTool  fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution."
            }
        ]
    },
@ -21,8 +21,8 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-20 Improper Input Validation",
-                        "cweId": "CWE-20"
+                        "value": "CWE-940 Improper Verification of Source of a Communication Channel",
+                        "cweId": "CWE-940"
                    }
                ]
            }
--- a/2024/0xxx/CVE-2024-0552.json
+++ b/2024/0xxx/CVE-2024-0552.json
@ -21,8 +21,8 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
-                        "cweId": "CWE-74"
+                        "value": "CWE-1395 Dependency on Vulnerable Third-Party Component",
+                        "cweId": "CWE-1395"
                    }
                ]
            }
@ -41,7 +41,7 @@
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
-                                            "version_name": " ",
+                                            "version_name": "0",
                                            "version_value": "v6.0.0-202012tw"
                                        }
                                    ]
--- a/2024/26xxx/CVE-2024-26263.json
+++ b/2024/26xxx/CVE-2024-26263.json
@ -21,8 +21,8 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-284: Improper Access Control",
-                        "cweId": "CWE-284"
+                        "value": "CWE-306 Missing Authentication for Critical Function",
+                        "cweId": "CWE-306"
                    }
                ]
            }
@ -41,11 +41,11 @@
                                    "version_data": [
                                        {
                                            "version_affected": "=",
-                                            "version_value": "1.x"
+                                            "version_value": "1.*"
                                        },
                                        {
                                            "version_affected": "=",
-                                            "version_value": "2.x"
+                                            "version_value": "2.*"
                                        }
                                    ]
                                }
--- a/2024/3xxx/CVE-2024-3774.json
+++ b/2024/3xxx/CVE-2024-3774.json
@ -21,8 +21,17 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
-                        "cweId": "CWE-200"
+                        "value": "CWE-306 Missing Authentication for Critical Function",
+                        "cweId": "CWE-306"
+                    }
+                ]
+            },
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
+                        "cweId": "CWE-497"
                    }
                ]
            }
@ -36,7 +45,7 @@
                    "product": {
                        "product_data": [
                            {
-                                "product_name": "a+HRD ",
+                                "product_name": "a+HRD",
                                "version": {
                                    "version_data": [
                                        {
@ -44,15 +53,8 @@
                                            "version_value": "6.8"
                                        },
                                        {
-                                            "version_affected": "=",
-                                            "version_value": "7.0"
-                                        },
-                                        {
-                                            "version_affected": "=",
-                                            "version_value": "7.1"
-                                        },
-                                        {
-                                            "version_affected": "=",
+                                            "version_affected": "<=",
+                                            "version_name": "7.0",
                                            "version_value": "7.2"
                                        }
                                    ]
--- a/2024/3xxx/CVE-2024-3777.json
+++ b/2024/3xxx/CVE-2024-3777.json
@ -11,7 +11,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "\nThe password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.\n\n"
+                "value": "The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password."
            }
        ]
    },
@ -21,8 +21,8 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "CWE-284: Improper Access Control",
-                        "cweId": "CWE-284"
+                        "value": "CWE-306 Missing Authentication for Critical Function",
+                        "cweId": "CWE-306"
                    }
                ]
            }
@ -32,11 +32,11 @@
        "vendor": {
            "vendor_data": [
                {
-                    "vendor_name": "Ai3 ",
+                    "vendor_name": "Ai3",
                    "product": {
                        "product_data": [
                            {
-                                "product_name": "QbiBot ",
+                                "product_name": "QbiBot",
                                "version": {
                                    "version_data": [
                                        {