diff --git a/2023/48xxx/CVE-2023-48387.json b/2023/48xxx/CVE-2023-48387.json index dc8ce5b6fbf..87f5f0579b6 100644 --- a/2023/48xxx/CVE-2023-48387.json +++ b/2023/48xxx/CVE-2023-48387.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution.\n\n" + "value": "TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-20 Improper Input Validation", - "cweId": "CWE-20" + "value": "CWE-940 Improper Verification of Source of a Communication Channel", + "cweId": "CWE-940" } ] } diff --git a/2024/0xxx/CVE-2024-0552.json b/2024/0xxx/CVE-2024-0552.json index 8c8a40e79ed..e3853c42596 100644 --- a/2024/0xxx/CVE-2024-0552.json +++ b/2024/0xxx/CVE-2024-0552.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - "cweId": "CWE-74" + "value": "CWE-1395 Dependency on Vulnerable Third-Party Component", + "cweId": "CWE-1395" } ] } @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "<=", - "version_name": " ", + "version_name": "0", "version_value": "v6.0.0-202012tw" } ] diff --git a/2024/26xxx/CVE-2024-26263.json b/2024/26xxx/CVE-2024-26263.json index 019a9e999dd..3aa77ad2bda 100644 --- a/2024/26xxx/CVE-2024-26263.json +++ b/2024/26xxx/CVE-2024-26263.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-284: Improper Access Control", - "cweId": "CWE-284" + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" } ] } @@ -41,11 +41,11 @@ "version_data": [ { "version_affected": "=", - "version_value": "1.x" + "version_value": "1.*" }, { "version_affected": "=", - "version_value": "2.x" + "version_value": "2.*" } ] } diff --git a/2024/3xxx/CVE-2024-3774.json b/2024/3xxx/CVE-2024-3774.json index 4a8ec96d27f..a3ee29cbd62 100644 --- a/2024/3xxx/CVE-2024-3774.json +++ b/2024/3xxx/CVE-2024-3774.json @@ -21,8 +21,17 @@ "description": [ { "lang": "eng", - "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", - "cweId": "CWE-200" + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere", + "cweId": "CWE-497" } ] } @@ -36,7 +45,7 @@ "product": { "product_data": [ { - "product_name": "a+HRD ", + "product_name": "a+HRD", "version": { "version_data": [ { @@ -44,15 +53,8 @@ "version_value": "6.8" }, { - "version_affected": "=", - "version_value": "7.0" - }, - { - "version_affected": "=", - "version_value": "7.1" - }, - { - "version_affected": "=", + "version_affected": "<=", + "version_name": "7.0", "version_value": "7.2" } ] diff --git a/2024/3xxx/CVE-2024-3777.json b/2024/3xxx/CVE-2024-3777.json index 354f2fbad23..c3f60a9d218 100644 --- a/2024/3xxx/CVE-2024-3777.json +++ b/2024/3xxx/CVE-2024-3777.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "\nThe password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.\n\n" + "value": "The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-284: Improper Access Control", - "cweId": "CWE-284" + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" } ] } @@ -32,11 +32,11 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Ai3 ", + "vendor_name": "Ai3", "product": { "product_data": [ { - "product_name": "QbiBot ", + "product_name": "QbiBot", "version": { "version_data": [ {