From 53d132dc1d4271700a64896d2119af7b2a578a4e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 14:13:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/3xxx/CVE-2023-3418.json | 77 +------- 2023/51xxx/CVE-2023-51141.json | 66 ++++++- 2023/51xxx/CVE-2023-51142.json | 66 ++++++- 2024/1xxx/CVE-2024-1394.json | 334 +++++++++++++++------------------ 2024/26xxx/CVE-2024-26643.json | 81 +++++++- 2024/27xxx/CVE-2024-27683.json | 66 ++++++- 2024/28xxx/CVE-2024-28834.json | 179 +++++++++++++++++- 2024/29xxx/CVE-2024-29866.json | 61 +++++- 2024/29xxx/CVE-2024-29870.json | 84 ++++++++- 2024/29xxx/CVE-2024-29871.json | 84 ++++++++- 2024/29xxx/CVE-2024-29872.json | 84 ++++++++- 2024/29xxx/CVE-2024-29873.json | 84 ++++++++- 2024/29xxx/CVE-2024-29874.json | 84 ++++++++- 2024/29xxx/CVE-2024-29875.json | 84 ++++++++- 2024/29xxx/CVE-2024-29876.json | 84 ++++++++- 2024/29xxx/CVE-2024-29877.json | 84 ++++++++- 2024/29xxx/CVE-2024-29880.json | 73 +------ 2024/29xxx/CVE-2024-29951.json | 18 ++ 2024/29xxx/CVE-2024-29952.json | 18 ++ 2024/29xxx/CVE-2024-29953.json | 18 ++ 2024/29xxx/CVE-2024-29954.json | 18 ++ 2024/29xxx/CVE-2024-29955.json | 18 ++ 2024/29xxx/CVE-2024-29956.json | 18 ++ 2024/29xxx/CVE-2024-29957.json | 18 ++ 2024/29xxx/CVE-2024-29958.json | 18 ++ 2024/29xxx/CVE-2024-29959.json | 18 ++ 2024/29xxx/CVE-2024-29960.json | 18 ++ 2024/29xxx/CVE-2024-29961.json | 18 ++ 2024/29xxx/CVE-2024-29962.json | 18 ++ 2024/29xxx/CVE-2024-29963.json | 18 ++ 2024/29xxx/CVE-2024-29964.json | 18 ++ 2024/29xxx/CVE-2024-29965.json | 18 ++ 2024/29xxx/CVE-2024-29966.json | 18 ++ 2024/29xxx/CVE-2024-29967.json | 18 ++ 2024/29xxx/CVE-2024-29968.json | 18 ++ 2024/29xxx/CVE-2024-29969.json | 18 ++ 2024/29xxx/CVE-2024-29970.json | 18 ++ 2024/29xxx/CVE-2024-29971.json | 18 ++ 2024/29xxx/CVE-2024-29972.json | 18 ++ 2024/29xxx/CVE-2024-29973.json | 18 ++ 2024/29xxx/CVE-2024-29974.json | 18 ++ 2024/29xxx/CVE-2024-29975.json | 18 ++ 2024/29xxx/CVE-2024-29976.json | 18 ++ 2024/2xxx/CVE-2024-2494.json | 188 ++++++++++++++++++- 2024/2xxx/CVE-2024-2740.json | 97 +++++++++- 2024/2xxx/CVE-2024-2741.json | 97 +++++++++- 2024/2xxx/CVE-2024-2742.json | 97 +++++++++- 2024/2xxx/CVE-2024-2758.json | 18 ++ 2024/2xxx/CVE-2024-2759.json | 18 ++ 2024/2xxx/CVE-2024-2760.json | 18 ++ 2024/2xxx/CVE-2024-2761.json | 18 ++ 2024/2xxx/CVE-2024-2809.json | 99 +++++++++- 2024/2xxx/CVE-2024-2810.json | 99 +++++++++- 2024/2xxx/CVE-2024-2811.json | 95 +++++++++- 2024/2xxx/CVE-2024-2812.json | 99 +++++++++- 2024/2xxx/CVE-2024-2813.json | 95 +++++++++- 2024/2xxx/CVE-2024-2814.json | 95 +++++++++- 2024/2xxx/CVE-2024-2815.json | 95 +++++++++- 2024/2xxx/CVE-2024-2816.json | 95 +++++++++- 2024/2xxx/CVE-2024-2817.json | 95 +++++++++- 2024/2xxx/CVE-2024-2818.json | 18 ++ 2024/2xxx/CVE-2024-2819.json | 18 ++ 2024/30xxx/CVE-2024-30059.json | 18 ++ 2024/30xxx/CVE-2024-30060.json | 18 ++ 2024/30xxx/CVE-2024-30061.json | 18 ++ 2024/30xxx/CVE-2024-30062.json | 18 ++ 2024/30xxx/CVE-2024-30063.json | 18 ++ 2024/30xxx/CVE-2024-30064.json | 18 ++ 2024/30xxx/CVE-2024-30065.json | 18 ++ 2024/30xxx/CVE-2024-30066.json | 18 ++ 2024/30xxx/CVE-2024-30067.json | 18 ++ 2024/30xxx/CVE-2024-30068.json | 18 ++ 2024/30xxx/CVE-2024-30069.json | 18 ++ 2024/30xxx/CVE-2024-30070.json | 18 ++ 2024/30xxx/CVE-2024-30071.json | 18 ++ 2024/30xxx/CVE-2024-30072.json | 18 ++ 2024/30xxx/CVE-2024-30073.json | 18 ++ 2024/30xxx/CVE-2024-30074.json | 18 ++ 2024/30xxx/CVE-2024-30075.json | 18 ++ 2024/30xxx/CVE-2024-30076.json | 18 ++ 2024/30xxx/CVE-2024-30077.json | 18 ++ 2024/30xxx/CVE-2024-30078.json | 18 ++ 2024/30xxx/CVE-2024-30079.json | 18 ++ 2024/30xxx/CVE-2024-30080.json | 18 ++ 2024/30xxx/CVE-2024-30081.json | 18 ++ 2024/30xxx/CVE-2024-30082.json | 18 ++ 2024/30xxx/CVE-2024-30083.json | 18 ++ 2024/30xxx/CVE-2024-30084.json | 18 ++ 2024/30xxx/CVE-2024-30085.json | 18 ++ 2024/30xxx/CVE-2024-30086.json | 18 ++ 2024/30xxx/CVE-2024-30087.json | 18 ++ 2024/30xxx/CVE-2024-30088.json | 18 ++ 2024/30xxx/CVE-2024-30089.json | 18 ++ 2024/30xxx/CVE-2024-30090.json | 18 ++ 2024/30xxx/CVE-2024-30091.json | 18 ++ 2024/30xxx/CVE-2024-30092.json | 18 ++ 2024/30xxx/CVE-2024-30093.json | 18 ++ 2024/30xxx/CVE-2024-30094.json | 18 ++ 2024/30xxx/CVE-2024-30095.json | 18 ++ 2024/30xxx/CVE-2024-30096.json | 18 ++ 100 files changed, 3842 insertions(+), 439 deletions(-) create mode 100644 2024/29xxx/CVE-2024-29951.json create mode 100644 2024/29xxx/CVE-2024-29952.json create mode 100644 2024/29xxx/CVE-2024-29953.json create mode 100644 2024/29xxx/CVE-2024-29954.json create mode 100644 2024/29xxx/CVE-2024-29955.json create mode 100644 2024/29xxx/CVE-2024-29956.json create mode 100644 2024/29xxx/CVE-2024-29957.json create mode 100644 2024/29xxx/CVE-2024-29958.json create mode 100644 2024/29xxx/CVE-2024-29959.json create mode 100644 2024/29xxx/CVE-2024-29960.json create mode 100644 2024/29xxx/CVE-2024-29961.json create mode 100644 2024/29xxx/CVE-2024-29962.json create mode 100644 2024/29xxx/CVE-2024-29963.json create mode 100644 2024/29xxx/CVE-2024-29964.json create mode 100644 2024/29xxx/CVE-2024-29965.json create mode 100644 2024/29xxx/CVE-2024-29966.json create mode 100644 2024/29xxx/CVE-2024-29967.json create mode 100644 2024/29xxx/CVE-2024-29968.json create mode 100644 2024/29xxx/CVE-2024-29969.json create mode 100644 2024/29xxx/CVE-2024-29970.json create mode 100644 2024/29xxx/CVE-2024-29971.json create mode 100644 2024/29xxx/CVE-2024-29972.json create mode 100644 2024/29xxx/CVE-2024-29973.json create mode 100644 2024/29xxx/CVE-2024-29974.json create mode 100644 2024/29xxx/CVE-2024-29975.json create mode 100644 2024/29xxx/CVE-2024-29976.json create mode 100644 2024/2xxx/CVE-2024-2758.json create mode 100644 2024/2xxx/CVE-2024-2759.json create mode 100644 2024/2xxx/CVE-2024-2760.json create mode 100644 2024/2xxx/CVE-2024-2761.json create mode 100644 2024/2xxx/CVE-2024-2818.json create mode 100644 2024/2xxx/CVE-2024-2819.json create mode 100644 2024/30xxx/CVE-2024-30059.json create mode 100644 2024/30xxx/CVE-2024-30060.json create mode 100644 2024/30xxx/CVE-2024-30061.json create mode 100644 2024/30xxx/CVE-2024-30062.json create mode 100644 2024/30xxx/CVE-2024-30063.json create mode 100644 2024/30xxx/CVE-2024-30064.json create mode 100644 2024/30xxx/CVE-2024-30065.json create mode 100644 2024/30xxx/CVE-2024-30066.json create mode 100644 2024/30xxx/CVE-2024-30067.json create mode 100644 2024/30xxx/CVE-2024-30068.json create mode 100644 2024/30xxx/CVE-2024-30069.json create mode 100644 2024/30xxx/CVE-2024-30070.json create mode 100644 2024/30xxx/CVE-2024-30071.json create mode 100644 2024/30xxx/CVE-2024-30072.json create mode 100644 2024/30xxx/CVE-2024-30073.json create mode 100644 2024/30xxx/CVE-2024-30074.json create mode 100644 2024/30xxx/CVE-2024-30075.json create mode 100644 2024/30xxx/CVE-2024-30076.json create mode 100644 2024/30xxx/CVE-2024-30077.json create mode 100644 2024/30xxx/CVE-2024-30078.json create mode 100644 2024/30xxx/CVE-2024-30079.json create mode 100644 2024/30xxx/CVE-2024-30080.json create mode 100644 2024/30xxx/CVE-2024-30081.json create mode 100644 2024/30xxx/CVE-2024-30082.json create mode 100644 2024/30xxx/CVE-2024-30083.json create mode 100644 2024/30xxx/CVE-2024-30084.json create mode 100644 2024/30xxx/CVE-2024-30085.json create mode 100644 2024/30xxx/CVE-2024-30086.json create mode 100644 2024/30xxx/CVE-2024-30087.json create mode 100644 2024/30xxx/CVE-2024-30088.json create mode 100644 2024/30xxx/CVE-2024-30089.json create mode 100644 2024/30xxx/CVE-2024-30090.json create mode 100644 2024/30xxx/CVE-2024-30091.json create mode 100644 2024/30xxx/CVE-2024-30092.json create mode 100644 2024/30xxx/CVE-2024-30093.json create mode 100644 2024/30xxx/CVE-2024-30094.json create mode 100644 2024/30xxx/CVE-2024-30095.json create mode 100644 2024/30xxx/CVE-2024-30096.json diff --git a/2023/3xxx/CVE-2023-3418.json b/2023/3xxx/CVE-2023-3418.json index bfa6e6c4b48..4a463cf0740 100644 --- a/2023/3xxx/CVE-2023-3418.json +++ b/2023/3xxx/CVE-2023-3418.json @@ -5,85 +5,14 @@ "CVE_data_meta": { "ID": "CVE-2023-3418", "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "The Querlo Chatbot WordPress plugin through 1.2.4 does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability." + "value": "** REJECT ** The issue is not in the plugin itself but the underlying chat service" } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross-Site Scripting (XSS)" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Querlo Chatbot", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "status": "affected", - "versionType": "custom", - "version": "0", - "lessThanOrEqual": "1.2.4" - } - ], - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://wpscan.com/vulnerability/407edb21-8fcb-484a-babb-fce96a6aede7", - "refsource": "MISC", - "name": "https://wpscan.com/vulnerability/407edb21-8fcb-484a-babb-fce96a6aede7" - } - ] - }, - "generator": { - "engine": "WPScan CVE Generator" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Rafael B." - }, - { - "lang": "en", - "value": "WPScan" - } - ] + } } \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51141.json b/2023/51xxx/CVE-2023-51141.json index 46037028717..38188556070 100644 --- a/2023/51xxx/CVE-2023-51141.json +++ b/2023/51xxx/CVE-2023-51141.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51141", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51141", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://biotime.com", + "refsource": "MISC", + "name": "http://biotime.com" + }, + { + "url": "http://zkteko.com", + "refsource": "MISC", + "name": "http://zkteko.com" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/ipxsec/1680d29c49fe368be81b037168175b10", + "url": "https://gist.github.com/ipxsec/1680d29c49fe368be81b037168175b10" } ] } diff --git a/2023/51xxx/CVE-2023-51142.json b/2023/51xxx/CVE-2023-51142.json index e5b4ef4643b..cdd32b082ea 100644 --- a/2023/51xxx/CVE-2023-51142.json +++ b/2023/51xxx/CVE-2023-51142.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51142", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51142", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://zkteco.com", + "refsource": "MISC", + "name": "http://zkteco.com" + }, + { + "url": "http://biotime.com", + "refsource": "MISC", + "name": "http://biotime.com" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/ipxsec/b20383620c9e1d5300f7716e62e8a82f", + "url": "https://gist.github.com/ipxsec/b20383620c9e1d5300f7716e62e8a82f" } ] } diff --git a/2024/1xxx/CVE-2024-1394.json b/2024/1xxx/CVE-2024-1394.json index 0e8a121377f..1db5c9d360d 100644 --- a/2024/1xxx/CVE-2024-1394.json +++ b/2024/1xxx/CVE-2024-1394.json @@ -60,174 +60,6 @@ "vendor_name": "Red Hat", "product": { "product_data": [ - { - "product_name": "Red Hat Developer Tools", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "0:1.19.13-6.el7_9", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - } - ] - } - }, - { - "product_name": "Red Hat Enterprise Linux 8", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "8090020240313170136.26eb71ac", - "lessThan": "*", - "versionType": "rpm", - "status": "unaffected" - } - ], - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unaffected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unaffected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unaffected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unaffected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -467,6 +299,19 @@ ] } }, + { + "product_name": "Red Hat Developer Tools", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 7", "version": { @@ -510,6 +355,145 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, { "product_name": "Red Hat OpenShift Container Platform 4", "version": { @@ -529,13 +513,13 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unaffected" + "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unaffected" + "defaultStatus": "affected" } }, { @@ -872,16 +856,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1462" }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1468", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1468" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1472", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1472" - }, { "url": "https://access.redhat.com/security/cve/CVE-2024-1394", "refsource": "MISC", diff --git a/2024/26xxx/CVE-2024-26643.json b/2024/26xxx/CVE-2024-26643.json index ba029f7548e..7fe777019a6 100644 --- a/2024/26xxx/CVE-2024-26643.json +++ b/2024/26xxx/CVE-2024-26643.json @@ -1,18 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26643", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout\n\nWhile the rhashtable set gc runs asynchronously, a race allows it to\ncollect elements from anonymous sets with timeouts while it is being\nreleased from the commit path.\n\nMingi Cho originally reported this issue in a different path in 6.1.x\nwith a pipapo set with low timeouts which is not possible upstream since\n7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set\nelement timeout\").\n\nFix this by setting on the dead flag for anonymous sets to skip async gc\nin this case.\n\nAccording to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on\ntransaction abort\"), Florian plans to accelerate abort path by releasing\nobjects via workqueue, therefore, this sets on the dead flag for abort\npath too." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5f68718b34a5", + "version_value": "552705a3650b" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.5", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.5", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36" + } + ] + }, + "generator": { + "engine": "bippy-b4257b672505" } } \ No newline at end of file diff --git a/2024/27xxx/CVE-2024-27683.json b/2024/27xxx/CVE-2024-27683.json index e74b1f013b5..edeb304f861 100644 --- a/2024/27xxx/CVE-2024-27683.json +++ b/2024/27xxx/CVE-2024-27683.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-27683", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-27683", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "https://drive.google.com/file/d/18RhbBnaD_kH16Y6C-7TpSSPUmYKKyU_k/view", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/18RhbBnaD_kH16Y6C-7TpSSPUmYKKyU_k/view" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/sunwithmoon/428c3871482a600382fec0a1994a518b", + "url": "https://gist.github.com/sunwithmoon/428c3871482a600382fec0a1994a518b" } ] } diff --git a/2024/28xxx/CVE-2024-28834.json b/2024/28xxx/CVE-2024-28834.json index 8b8d903ec9e..6f9a2128ea8 100644 --- a/2024/28xxx/CVE-2024-28834.json +++ b/2024/28xxx/CVE-2024-28834.json @@ -1,17 +1,188 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28834", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "gnutls", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "3.8.4", + "status": "unaffected" + } + ] + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-28834", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-28834" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269228", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2269228" + }, + { + "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html", + "refsource": "MISC", + "name": "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html" + }, + { + "url": "https://people.redhat.com/~hkario/marvin/", + "refsource": "MISC", + "name": "https://people.redhat.com/~hkario/marvin/" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29866.json b/2024/29xxx/CVE-2024-29866.json index 272516c28ce..59a11b1e284 100644 --- a/2024/29xxx/CVE-2024-29866.json +++ b/2024/29xxx/CVE-2024-29866.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-29866", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-29866", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://datalust.co", + "refsource": "MISC", + "name": "https://datalust.co" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/datalust/seq-tickets/issues/2127", + "url": "https://github.com/datalust/seq-tickets/issues/2127" } ] } diff --git a/2024/29xxx/CVE-2024-29870.json b/2024/29xxx/CVE-2024-29870.json index 7837e3c1de3..e1bb53a4dfe 100644 --- a/2024/29xxx/CVE-2024-29870.json +++ b/2024/29xxx/CVE-2024-29870.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29870", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sentrifugo", + "product": { + "product_data": [ + { + "product_name": "Sentrifugo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29871.json b/2024/29xxx/CVE-2024-29871.json index b98977fd77c..08e9a44bc25 100644 --- a/2024/29xxx/CVE-2024-29871.json +++ b/2024/29xxx/CVE-2024-29871.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29871", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sentrifugo", + "product": { + "product_data": [ + { + "product_name": "Sentrifugo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29872.json b/2024/29xxx/CVE-2024-29872.json index 829c70b24ee..607abd8a6bd 100644 --- a/2024/29xxx/CVE-2024-29872.json +++ b/2024/29xxx/CVE-2024-29872.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29872", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Sentrifugo 3.2, through\u00a0/sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sentrifugo", + "product": { + "product_data": [ + { + "product_name": "Sentrifugo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29873.json b/2024/29xxx/CVE-2024-29873.json index 77fce2f4e7d..14df18fa6c3 100644 --- a/2024/29xxx/CVE-2024-29873.json +++ b/2024/29xxx/CVE-2024-29873.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29873", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Sentrifugo 3.2, through\u00a0/sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sentrifugo", + "product": { + "product_data": [ + { + "product_name": "Sentrifugo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29874.json b/2024/29xxx/CVE-2024-29874.json index 5e423f8b2c6..e5939be42e5 100644 --- a/2024/29xxx/CVE-2024-29874.json +++ b/2024/29xxx/CVE-2024-29874.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29874", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Sentrifugo 3.2, through\u00a0/sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sentrifugo", + "product": { + "product_data": [ + { + "product_name": "Sentrifugo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29875.json b/2024/29xxx/CVE-2024-29875.json index ea8f5dab852..011234e3ed3 100644 --- a/2024/29xxx/CVE-2024-29875.json +++ b/2024/29xxx/CVE-2024-29875.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29875", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Sentrifugo 3.2, through\u00a0 /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sentrifugo", + "product": { + "product_data": [ + { + "product_name": "Sentrifugo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29876.json b/2024/29xxx/CVE-2024-29876.json index 5a8684ed1c6..81a3214d187 100644 --- a/2024/29xxx/CVE-2024-29876.json +++ b/2024/29xxx/CVE-2024-29876.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29876", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Sentrifugo 3.2, through\u00a0 /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sentrifugo", + "product": { + "product_data": [ + { + "product_name": "Sentrifugo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29877.json b/2024/29xxx/CVE-2024-29877.json index 765fecfd37f..c4221ffeb90 100644 --- a/2024/29xxx/CVE-2024-29877.json +++ b/2024/29xxx/CVE-2024-29877.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29877", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through\u00a0 /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sentrifugo", + "product": { + "product_data": [ + { + "product_name": "Sentrifugo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29880.json b/2024/29xxx/CVE-2024-29880.json index c0a8b432a3e..13b0b538259 100644 --- a/2024/29xxx/CVE-2024-29880.json +++ b/2024/29xxx/CVE-2024-29880.json @@ -1,82 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29880", - "ASSIGNER": "security@jetbrains.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-749", - "cweId": "CWE-749" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "JetBrains", - "product": { - "product_data": [ - { - "product_name": "TeamCity", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "2023.11" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", - "refsource": "MISC", - "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" - } - ] - }, - "impact": { - "cvss": [ - { - "version": "3.1", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "HIGH", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "availabilityImpact": "LOW", - "baseScore": 4.2, - "baseSeverity": "MEDIUM", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/29xxx/CVE-2024-29951.json b/2024/29xxx/CVE-2024-29951.json new file mode 100644 index 00000000000..01cf2226fbe --- /dev/null +++ b/2024/29xxx/CVE-2024-29951.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29951", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29952.json b/2024/29xxx/CVE-2024-29952.json new file mode 100644 index 00000000000..2081f426bee --- /dev/null +++ b/2024/29xxx/CVE-2024-29952.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29952", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29953.json b/2024/29xxx/CVE-2024-29953.json new file mode 100644 index 00000000000..7faf740fda0 --- /dev/null +++ b/2024/29xxx/CVE-2024-29953.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29953", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29954.json b/2024/29xxx/CVE-2024-29954.json new file mode 100644 index 00000000000..3530fd1024f --- /dev/null +++ b/2024/29xxx/CVE-2024-29954.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29954", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29955.json b/2024/29xxx/CVE-2024-29955.json new file mode 100644 index 00000000000..f49632e7e62 --- /dev/null +++ b/2024/29xxx/CVE-2024-29955.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29955", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29956.json b/2024/29xxx/CVE-2024-29956.json new file mode 100644 index 00000000000..56f6742b171 --- /dev/null +++ b/2024/29xxx/CVE-2024-29956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29957.json b/2024/29xxx/CVE-2024-29957.json new file mode 100644 index 00000000000..793cafc9b78 --- /dev/null +++ b/2024/29xxx/CVE-2024-29957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29958.json b/2024/29xxx/CVE-2024-29958.json new file mode 100644 index 00000000000..c969a91c75c --- /dev/null +++ b/2024/29xxx/CVE-2024-29958.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29958", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29959.json b/2024/29xxx/CVE-2024-29959.json new file mode 100644 index 00000000000..7fceb9af3e6 --- /dev/null +++ b/2024/29xxx/CVE-2024-29959.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29959", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29960.json b/2024/29xxx/CVE-2024-29960.json new file mode 100644 index 00000000000..53ddce12367 --- /dev/null +++ b/2024/29xxx/CVE-2024-29960.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29960", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29961.json b/2024/29xxx/CVE-2024-29961.json new file mode 100644 index 00000000000..88f391eccc4 --- /dev/null +++ b/2024/29xxx/CVE-2024-29961.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29961", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29962.json b/2024/29xxx/CVE-2024-29962.json new file mode 100644 index 00000000000..46072a6ab5d --- /dev/null +++ b/2024/29xxx/CVE-2024-29962.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29962", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29963.json b/2024/29xxx/CVE-2024-29963.json new file mode 100644 index 00000000000..2aded2e9463 --- /dev/null +++ b/2024/29xxx/CVE-2024-29963.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29963", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29964.json b/2024/29xxx/CVE-2024-29964.json new file mode 100644 index 00000000000..5c0d0aed37b --- /dev/null +++ b/2024/29xxx/CVE-2024-29964.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29964", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29965.json b/2024/29xxx/CVE-2024-29965.json new file mode 100644 index 00000000000..0912ef4a24e --- /dev/null +++ b/2024/29xxx/CVE-2024-29965.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29965", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29966.json b/2024/29xxx/CVE-2024-29966.json new file mode 100644 index 00000000000..c097d9fb938 --- /dev/null +++ b/2024/29xxx/CVE-2024-29966.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29966", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29967.json b/2024/29xxx/CVE-2024-29967.json new file mode 100644 index 00000000000..c55bd856de6 --- /dev/null +++ b/2024/29xxx/CVE-2024-29967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29968.json b/2024/29xxx/CVE-2024-29968.json new file mode 100644 index 00000000000..4e9093a109f --- /dev/null +++ b/2024/29xxx/CVE-2024-29968.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29968", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29969.json b/2024/29xxx/CVE-2024-29969.json new file mode 100644 index 00000000000..7d2320c8436 --- /dev/null +++ b/2024/29xxx/CVE-2024-29969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29970.json b/2024/29xxx/CVE-2024-29970.json new file mode 100644 index 00000000000..6c03dfeecec --- /dev/null +++ b/2024/29xxx/CVE-2024-29970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29971.json b/2024/29xxx/CVE-2024-29971.json new file mode 100644 index 00000000000..18eab76bf5b --- /dev/null +++ b/2024/29xxx/CVE-2024-29971.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29971", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29972.json b/2024/29xxx/CVE-2024-29972.json new file mode 100644 index 00000000000..734e4ab6cfa --- /dev/null +++ b/2024/29xxx/CVE-2024-29972.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29972", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29973.json b/2024/29xxx/CVE-2024-29973.json new file mode 100644 index 00000000000..8683130a8bc --- /dev/null +++ b/2024/29xxx/CVE-2024-29973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29974.json b/2024/29xxx/CVE-2024-29974.json new file mode 100644 index 00000000000..1ba78283661 --- /dev/null +++ b/2024/29xxx/CVE-2024-29974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29975.json b/2024/29xxx/CVE-2024-29975.json new file mode 100644 index 00000000000..0386aab36b0 --- /dev/null +++ b/2024/29xxx/CVE-2024-29975.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29975", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29976.json b/2024/29xxx/CVE-2024-29976.json new file mode 100644 index 00000000000..da2ae551f66 --- /dev/null +++ b/2024/29xxx/CVE-2024-29976.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29976", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2494.json b/2024/2xxx/CVE-2024-2494.json index 1fc8a522ca3..ac153a73fc2 100644 --- a/2024/2xxx/CVE-2024-2494.json +++ b/2024/2xxx/CVE-2024-2494.json @@ -1,17 +1,197 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2494", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Allocation with Excessive Size Value", + "cweId": "CWE-789" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "libvirt", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unknown" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-2494", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-2494" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270115", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2270115" + }, + { + "url": "https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/", + "refsource": "MISC", + "name": "https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Alexander Kuznetsov (ALT Linux Team) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2740.json b/2024/2xxx/CVE-2024-2740.json index c93a0f5c876..6b91127677a 100644 --- a/2024/2xxx/CVE-2024-2740.json +++ b/2024/2xxx/CVE-2024-2740.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2740", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to access some administrative resources due to lack of proper management of the Switch web interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Planet", + "product": { + "product_data": [ + { + "product_name": "IGS-4215-16T2S", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.305b210528" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-planet-igs-4215-16t2s", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-planet-igs-4215-16t2s" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Vulnerability fixed in firmware version 1.305b231218." + } + ], + "value": "Vulnerability fixed in firmware version 1.305b231218." + } + ], + "credits": [ + { + "lang": "en", + "value": "J. Daniel Martinez (dan1t0)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2741.json b/2024/2xxx/CVE-2024-2741.json index ffdd3d4ec91..c98f6838723 100644 --- a/2024/2xxx/CVE-2024-2741.json +++ b/2024/2xxx/CVE-2024-2741.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2741", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session, such as adding or updating accounts through the Switch web interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Planet", + "product": { + "product_data": [ + { + "product_name": "IGS-4215-16T2S", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.305b210528" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-planet-igs-4215-16t2s", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-planet-igs-4215-16t2s" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Vulnerability fixed in firmware version 1.305b231218." + } + ], + "value": "Vulnerability fixed in firmware version 1.305b231218." + } + ], + "credits": [ + { + "lang": "en", + "value": "J. Daniel Martinez (dan1t0)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2742.json b/2024/2xxx/CVE-2024-2742.json index e624958dc25..57e8f3ac4af 100644 --- a/2024/2xxx/CVE-2024-2742.json +++ b/2024/2xxx/CVE-2024-2742.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2742", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Planet", + "product": { + "product_data": [ + { + "product_name": "IGS-4215-16T2S", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.305b210528" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-planet-igs-4215-16t2s", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-planet-igs-4215-16t2s" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Vulnerability fixed in firmware version 1.305b231218." + } + ], + "value": "Vulnerability fixed in firmware version 1.305b231218." + } + ], + "credits": [ + { + "lang": "en", + "value": "J. Daniel Martinez (dan1t0)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/2xxx/CVE-2024-2758.json b/2024/2xxx/CVE-2024-2758.json new file mode 100644 index 00000000000..ff833eb60df --- /dev/null +++ b/2024/2xxx/CVE-2024-2758.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2758", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2759.json b/2024/2xxx/CVE-2024-2759.json new file mode 100644 index 00000000000..ceb7b2c1f27 --- /dev/null +++ b/2024/2xxx/CVE-2024-2759.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2759", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2760.json b/2024/2xxx/CVE-2024-2760.json new file mode 100644 index 00000000000..45a56a97974 --- /dev/null +++ b/2024/2xxx/CVE-2024-2760.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2760", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2761.json b/2024/2xxx/CVE-2024-2761.json new file mode 100644 index 00000000000..ee4a2da2f3a --- /dev/null +++ b/2024/2xxx/CVE-2024-2761.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2761", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2809.json b/2024/2xxx/CVE-2024-2809.json index aceab5cc9df..255dca34648 100644 --- a/2024/2xxx/CVE-2024-2809.json +++ b/2024/2xxx/CVE-2024-2809.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2809", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Tenda AC15 15.03.05.18/15.03.20_multi gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion formSetFirewallCfg der Datei /goform/SetFirewallCfg. Dank der Manipulation des Arguments firewallEn mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC15", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.05.18" + }, + { + "version_affected": "=", + "version_value": "15.03.20_multi" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257664", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257664" + }, + { + "url": "https://vuldb.com/?ctiid.257664", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257664" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formSetFirewallCfg.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formSetFirewallCfg.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2810.json b/2024/2xxx/CVE-2024-2810.json index 3ebf8a4ed23..3d8b856b305 100644 --- a/2024/2xxx/CVE-2024-2810.json +++ b/2024/2xxx/CVE-2024-2810.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2810", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Tenda AC15 15.03.05.18/15.03.20_multi wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion formWifiWpsOOB der Datei /goform/WifiWpsOOB. Dank Manipulation des Arguments index mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC15", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.05.18" + }, + { + "version_affected": "=", + "version_value": "15.03.20_multi" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257665", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257665" + }, + { + "url": "https://vuldb.com/?ctiid.257665", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257665" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsOOB.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsOOB.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2811.json b/2024/2xxx/CVE-2024-2811.json index 73e60e4da06..a9eebeab6c2 100644 --- a/2024/2xxx/CVE-2024-2811.json +++ b/2024/2xxx/CVE-2024-2811.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2811", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Tenda AC15 15.03.20_multi gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion formWifiWpsStart der Datei /goform/WifiWpsStart. Mit der Manipulation des Arguments index mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC15", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.20_multi" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257666", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257666" + }, + { + "url": "https://vuldb.com/?ctiid.257666", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257666" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsStart.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsStart.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2812.json b/2024/2xxx/CVE-2024-2812.json index d8e574bd6ed..287083f1d94 100644 --- a/2024/2xxx/CVE-2024-2812.json +++ b/2024/2xxx/CVE-2024-2812.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2812", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Tenda AC15 15.03.05.18/15.03.20_multi ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion formWriteFacMac der Datei /goform/WriteFacMac. Durch die Manipulation des Arguments mac mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC15", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.05.18" + }, + { + "version_affected": "=", + "version_value": "15.03.20_multi" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257667", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257667" + }, + { + "url": "https://vuldb.com/?ctiid.257667", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257667" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWriteFacMac.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWriteFacMac.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2813.json b/2024/2xxx/CVE-2024-2813.json index ca12c679698..0aa43a99c33 100644 --- a/2024/2xxx/CVE-2024-2813.json +++ b/2024/2xxx/CVE-2024-2813.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2813", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Tenda AC15 15.03.20_multi wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion form_fast_setting_wifi_set der Datei /goform/fast_setting_wifi_set. Durch Manipulation des Arguments ssid mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC15", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.20_multi" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257668", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257668" + }, + { + "url": "https://vuldb.com/?ctiid.257668", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257668" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/form_fast_setting_wifi_set.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/form_fast_setting_wifi_set.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2814.json b/2024/2xxx/CVE-2024-2814.json index 36cfb7e7d88..6423ed239df 100644 --- a/2024/2xxx/CVE-2024-2814.json +++ b/2024/2xxx/CVE-2024-2814.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2814", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Tenda AC15 15.03.20_multi ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion fromDhcpListClient der Datei /goform/DhcpListClient. Mittels dem Manipulieren des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC15", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.20_multi" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257669", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257669" + }, + { + "url": "https://vuldb.com/?ctiid.257669", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257669" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromDhcpListClient_page.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromDhcpListClient_page.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2815.json b/2024/2xxx/CVE-2024-2815.json index b140e639acf..6586fa2d9ee 100644 --- a/2024/2xxx/CVE-2024-2815.json +++ b/2024/2xxx/CVE-2024-2815.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2815", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand of the component Cookie Handler. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in Tenda AC15 15.03.20_multi entdeckt. Es betrifft die Funktion R7WebsSecurityHandler der Datei /goform/execCommand der Komponente Cookie Handler. Mittels Manipulieren des Arguments password mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC15", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.20_multi" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257670", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257670" + }, + { + "url": "https://vuldb.com/?ctiid.257670", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257670" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/R7WebsSecurityHandler.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/R7WebsSecurityHandler.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_tutu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/2xxx/CVE-2024-2816.json b/2024/2xxx/CVE-2024-2816.json index 6fe8347c398..69d57aa18db 100644 --- a/2024/2xxx/CVE-2024-2816.json +++ b/2024/2xxx/CVE-2024-2816.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2816", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Tenda AC15 15.03.05.18 wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion fromSysToolReboot der Datei /goform/SysToolReboot. Durch das Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC15", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.05.18" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257671", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257671" + }, + { + "url": "https://vuldb.com/?ctiid.257671", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257671" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolReboot.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolReboot.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_tutu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2024/2xxx/CVE-2024-2817.json b/2024/2xxx/CVE-2024-2817.json index a17104be974..23e5de16cd4 100644 --- a/2024/2xxx/CVE-2024-2817.json +++ b/2024/2xxx/CVE-2024-2817.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2817", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Tenda AC15 15.03.05.18 entdeckt. Dies betrifft die Funktion fromSysToolRestoreSet der Datei /goform/SysToolRestoreSet. Durch Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC15", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "15.03.05.18" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.257672", + "refsource": "MISC", + "name": "https://vuldb.com/?id.257672" + }, + { + "url": "https://vuldb.com/?ctiid.257672", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.257672" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolRestoreSet.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolRestoreSet.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_tutu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2024/2xxx/CVE-2024-2818.json b/2024/2xxx/CVE-2024-2818.json new file mode 100644 index 00000000000..5dfc1fe96b5 --- /dev/null +++ b/2024/2xxx/CVE-2024-2818.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2818", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2819.json b/2024/2xxx/CVE-2024-2819.json new file mode 100644 index 00000000000..f3704ebad86 --- /dev/null +++ b/2024/2xxx/CVE-2024-2819.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2819", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30059.json b/2024/30xxx/CVE-2024-30059.json new file mode 100644 index 00000000000..3bc752c81e5 --- /dev/null +++ b/2024/30xxx/CVE-2024-30059.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30059", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30060.json b/2024/30xxx/CVE-2024-30060.json new file mode 100644 index 00000000000..49112fe7e16 --- /dev/null +++ b/2024/30xxx/CVE-2024-30060.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30060", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30061.json b/2024/30xxx/CVE-2024-30061.json new file mode 100644 index 00000000000..92601bfa2e0 --- /dev/null +++ b/2024/30xxx/CVE-2024-30061.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30061", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30062.json b/2024/30xxx/CVE-2024-30062.json new file mode 100644 index 00000000000..859f8c93138 --- /dev/null +++ b/2024/30xxx/CVE-2024-30062.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30062", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30063.json b/2024/30xxx/CVE-2024-30063.json new file mode 100644 index 00000000000..419ba33ee66 --- /dev/null +++ b/2024/30xxx/CVE-2024-30063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30064.json b/2024/30xxx/CVE-2024-30064.json new file mode 100644 index 00000000000..50a9077dcd9 --- /dev/null +++ b/2024/30xxx/CVE-2024-30064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30065.json b/2024/30xxx/CVE-2024-30065.json new file mode 100644 index 00000000000..85a04c6d2d1 --- /dev/null +++ b/2024/30xxx/CVE-2024-30065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30066.json b/2024/30xxx/CVE-2024-30066.json new file mode 100644 index 00000000000..3c1a2dced83 --- /dev/null +++ b/2024/30xxx/CVE-2024-30066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30067.json b/2024/30xxx/CVE-2024-30067.json new file mode 100644 index 00000000000..dd03d1e07fc --- /dev/null +++ b/2024/30xxx/CVE-2024-30067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30068.json b/2024/30xxx/CVE-2024-30068.json new file mode 100644 index 00000000000..ba2c0ee589e --- /dev/null +++ b/2024/30xxx/CVE-2024-30068.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30068", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30069.json b/2024/30xxx/CVE-2024-30069.json new file mode 100644 index 00000000000..34e88e5f83b --- /dev/null +++ b/2024/30xxx/CVE-2024-30069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30070.json b/2024/30xxx/CVE-2024-30070.json new file mode 100644 index 00000000000..3c65740bb57 --- /dev/null +++ b/2024/30xxx/CVE-2024-30070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30071.json b/2024/30xxx/CVE-2024-30071.json new file mode 100644 index 00000000000..e2cb4b16824 --- /dev/null +++ b/2024/30xxx/CVE-2024-30071.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30071", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30072.json b/2024/30xxx/CVE-2024-30072.json new file mode 100644 index 00000000000..b186d068b6d --- /dev/null +++ b/2024/30xxx/CVE-2024-30072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30073.json b/2024/30xxx/CVE-2024-30073.json new file mode 100644 index 00000000000..3583bb1b579 --- /dev/null +++ b/2024/30xxx/CVE-2024-30073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30074.json b/2024/30xxx/CVE-2024-30074.json new file mode 100644 index 00000000000..1e834265ef1 --- /dev/null +++ b/2024/30xxx/CVE-2024-30074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30075.json b/2024/30xxx/CVE-2024-30075.json new file mode 100644 index 00000000000..d41622c3c65 --- /dev/null +++ b/2024/30xxx/CVE-2024-30075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30076.json b/2024/30xxx/CVE-2024-30076.json new file mode 100644 index 00000000000..7fcdf1b2032 --- /dev/null +++ b/2024/30xxx/CVE-2024-30076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30077.json b/2024/30xxx/CVE-2024-30077.json new file mode 100644 index 00000000000..ff9cbf200ba --- /dev/null +++ b/2024/30xxx/CVE-2024-30077.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30077", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30078.json b/2024/30xxx/CVE-2024-30078.json new file mode 100644 index 00000000000..c10d0cc5d46 --- /dev/null +++ b/2024/30xxx/CVE-2024-30078.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30078", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30079.json b/2024/30xxx/CVE-2024-30079.json new file mode 100644 index 00000000000..3aa12a33e1c --- /dev/null +++ b/2024/30xxx/CVE-2024-30079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30080.json b/2024/30xxx/CVE-2024-30080.json new file mode 100644 index 00000000000..a7f2d68e239 --- /dev/null +++ b/2024/30xxx/CVE-2024-30080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30081.json b/2024/30xxx/CVE-2024-30081.json new file mode 100644 index 00000000000..3740aa7593d --- /dev/null +++ b/2024/30xxx/CVE-2024-30081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30082.json b/2024/30xxx/CVE-2024-30082.json new file mode 100644 index 00000000000..96300fa4780 --- /dev/null +++ b/2024/30xxx/CVE-2024-30082.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30082", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30083.json b/2024/30xxx/CVE-2024-30083.json new file mode 100644 index 00000000000..3015a5fb576 --- /dev/null +++ b/2024/30xxx/CVE-2024-30083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30084.json b/2024/30xxx/CVE-2024-30084.json new file mode 100644 index 00000000000..b3a5d50a1d0 --- /dev/null +++ b/2024/30xxx/CVE-2024-30084.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30084", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30085.json b/2024/30xxx/CVE-2024-30085.json new file mode 100644 index 00000000000..d44aead7708 --- /dev/null +++ b/2024/30xxx/CVE-2024-30085.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30085", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30086.json b/2024/30xxx/CVE-2024-30086.json new file mode 100644 index 00000000000..dcd5be6041b --- /dev/null +++ b/2024/30xxx/CVE-2024-30086.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30086", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30087.json b/2024/30xxx/CVE-2024-30087.json new file mode 100644 index 00000000000..c60fbfb8594 --- /dev/null +++ b/2024/30xxx/CVE-2024-30087.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30087", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30088.json b/2024/30xxx/CVE-2024-30088.json new file mode 100644 index 00000000000..de72c20f677 --- /dev/null +++ b/2024/30xxx/CVE-2024-30088.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30088", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30089.json b/2024/30xxx/CVE-2024-30089.json new file mode 100644 index 00000000000..6779c25fbd1 --- /dev/null +++ b/2024/30xxx/CVE-2024-30089.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30089", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30090.json b/2024/30xxx/CVE-2024-30090.json new file mode 100644 index 00000000000..b3505c46a3a --- /dev/null +++ b/2024/30xxx/CVE-2024-30090.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30090", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30091.json b/2024/30xxx/CVE-2024-30091.json new file mode 100644 index 00000000000..fbfebc7e7ae --- /dev/null +++ b/2024/30xxx/CVE-2024-30091.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30091", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30092.json b/2024/30xxx/CVE-2024-30092.json new file mode 100644 index 00000000000..3fea8c673fc --- /dev/null +++ b/2024/30xxx/CVE-2024-30092.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30092", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30093.json b/2024/30xxx/CVE-2024-30093.json new file mode 100644 index 00000000000..14eb2ac9c06 --- /dev/null +++ b/2024/30xxx/CVE-2024-30093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30094.json b/2024/30xxx/CVE-2024-30094.json new file mode 100644 index 00000000000..a83b442f424 --- /dev/null +++ b/2024/30xxx/CVE-2024-30094.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30094", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30095.json b/2024/30xxx/CVE-2024-30095.json new file mode 100644 index 00000000000..f6e57099556 --- /dev/null +++ b/2024/30xxx/CVE-2024-30095.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30095", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/30xxx/CVE-2024-30096.json b/2024/30xxx/CVE-2024-30096.json new file mode 100644 index 00000000000..e21a59d30bc --- /dev/null +++ b/2024/30xxx/CVE-2024-30096.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-30096", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file