diff --git a/2023/43xxx/CVE-2023-43787.json b/2023/43xxx/CVE-2023-43787.json index f3df2817296..0debdec67fe 100644 --- a/2023/43xxx/CVE-2023-43787.json +++ b/2023/43xxx/CVE-2023-43787.json @@ -159,6 +159,11 @@ "url": "http://www.openwall.com/lists/oss-security/2024/01/24/9", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2024/01/24/9" + }, + { + "url": "https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/", + "refsource": "MISC", + "name": "https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/" } ] }, diff --git a/2024/22xxx/CVE-2024-22252.json b/2024/22xxx/CVE-2024-22252.json index f59ef02696b..4dfc6b4e90f 100644 --- a/2024/22xxx/CVE-2024-22252.json +++ b/2024/22xxx/CVE-2024-22252.json @@ -1,17 +1,136 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22252", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware ESXi", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.0 ", + "version_value": "ESXi80U2sb-23305545" + }, + { + "version_affected": "<", + "version_name": "8.0", + "version_value": "ESXi80U1d-23299997" + }, + { + "version_affected": "<", + "version_name": "7.0", + "version_value": "ESXi70U3p-23307199" + } + ] + } + }, + { + "product_name": "VMware Workstation", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.x", + "version_value": "17.5.1" + } + ] + } + }, + { + "product_name": "VMware Fusion", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.x", + "version_value": "13.5.1" + } + ] + } + }, + { + "product_name": "VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.x" + }, + { + "version_affected": "=", + "version_value": "4.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html", + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22253.json b/2024/22xxx/CVE-2024-22253.json index 09bedfb99f7..7af8272c4dc 100644 --- a/2024/22xxx/CVE-2024-22253.json +++ b/2024/22xxx/CVE-2024-22253.json @@ -1,17 +1,131 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22253", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware ESXi", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.0", + "version_value": "ESXi80U2sb-23305545" + }, + { + "version_affected": "<", + "version_name": "7.0", + "version_value": "ESXi70U3p-23307199" + } + ] + } + }, + { + "product_name": "VMware Workstation", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.x", + "version_value": "17.5.1" + } + ] + } + }, + { + "product_name": "VMware Fusion", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.x", + "version_value": "13.5.1" + } + ] + } + }, + { + "product_name": "VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.x" + }, + { + "version_affected": "=", + "version_value": "4.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html", + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22254.json b/2024/22xxx/CVE-2024-22254.json index 2984f9164a5..ddfc85108be 100644 --- a/2024/22xxx/CVE-2024-22254.json +++ b/2024/22xxx/CVE-2024-22254.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22254", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware ESXi contains an out-of-bounds write vulnerability.\u00a0A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.\n\n\n\n\n\n\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware ESXi", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.0", + "version_value": "ESXi80U2sb-23305545" + }, + { + "version_affected": "<", + "version_name": "7.0", + "version_value": "ESXi70U3p-23307199" + } + ] + } + }, + { + "product_name": "VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.x" + }, + { + "version_affected": "=", + "version_value": "4.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html", + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22255.json b/2024/22xxx/CVE-2024-22255.json index 27f6382d299..6e8bb0c8f6a 100644 --- a/2024/22xxx/CVE-2024-22255.json +++ b/2024/22xxx/CVE-2024-22255.json @@ -1,17 +1,136 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22255", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller.\u00a0A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.\u00a0\u00a0\n\n\n\n\n\n\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware ESXi", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.0 ", + "version_value": "ESXi80U2sb-23305545" + }, + { + "version_affected": "<", + "version_name": "8.0", + "version_value": "ESXi80U1d-23299997" + }, + { + "version_affected": "<", + "version_name": "7.0", + "version_value": "ESXi70U3p-23307199" + } + ] + } + }, + { + "product_name": "VMware Workstation", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.x", + "version_value": "17.5.1" + } + ] + } + }, + { + "product_name": "VMware Fusion", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.x", + "version_value": "13.5.1" + } + ] + } + }, + { + "product_name": "VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.x" + }, + { + "version_affected": "=", + "version_value": "4.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html", + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22545.json b/2024/22xxx/CVE-2024-22545.json index 230ea4394a7..4198bb31992 100644 --- a/2024/22xxx/CVE-2024-22545.json +++ b/2024/22xxx/CVE-2024-22545.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows local unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function." + "value": "An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely." } ] }, diff --git a/2024/2xxx/CVE-2024-2195.json b/2024/2xxx/CVE-2024-2195.json new file mode 100644 index 00000000000..529e39020d6 --- /dev/null +++ b/2024/2xxx/CVE-2024-2195.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2195", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2196.json b/2024/2xxx/CVE-2024-2196.json new file mode 100644 index 00000000000..7544ec908f7 --- /dev/null +++ b/2024/2xxx/CVE-2024-2196.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2196", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2197.json b/2024/2xxx/CVE-2024-2197.json new file mode 100644 index 00000000000..54b45c9b7c1 --- /dev/null +++ b/2024/2xxx/CVE-2024-2197.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2197", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file