admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-15 16:00:32 +00:00
parent 77b4792b58
commit 5ab34bd311
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
96 changed files with 5884 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

257
2022/20xxx/CVE-2022-20656.json
View File

@ -1,17 +1,266 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20656",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system.\r\n\r\nThis vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to write arbitrary files to the host system.\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal: '../filedir'",
"cweId": "CWE-24"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Evolved Programmable Network Manager (EPNM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.1"
},
{
"version_affected": "=",
"version_value": "3.1.2"
},
{
"version_affected": "=",
"version_value": "1.2"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.3"
},
{
"version_affected": "=",
"version_value": "3.1"
},
{
"version_affected": "=",
"version_value": "3.0.3"
},
{
"version_affected": "=",
"version_value": "3.0.2"
},
{
"version_affected": "=",
"version_value": "3.0"
},
{
"version_affected": "=",
"version_value": "2.2"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "2.1"
},
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "4.1"
},
{
"version_affected": "=",
"version_value": "4.1.1"
},
{
"version_affected": "=",
"version_value": "4.0.3"
},
{
"version_affected": "=",
"version_value": "4.0.1"
},
{
"version_affected": "=",
"version_value": "4.0.2"
},
{
"version_affected": "=",
"version_value": "4.0"
},
{
"version_affected": "=",
"version_value": "5.0"
},
{
"version_affected": "=",
"version_value": "5.0.1"
},
{
"version_affected": "=",
"version_value": "5.1.1"
},
{
"version_affected": "=",
"version_value": "5.1"
},
{
"version_affected": "=",
"version_value": "5.0.2"
},
{
"version_affected": "=",
"version_value": "5.1.2"
}
]
}
},
{
"product_name": "Cisco Prime Infrastructure",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.1.5"
},
{
"version_affected": "=",
"version_value": "2.1"
},
{
"version_affected": "=",
"version_value": "2.0.0"
},
{
"version_affected": "=",
"version_value": "3.6.0"
},
{
"version_affected": "=",
"version_value": "3.7.0"
},
{
"version_affected": "=",
"version_value": "3.4.0"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2"
},
{
"version_affected": "=",
"version_value": "3.5.0"
},
{
"version_affected": "=",
"version_value": "3.2.0-FIPS"
},
{
"version_affected": "=",
"version_value": "2.2"
},
{
"version_affected": "=",
"version_value": "3.8.0-FED"
},
{
"version_affected": "=",
"version_value": "3.9.0"
},
{
"version_affected": "=",
"version_value": "3.8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ"
}
]
},
"source": {
"advisory": "cisco-sa-pi-epnm-path-trav-zws324yn",
"discovery": "EXTERNAL",
"defects": [
"CSCvz43433"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

252
2022/20xxx/CVE-2022-20657.json
View File

@ -1,17 +1,261 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20657",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Evolved Programmable Network Manager (EPNM)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.1"
},
{
"version_affected": "=",
"version_value": "3.1.2"
},
{
"version_affected": "=",
"version_value": "1.2"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.3"
},
{
"version_affected": "=",
"version_value": "3.1"
},
{
"version_affected": "=",
"version_value": "3.0.3"
},
{
"version_affected": "=",
"version_value": "3.0.2"
},
{
"version_affected": "=",
"version_value": "3.0"
},
{
"version_affected": "=",
"version_value": "2.2"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "2.1"
},
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "4.1"
},
{
"version_affected": "=",
"version_value": "4.1.1"
},
{
"version_affected": "=",
"version_value": "4.0.3"
},
{
"version_affected": "=",
"version_value": "4.0.1"
},
{
"version_affected": "=",
"version_value": "4.0.2"
},
{
"version_affected": "=",
"version_value": "4.0"
},
{
"version_affected": "=",
"version_value": "5.0"
},
{
"version_affected": "=",
"version_value": "5.0.1"
},
{
"version_affected": "=",
"version_value": "5.1.1"
},
{
"version_affected": "=",
"version_value": "5.1"
},
{
"version_affected": "=",
"version_value": "5.0.2"
},
{
"version_affected": "=",
"version_value": "5.1.2"
}
]
}
},
{
"product_name": "Cisco Prime Infrastructure",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.1.5"
},
{
"version_affected": "=",
"version_value": "2.1"
},
{
"version_affected": "=",
"version_value": "2.0.0"
},
{
"version_affected": "=",
"version_value": "3.6.0"
},
{
"version_affected": "=",
"version_value": "3.7.0"
},
{
"version_affected": "=",
"version_value": "3.4.0"
},
{
"version_affected": "=",
"version_value": "3.3.0"
},
{
"version_affected": "=",
"version_value": "3.2"
},
{
"version_affected": "=",
"version_value": "3.5.0"
},
{
"version_affected": "=",
"version_value": "3.2.0-FIPS"
},
{
"version_affected": "=",
"version_value": "2.2"
},
{
"version_affected": "=",
"version_value": "3.8.0-FED"
},
{
"version_affected": "=",
"version_value": "3.9.0"
},
{
"version_affected": "=",
"version_value": "3.8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn"
}
]
},
"source": {
"advisory": "cisco-sa-pi-epnm-path-trav-zws324yn",
"discovery": "EXTERNAL",
"defects": [
"CSCvz43419"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

85
2022/20xxx/CVE-2022-20663.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\nThe vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Secure Network Analytics",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ"
}
]
},
"source": {
"advisory": "cisco-sa-sna-xss-NXOxDhRQ",
"discovery": "INTERNAL",
"defects": [
"CSCwa15377"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

516
2022/20xxx/CVE-2022-20685.json
View File

@ -1,17 +1,525 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20685",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\nThis vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Cyber Vision",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.0"
},
{
"version_affected": "=",
"version_value": "3.0.2"
},
{
"version_affected": "=",
"version_value": "3.0.3"
},
{
"version_affected": "=",
"version_value": "3.0.1"
},
{
"version_affected": "=",
"version_value": "3.1.0"
},
{
"version_affected": "=",
"version_value": "3.0.4"
},
{
"version_affected": "=",
"version_value": "3.1.1"
},
{
"version_affected": "=",
"version_value": "3.1.2"
},
{
"version_affected": "=",
"version_value": "3.2.0"
},
{
"version_affected": "=",
"version_value": "3.0.5"
},
{
"version_affected": "=",
"version_value": "3.2.1"
},
{
"version_affected": "=",
"version_value": "3.0.6"
},
{
"version_affected": "=",
"version_value": "3.2.2"
},
{
"version_affected": "=",
"version_value": "3.2.3"
},
{
"version_affected": "=",
"version_value": "3.2.4"
},
{
"version_affected": "=",
"version_value": "4.0.0"
},
{
"version_affected": "=",
"version_value": "4.0.1"
}
]
}
},
{
"product_name": "Cisco Firepower Threat Defense Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.2.3.14"
},
{
"version_affected": "=",
"version_value": "6.4.0.1"
},
{
"version_affected": "=",
"version_value": "6.2.3.7"
},
{
"version_affected": "=",
"version_value": "6.2.3"
},
{
"version_affected": "=",
"version_value": "6.4.0.2"
},
{
"version_affected": "=",
"version_value": "6.2.3.9"
},
{
"version_affected": "=",
"version_value": "6.2.3.1"
},
{
"version_affected": "=",
"version_value": "6.2.3.2"
},
{
"version_affected": "=",
"version_value": "6.4.0.5"
},
{
"version_affected": "=",
"version_value": "6.2.3.10"
},
{
"version_affected": "=",
"version_value": "6.4.0"
},
{
"version_affected": "=",
"version_value": "6.4.0.3"
},
{
"version_affected": "=",
"version_value": "6.2.3.6"
},
{
"version_affected": "=",
"version_value": "6.4.0.4"
},
{
"version_affected": "=",
"version_value": "6.2.3.15"
},
{
"version_affected": "=",
"version_value": "6.2.3.5"
},
{
"version_affected": "=",
"version_value": "6.2.3.4"
},
{
"version_affected": "=",
"version_value": "6.2.3.3"
},
{
"version_affected": "=",
"version_value": "6.2.3.8"
},
{
"version_affected": "=",
"version_value": "6.4.0.6"
},
{
"version_affected": "=",
"version_value": "6.2.3.11"
},
{
"version_affected": "=",
"version_value": "6.2.3.12"
},
{
"version_affected": "=",
"version_value": "6.2.3.13"
},
{
"version_affected": "=",
"version_value": "6.4.0.7"
},
{
"version_affected": "=",
"version_value": "6.4.0.8"
},
{
"version_affected": "=",
"version_value": "6.6.0"
},
{
"version_affected": "=",
"version_value": "6.4.0.9"
},
{
"version_affected": "=",
"version_value": "6.2.3.16"
},
{
"version_affected": "=",
"version_value": "6.6.0.1"
},
{
"version_affected": "=",
"version_value": "6.6.1"
},
{
"version_affected": "=",
"version_value": "6.4.0.10"
},
{
"version_affected": "=",
"version_value": "6.7.0"
},
{
"version_affected": "=",
"version_value": "6.4.0.11"
},
{
"version_affected": "=",
"version_value": "6.6.3"
},
{
"version_affected": "=",
"version_value": "6.7.0.1"
},
{
"version_affected": "=",
"version_value": "6.6.4"
},
{
"version_affected": "=",
"version_value": "6.4.0.12"
},
{
"version_affected": "=",
"version_value": "6.7.0.2"
},
{
"version_affected": "=",
"version_value": "7.0.0"
},
{
"version_affected": "=",
"version_value": "6.2.3.17"
},
{
"version_affected": "=",
"version_value": "7.0.0.1"
},
{
"version_affected": "=",
"version_value": "6.6.5"
},
{
"version_affected": "=",
"version_value": "6.2.3.18"
},
{
"version_affected": "=",
"version_value": "6.7.0.3"
}
]
}
},
{
"product_name": "Cisco UTD SNORT IPS Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.17.1S"
},
{
"version_affected": "=",
"version_value": "16.12.3"
},
{
"version_affected": "=",
"version_value": "Fuji-16.9.5"
},
{
"version_affected": "=",
"version_value": "16.12.4"
},
{
"version_affected": "=",
"version_value": "17.3.1a"
},
{
"version_affected": "=",
"version_value": "16.6.6"
},
{
"version_affected": "=",
"version_value": "16.12.2"
},
{
"version_affected": "=",
"version_value": "Fuji-16.9.6"
},
{
"version_affected": "=",
"version_value": "3.17.0S"
},
{
"version_affected": "=",
"version_value": "Fuji-16.9.3"
},
{
"version_affected": "=",
"version_value": "Denali-16.3.7"
},
{
"version_affected": "=",
"version_value": "Fuji-16.9.2"
},
{
"version_affected": "=",
"version_value": "Fuji-16.9.4"
},
{
"version_affected": "=",
"version_value": "Everest-16.6.4"
},
{
"version_affected": "=",
"version_value": "Everest-16.6.3"
},
{
"version_affected": "=",
"version_value": "16.6.5"
},
{
"version_affected": "=",
"version_value": "Denali-16.3.5"
},
{
"version_affected": "=",
"version_value": "17.2.1r"
},
{
"version_affected": "=",
"version_value": "17.1.1"
},
{
"version_affected": "=",
"version_value": "Everest-16.6.2"
},
{
"version_affected": "=",
"version_value": "16.6.7a"
},
{
"version_affected": "=",
"version_value": "Denali-16.3.4"
},
{
"version_affected": "=",
"version_value": "16.6.1"
},
{
"version_affected": "=",
"version_value": "Denali-16.3.9"
},
{
"version_affected": "=",
"version_value": "Denali-16.3.3"
},
{
"version_affected": "=",
"version_value": "16.12.1a"
},
{
"version_affected": "=",
"version_value": "17.3.2"
},
{
"version_affected": "=",
"version_value": "17.4.1a"
},
{
"version_affected": "=",
"version_value": "16.12.5"
},
{
"version_affected": "=",
"version_value": "17.5.1"
},
{
"version_affected": "=",
"version_value": "Fuji-16.9.7"
},
{
"version_affected": "=",
"version_value": "16.6.9"
},
{
"version_affected": "=",
"version_value": "17.3.3"
},
{
"version_affected": "=",
"version_value": "17.5.1a"
},
{
"version_affected": "=",
"version_value": "17.3.4"
},
{
"version_affected": "=",
"version_value": "17.3.4a"
},
{
"version_affected": "=",
"version_value": "17.4.2"
},
{
"version_affected": "=",
"version_value": "17.4.1b"
},
{
"version_affected": "=",
"version_value": "17.6.1a"
},
{
"version_affected": "=",
"version_value": "16.6.10"
},
{
"version_affected": "=",
"version_value": "17.7.1a"
},
{
"version_affected": "=",
"version_value": "16.12.6"
},
{
"version_affected": "=",
"version_value": "Fuji-16.9.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ"
}
]
},
"source": {
"advisory": "cisco-sa-snort-dos-9D3hJLuj",
"discovery": "EXTERNAL",
"defects": [
"CSCvz27235"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

233
2022/20xxx/CVE-2022-20766.json
View File

@ -1,17 +1,242 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20766",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\nThis vulnerability is due to an out-of-bounds read when processing Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a service restart.Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Analog Telephone Adaptor (ATA) Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.16(1)"
},
{
"version_affected": "=",
"version_value": "2.16(2)"
},
{
"version_affected": "=",
"version_value": "2.1(6)"
},
{
"version_affected": "=",
"version_value": "2.14"
},
{
"version_affected": "=",
"version_value": "3.2(0)"
},
{
"version_affected": "=",
"version_value": "1.1(4)"
},
{
"version_affected": "=",
"version_value": "2.1(5)"
},
{
"version_affected": "=",
"version_value": "3.2(1)"
},
{
"version_affected": "=",
"version_value": "2.15"
},
{
"version_affected": "=",
"version_value": "1.0(0)"
},
{
"version_affected": "=",
"version_value": "1.34"
},
{
"version_affected": "=",
"version_value": "3.1(1)"
},
{
"version_affected": "=",
"version_value": "3.2(4)"
},
{
"version_affected": "=",
"version_value": "3.0(0)"
},
{
"version_affected": "=",
"version_value": "3.2(3)"
},
{
"version_affected": "=",
"version_value": "3.1(0)"
},
{
"version_affected": "=",
"version_value": "3.1(2)"
},
{
"version_affected": "=",
"version_value": "1.2.1"
},
{
"version_affected": "=",
"version_value": "1.2.2"
},
{
"version_affected": "=",
"version_value": "1.2.2 SR1"
},
{
"version_affected": "=",
"version_value": "1.1.2"
},
{
"version_affected": "=",
"version_value": "1.1.0"
},
{
"version_affected": "=",
"version_value": "1.1.1"
},
{
"version_affected": "=",
"version_value": "9.0(3)"
},
{
"version_affected": "=",
"version_value": "9.2(3)"
},
{
"version_affected": "=",
"version_value": "9.2(1)"
},
{
"version_affected": "=",
"version_value": "12.0.1 SR2"
},
{
"version_affected": "=",
"version_value": "11.1.0"
},
{
"version_affected": "=",
"version_value": "12.0.1 SR1"
},
{
"version_affected": "=",
"version_value": "11.1.0 MSR1"
},
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "11.1.0 MSR2"
},
{
"version_affected": "=",
"version_value": "11.1.0 MSR3"
},
{
"version_affected": "=",
"version_value": "1.2.2 SR2"
},
{
"version_affected": "=",
"version_value": "11.1.0 MSR4"
},
{
"version_affected": "=",
"version_value": "12.0.1 SR3"
},
{
"version_affected": "=",
"version_value": "11.2.1"
},
{
"version_affected": "=",
"version_value": "12.0.1 SR4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs"
}
]
},
"source": {
"advisory": "cisco-sa-ata19x-multivuln-GEZYVvs",
"discovery": "EXTERNAL",
"defects": [
"CSCwa24849"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
}
]
}

256
2022/20xxx/CVE-2022-20793.json
View File

@ -1,17 +1,265 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20793",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device.\r\nThis vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Required Cryptographic Step",
"cweId": "CWE-325"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco RoomOS Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
},
{
"product_name": "Cisco TelePresence Endpoint Software (TC/CE)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "CE9.10.2"
},
{
"version_affected": "=",
"version_value": "CE9.1.4"
},
{
"version_affected": "=",
"version_value": "CE9.10.3"
},
{
"version_affected": "=",
"version_value": "CE9.1.5"
},
{
"version_affected": "=",
"version_value": "CE9.10.1"
},
{
"version_affected": "=",
"version_value": "CE9.13.0"
},
{
"version_affected": "=",
"version_value": "CE9.1.1"
},
{
"version_affected": "=",
"version_value": "CE9.9.4"
},
{
"version_affected": "=",
"version_value": "CE9.2.1"
},
{
"version_affected": "=",
"version_value": "CE9.1.3"
},
{
"version_affected": "=",
"version_value": "CE9.1.6"
},
{
"version_affected": "=",
"version_value": "CE9.12.3"
},
{
"version_affected": "=",
"version_value": "CE9.13.1"
},
{
"version_affected": "=",
"version_value": "CE9.12.4"
},
{
"version_affected": "=",
"version_value": "CE9.14.3"
},
{
"version_affected": "=",
"version_value": "CE9.14.4"
},
{
"version_affected": "=",
"version_value": "CE9.13.2"
},
{
"version_affected": "=",
"version_value": "CE9.12.5"
},
{
"version_affected": "=",
"version_value": "CE9.14.5"
},
{
"version_affected": "=",
"version_value": "CE9.15.0.10"
},
{
"version_affected": "=",
"version_value": "CE9.15.0.11"
},
{
"version_affected": "=",
"version_value": "CE9.13.3"
},
{
"version_affected": "=",
"version_value": "CE9.15.0.13"
},
{
"version_affected": "=",
"version_value": "CE9.14.6"
},
{
"version_affected": "=",
"version_value": "CE9.15.3.17"
},
{
"version_affected": "=",
"version_value": "CE9.14.7"
},
{
"version_affected": "=",
"version_value": "CE9.15.0.19"
},
{
"version_affected": "=",
"version_value": "CE9.15.3.19"
},
{
"version_affected": "=",
"version_value": "CE9.15.3.18"
},
{
"version_affected": "=",
"version_value": "CE9.0.1"
},
{
"version_affected": "=",
"version_value": "CE9.2.2"
},
{
"version_affected": "=",
"version_value": "CE9.1.2"
},
{
"version_affected": "=",
"version_value": "CE9.9.3"
},
{
"version_affected": "=",
"version_value": "CE9.2.4"
},
{
"version_affected": "=",
"version_value": "CE9.2.3"
},
{
"version_affected": "=",
"version_value": "CE9.15.3.22"
},
{
"version_affected": "=",
"version_value": "CE9.15.8.12"
},
{
"version_affected": "=",
"version_value": "CE9.15.10.8"
},
{
"version_affected": "=",
"version_value": "CE9.15.3.26"
},
{
"version_affected": "=",
"version_value": "CE9.15.3.25"
},
{
"version_affected": "=",
"version_value": "CE9.15.13.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj"
}
]
},
"source": {
"advisory": "cisco-sa-CTT-IVV-4A66Dsfj",
"discovery": "INTERNAL",
"defects": [
"CSCvw08723"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

336
2022/20xxx/CVE-2022-20814.json
View File

@ -1,17 +1,345 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20814",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.  The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.\r\nNote: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Certificate Validation",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Video Communication Server (VCS) Expressway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "X8.11.2"
},
{
"version_affected": "=",
"version_value": "X8.6"
},
{
"version_affected": "=",
"version_value": "X8.11.3"
},
{
"version_affected": "=",
"version_value": "X8.2.2"
},
{
"version_affected": "=",
"version_value": "X8.8.3"
},
{
"version_affected": "=",
"version_value": "X8.11.0"
},
{
"version_affected": "=",
"version_value": "X12.5.2"
},
{
"version_affected": "=",
"version_value": "X8.1.1"
},
{
"version_affected": "=",
"version_value": "X8.9"
},
{
"version_affected": "=",
"version_value": "X12.5.1"
},
{
"version_affected": "=",
"version_value": "X12.5.6"
},
{
"version_affected": "=",
"version_value": "X8.7.3"
},
{
"version_affected": "=",
"version_value": "X12.6.0"
},
{
"version_affected": "=",
"version_value": "X8.11.1"
},
{
"version_affected": "=",
"version_value": "X8.5"
},
{
"version_affected": "=",
"version_value": "X8.9.1"
},
{
"version_affected": "=",
"version_value": "X8.10.2"
},
{
"version_affected": "=",
"version_value": "X8.8.2"
},
{
"version_affected": "=",
"version_value": "X8.5.3"
},
{
"version_affected": "=",
"version_value": "X8.1"
},
{
"version_affected": "=",
"version_value": "X8.9.2"
},
{
"version_affected": "=",
"version_value": "X8.11.4"
},
{
"version_affected": "=",
"version_value": "X12.5.4"
},
{
"version_affected": "=",
"version_value": "X8.8.1"
},
{
"version_affected": "=",
"version_value": "X8.2.1"
},
{
"version_affected": "=",
"version_value": "X8.5.1"
},
{
"version_affected": "=",
"version_value": "X8.6.1"
},
{
"version_affected": "=",
"version_value": "X8.1.2"
},
{
"version_affected": "=",
"version_value": "X8.8"
},
{
"version_affected": "=",
"version_value": "X8.10.0"
},
{
"version_affected": "=",
"version_value": "X12.5.3"
},
{
"version_affected": "=",
"version_value": "X8.10.1"
},
{
"version_affected": "=",
"version_value": "X12.5.7"
},
{
"version_affected": "=",
"version_value": "X8.10.3"
},
{
"version_affected": "=",
"version_value": "X8.7.1"
},
{
"version_affected": "=",
"version_value": "X8.2"
},
{
"version_affected": "=",
"version_value": "X12.5.8"
},
{
"version_affected": "=",
"version_value": "X8.7"
},
{
"version_affected": "=",
"version_value": "X8.5.2"
},
{
"version_affected": "=",
"version_value": "X12.5.9"
},
{
"version_affected": "=",
"version_value": "X12.5.0"
},
{
"version_affected": "=",
"version_value": "X8.10.4"
},
{
"version_affected": "=",
"version_value": "X8.7.2"
},
{
"version_affected": "=",
"version_value": "X12.5.5"
},
{
"version_affected": "=",
"version_value": "X12.6.1"
},
{
"version_affected": "=",
"version_value": "X12.6.2"
},
{
"version_affected": "=",
"version_value": "X12.6.3"
},
{
"version_affected": "=",
"version_value": "X12.6.4"
},
{
"version_affected": "=",
"version_value": "X12.7.0"
},
{
"version_affected": "=",
"version_value": "X12.7.1"
},
{
"version_affected": "=",
"version_value": "X14.0.0"
},
{
"version_affected": "=",
"version_value": "X14.0.1"
},
{
"version_affected": "=",
"version_value": "X14.0.2"
},
{
"version_affected": "=",
"version_value": "X14.0.3"
},
{
"version_affected": "=",
"version_value": "X14.0.4"
},
{
"version_affected": "=",
"version_value": "X14.0.5"
},
{
"version_affected": "=",
"version_value": "X14.0.6"
},
{
"version_affected": "=",
"version_value": "X14.0.7"
},
{
"version_affected": "=",
"version_value": "X14.0.8"
},
{
"version_affected": "=",
"version_value": "X14.0.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2"
}
]
},
"source": {
"advisory": "cisco-sa-expressway-csrf-sqpsSfY6",
"discovery": "INTERNAL",
"defects": [
"CSCwa25108"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

110
2022/20xxx/CVE-2022-20845.json
View File

@ -1,17 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20845",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the TL1 function of Cisco Network Convergence System (NCS) 4000 Series could allow an authenticated, local attacker to cause a memory leak in the TL1 process.\r\nThis vulnerability is due to TL1 not freeing memory under some conditions. An attacker could exploit this vulnerability by connecting to the device and issuing TL1 commands after being authenticated. A successful exploit could allow the attacker to cause the TL1 process to consume large amounts of memory. When the memory reaches a threshold, the Resource Monitor (Resmon) process will begin to restart or shutdown the top five consumers of memory, resulting in a denial of service (DoS).Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Memory Allocation",
"cweId": "CWE-789"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.5.29"
},
{
"version_affected": "=",
"version_value": "6.5.26"
},
{
"version_affected": "=",
"version_value": "6.5.25"
},
{
"version_affected": "=",
"version_value": "6.5.28"
},
{
"version_affected": "=",
"version_value": "6.5.31"
},
{
"version_affected": "=",
"version_value": "6.5.32"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt"
}
]
},
"source": {
"advisory": "cisco-sa-ncs4k-tl1-GNnLwC6",
"discovery": "INTERNAL",
"defects": [
"CSCwb16005"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

331
2022/20xxx/CVE-2022-20846.json
View File

@ -1,17 +1,340 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20846",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device.\r\nThis vulnerability is due to a heap buffer overflow in certain Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow, which could cause the Cisco Discovery Protocol process to reload on the device. The bytes that can be written in the buffer overflow are restricted, which limits remote code execution.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.5.3"
},
{
"version_affected": "=",
"version_value": "6.5.29"
},
{
"version_affected": "=",
"version_value": "6.5.1"
},
{
"version_affected": "=",
"version_value": "6.6.1"
},
{
"version_affected": "=",
"version_value": "6.5.2"
},
{
"version_affected": "=",
"version_value": "6.5.92"
},
{
"version_affected": "=",
"version_value": "6.5.15"
},
{
"version_affected": "=",
"version_value": "6.6.2"
},
{
"version_affected": "=",
"version_value": "7.0.1"
},
{
"version_affected": "=",
"version_value": "6.6.25"
},
{
"version_affected": "=",
"version_value": "6.5.26"
},
{
"version_affected": "=",
"version_value": "6.6.11"
},
{
"version_affected": "=",
"version_value": "6.5.25"
},
{
"version_affected": "=",
"version_value": "6.5.28"
},
{
"version_affected": "=",
"version_value": "6.5.93"
},
{
"version_affected": "=",
"version_value": "6.6.12"
},
{
"version_affected": "=",
"version_value": "6.5.90"
},
{
"version_affected": "=",
"version_value": "7.0.0"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.0.90"
},
{
"version_affected": "=",
"version_value": "6.6.3"
},
{
"version_affected": "=",
"version_value": "6.7.1"
},
{
"version_affected": "=",
"version_value": "7.0.2"
},
{
"version_affected": "=",
"version_value": "7.1.15"
},
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "=",
"version_value": "7.2.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "6.7.2"
},
{
"version_affected": "=",
"version_value": "7.0.11"
},
{
"version_affected": "=",
"version_value": "7.0.12"
},
{
"version_affected": "=",
"version_value": "7.0.14"
},
{
"version_affected": "=",
"version_value": "7.1.25"
},
{
"version_affected": "=",
"version_value": "6.6.4"
},
{
"version_affected": "=",
"version_value": "7.2.12"
},
{
"version_affected": "=",
"version_value": "7.3.1"
},
{
"version_affected": "=",
"version_value": "7.1.3"
},
{
"version_affected": "=",
"version_value": "6.7.3"
},
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.2.2"
},
{
"version_affected": "=",
"version_value": "6.7.4"
},
{
"version_affected": "=",
"version_value": "6.5.31"
},
{
"version_affected": "=",
"version_value": "7.3.15"
},
{
"version_affected": "=",
"version_value": "7.3.16"
},
{
"version_affected": "=",
"version_value": "6.8.1"
},
{
"version_affected": "=",
"version_value": "7.4.15"
},
{
"version_affected": "=",
"version_value": "6.5.32"
},
{
"version_affected": "=",
"version_value": "7.3.2"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.4.16"
},
{
"version_affected": "=",
"version_value": "7.3.27"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.6.15"
},
{
"version_affected": "=",
"version_value": "7.5.12"
},
{
"version_affected": "=",
"version_value": "7.3.3"
},
{
"version_affected": "=",
"version_value": "6.8.2"
},
{
"version_affected": "=",
"version_value": "7.3.4"
},
{
"version_affected": "=",
"version_value": "7.4.2"
},
{
"version_affected": "=",
"version_value": "6.7.35"
},
{
"version_affected": "=",
"version_value": "6.9.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cdp-wnALzvT2"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs4k-tl1-GNnLwC6"
}
]
},
"source": {
"advisory": "cisco-sa-xr-cdp-wnALzvT2",
"discovery": "EXTERNAL",
"defects": [
"CSCwb23263"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco\u00a0PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
}
]
}

213
2022/20xxx/CVE-2022-20849.json
View File

@ -1,17 +1,222 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20849",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash.\r\nThis vulnerability exists because the PPPoE feature does not properly handle an error condition within a specific crafted packet sequence. An attacker could exploit this vulnerability by sending a sequence of specific PPPoE packets from controlled customer premises equipment (CPE). A successful exploit could allow the attacker to cause the PPPoE process to continually restart, resulting in a denial of service condition (DoS).Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unchecked Error Condition",
"cweId": "CWE-391"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.5.3"
},
{
"version_affected": "=",
"version_value": "6.6.1"
},
{
"version_affected": "=",
"version_value": "6.5.15"
},
{
"version_affected": "=",
"version_value": "7.0.1"
},
{
"version_affected": "=",
"version_value": "6.6.25"
},
{
"version_affected": "=",
"version_value": "6.6.2"
},
{
"version_affected": "=",
"version_value": "6.5.1"
},
{
"version_affected": "=",
"version_value": "6.5.2"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.0.90"
},
{
"version_affected": "=",
"version_value": "6.6.3"
},
{
"version_affected": "=",
"version_value": "6.7.1"
},
{
"version_affected": "=",
"version_value": "7.0.2"
},
{
"version_affected": "=",
"version_value": "7.1.15"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "7.2.1"
},
{
"version_affected": "=",
"version_value": "6.7.2"
},
{
"version_affected": "=",
"version_value": "7.1.25"
},
{
"version_affected": "=",
"version_value": "6.6.4"
},
{
"version_affected": "=",
"version_value": "7.3.1"
},
{
"version_affected": "=",
"version_value": "7.1.3"
},
{
"version_affected": "=",
"version_value": "6.7.3"
},
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.2.2"
},
{
"version_affected": "=",
"version_value": "6.8.1"
},
{
"version_affected": "=",
"version_value": "7.3.2"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.3.3"
},
{
"version_affected": "=",
"version_value": "6.8.2"
},
{
"version_affected": "=",
"version_value": "7.3.4"
},
{
"version_affected": "=",
"version_value": "7.4.2"
},
{
"version_affected": "=",
"version_value": "6.7.35"
},
{
"version_affected": "=",
"version_value": "6.9.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-bng-Gmg5Gxt",
"discovery": "EXTERNAL",
"defects": [
"CSCwa57311"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

332
2022/20xxx/CVE-2022-20853.json
View File

@ -1,17 +1,341 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20853",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r\nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Video Communication Server (VCS) Expressway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "X8.11.2"
},
{
"version_affected": "=",
"version_value": "X8.6"
},
{
"version_affected": "=",
"version_value": "X8.11.3"
},
{
"version_affected": "=",
"version_value": "X8.2.2"
},
{
"version_affected": "=",
"version_value": "X8.8.3"
},
{
"version_affected": "=",
"version_value": "X8.11.0"
},
{
"version_affected": "=",
"version_value": "X12.5.2"
},
{
"version_affected": "=",
"version_value": "X8.1.1"
},
{
"version_affected": "=",
"version_value": "X8.9"
},
{
"version_affected": "=",
"version_value": "X12.5.1"
},
{
"version_affected": "=",
"version_value": "X12.5.6"
},
{
"version_affected": "=",
"version_value": "X8.7.3"
},
{
"version_affected": "=",
"version_value": "X12.6.0"
},
{
"version_affected": "=",
"version_value": "X8.11.1"
},
{
"version_affected": "=",
"version_value": "X8.5"
},
{
"version_affected": "=",
"version_value": "X8.9.1"
},
{
"version_affected": "=",
"version_value": "X8.10.2"
},
{
"version_affected": "=",
"version_value": "X8.8.2"
},
{
"version_affected": "=",
"version_value": "X8.5.3"
},
{
"version_affected": "=",
"version_value": "X8.1"
},
{
"version_affected": "=",
"version_value": "X8.9.2"
},
{
"version_affected": "=",
"version_value": "X8.11.4"
},
{
"version_affected": "=",
"version_value": "X12.5.4"
},
{
"version_affected": "=",
"version_value": "X8.8.1"
},
{
"version_affected": "=",
"version_value": "X8.2.1"
},
{
"version_affected": "=",
"version_value": "X8.5.1"
},
{
"version_affected": "=",
"version_value": "X8.6.1"
},
{
"version_affected": "=",
"version_value": "X8.1.2"
},
{
"version_affected": "=",
"version_value": "X8.8"
},
{
"version_affected": "=",
"version_value": "X8.10.0"
},
{
"version_affected": "=",
"version_value": "X12.5.3"
},
{
"version_affected": "=",
"version_value": "X8.10.1"
},
{
"version_affected": "=",
"version_value": "X12.5.7"
},
{
"version_affected": "=",
"version_value": "X8.10.3"
},
{
"version_affected": "=",
"version_value": "X8.7.1"
},
{
"version_affected": "=",
"version_value": "X8.2"
},
{
"version_affected": "=",
"version_value": "X12.5.8"
},
{
"version_affected": "=",
"version_value": "X8.7"
},
{
"version_affected": "=",
"version_value": "X8.5.2"
},
{
"version_affected": "=",
"version_value": "X12.5.9"
},
{
"version_affected": "=",
"version_value": "X12.5.0"
},
{
"version_affected": "=",
"version_value": "X8.10.4"
},
{
"version_affected": "=",
"version_value": "X8.7.2"
},
{
"version_affected": "=",
"version_value": "X12.5.5"
},
{
"version_affected": "=",
"version_value": "X12.6.1"
},
{
"version_affected": "=",
"version_value": "X12.6.2"
},
{
"version_affected": "=",
"version_value": "X12.6.3"
},
{
"version_affected": "=",
"version_value": "X12.6.4"
},
{
"version_affected": "=",
"version_value": "X12.7.0"
},
{
"version_affected": "=",
"version_value": "X12.7.1"
},
{
"version_affected": "=",
"version_value": "X14.0.0"
},
{
"version_affected": "=",
"version_value": "X14.0.1"
},
{
"version_affected": "=",
"version_value": "X14.0.2"
},
{
"version_affected": "=",
"version_value": "X14.0.3"
},
{
"version_affected": "=",
"version_value": "X14.0.4"
},
{
"version_affected": "=",
"version_value": "X14.0.5"
},
{
"version_affected": "=",
"version_value": "X14.0.6"
},
{
"version_affected": "=",
"version_value": "X14.0.7"
},
{
"version_affected": "=",
"version_value": "X14.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8"
}
]
},
"source": {
"advisory": "cisco-sa-expressway-csrf-sqpsSfY6",
"discovery": "INTERNAL",
"defects": [
"CSCwa25097"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

135
2022/20xxx/CVE-2022-20871.json
View File

@ -1,17 +1,144 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20871",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.\r\nThis vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Secure Web Appliance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.5.3-002"
},
{
"version_affected": "=",
"version_value": "14.1.0-032"
},
{
"version_affected": "=",
"version_value": "14.1.0-047"
},
{
"version_affected": "=",
"version_value": "14.1.0-041"
},
{
"version_affected": "=",
"version_value": "14.0.2-012"
},
{
"version_affected": "=",
"version_value": "12.5.1-011"
},
{
"version_affected": "=",
"version_value": "12.5.2-007"
},
{
"version_affected": "=",
"version_value": "12.5.2-011"
},
{
"version_affected": "=",
"version_value": "14.5.0-498"
},
{
"version_affected": "=",
"version_value": "12.5.4-005"
},
{
"version_affected": "=",
"version_value": "12.5.4-011"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv"
}
]
},
"source": {
"advisory": "cisco-sa-wsa-prv-esc-8PdRU8t8",
"discovery": "EXTERNAL",
"defects": [
"CSCwb92675"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
}
]
}

245
2022/20xxx/CVE-2022-20931.json
View File

@ -1,17 +1,254 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20931",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device.\r\nThis vulnerability is due to insufficient version control. An attacker could exploit this vulnerability by installing an older version of Cisco TelePresence CE Software on an affected device. A successful exploit could allow the attacker to take advantage of vulnerabilities in older versions of the software.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Version-Control Repository to an Unauthorized Control Sphere",
"cweId": "CWE-527"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Endpoint Software (TC/CE)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "CE9.10.2"
},
{
"version_affected": "=",
"version_value": "CE9.1.4"
},
{
"version_affected": "=",
"version_value": "CE9.9.3"
},
{
"version_affected": "=",
"version_value": "CE9.10.3"
},
{
"version_affected": "=",
"version_value": "CE9.1.5"
},
{
"version_affected": "=",
"version_value": "CE9.2.4"
},
{
"version_affected": "=",
"version_value": "CE9.10.1"
},
{
"version_affected": "=",
"version_value": "CE9.13.0"
},
{
"version_affected": "=",
"version_value": "CE9.1.2"
},
{
"version_affected": "=",
"version_value": "CE9.1.1"
},
{
"version_affected": "=",
"version_value": "CE9.9.4"
},
{
"version_affected": "=",
"version_value": "CE9.2.1"
},
{
"version_affected": "=",
"version_value": "CE9.1.3"
},
{
"version_affected": "=",
"version_value": "CE9.0.1"
},
{
"version_affected": "=",
"version_value": "CE9.1.6"
},
{
"version_affected": "=",
"version_value": "CE9.12.4"
},
{
"version_affected": "=",
"version_value": "CE9.2.2"
},
{
"version_affected": "=",
"version_value": "CE9.12.3"
},
{
"version_affected": "=",
"version_value": "CE9.2.3"
},
{
"version_affected": "=",
"version_value": "CE9.13.1"
},
{
"version_affected": "=",
"version_value": "CE9.14.3"
},
{
"version_affected": "=",
"version_value": "CE9.14.4"
},
{
"version_affected": "=",
"version_value": "CE9.13.2"
},
{
"version_affected": "=",
"version_value": "CE9.12.5"
},
{
"version_affected": "=",
"version_value": "CE9.14.5"
},
{
"version_affected": "=",
"version_value": "CE9.15.0.10"
},
{
"version_affected": "=",
"version_value": "CE9.15.0.11"
},
{
"version_affected": "=",
"version_value": "CE9.13.3"
},
{
"version_affected": "=",
"version_value": "CE9.15.0.13"
},
{
"version_affected": "=",
"version_value": "CE9.14.6"
},
{
"version_affected": "=",
"version_value": "CE9.15.3.17"
},
{
"version_affected": "=",
"version_value": "CE9.14.7"
},
{
"version_affected": "=",
"version_value": "CE9.15.0.19"
},
{
"version_affected": "=",
"version_value": "CE9.15.3.19"
},
{
"version_affected": "=",
"version_value": "CE9.15.3.18"
},
{
"version_affected": "=",
"version_value": "CE9.15.3.22"
},
{
"version_affected": "=",
"version_value": "CE9.15.8.12"
},
{
"version_affected": "=",
"version_value": "CE9.15.10.8"
},
{
"version_affected": "=",
"version_value": "CE9.15.3.26"
},
{
"version_affected": "=",
"version_value": "CE9.15.3.25"
},
{
"version_affected": "=",
"version_value": "CE9.15.13.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-DAV-HSvEHHEt",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-DAV-HSvEHHEt"
}
]
},
"source": {
"advisory": "cisco-sa-CTT-DAV-HSvEHHEt",
"discovery": "INTERNAL",
"defects": [
"CSCvw12012"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

154
2022/20xxx/CVE-2022-20939.json
View File

@ -1,17 +1,163 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system.\r\nThis vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Storage of Sensitive Information",
"cweId": "CWE-922"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Smart Software Manager On-Prem",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7-202001"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "6.3.0"
},
{
"version_affected": "=",
"version_value": "8-202004"
},
{
"version_affected": "=",
"version_value": "5.1.0 (LD)"
},
{
"version_affected": "=",
"version_value": "8-202006"
},
{
"version_affected": "=",
"version_value": "1.2"
},
{
"version_affected": "=",
"version_value": "1.3"
},
{
"version_affected": "=",
"version_value": "8-202012"
},
{
"version_affected": "=",
"version_value": "8-202010"
},
{
"version_affected": "=",
"version_value": "8-202008"
},
{
"version_affected": "=",
"version_value": "8-202102"
},
{
"version_affected": "=",
"version_value": "1.4"
},
{
"version_affected": "=",
"version_value": "8-202105"
},
{
"version_affected": "=",
"version_value": "8-202108"
},
{
"version_affected": "=",
"version_value": "8-202112"
},
{
"version_affected": "=",
"version_value": "8-202201"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"
}
]
},
"source": {
"advisory": "cisco-sa-cssm-priv-esc-SEjz69dv",
"discovery": "EXTERNAL",
"defects": [
"CSCwb98281"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

90
2022/20xxx/CVE-2022-20948.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20948",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\nThis vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco BroadWorks",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-DAV-HSvEHHEt",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-DAV-HSvEHHEt"
}
]
},
"source": {
"advisory": "cisco-sa-bw-thinrcpt-xss-gSj4CecU",
"discovery": "INTERNAL",
"defects": [
"CSCwc84724"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

114
2024/11xxx/CVE-2024-11244.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11244",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in code-projects Farmacia 1.0. This vulnerability affects unknown code of the file /editar-cliente.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In code-projects Farmacia 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /editar-cliente.php. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "code-projects",
"product": {
"product_data": [
{
"product_name": "Farmacia",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.284680",
"refsource": "MISC",
"name": "https://vuldb.com/?id.284680"
},
{
"url": "https://vuldb.com/?ctiid.284680",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.284680"
},
{
"url": "https://vuldb.com/?submit.443177",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.443177"
},
{
"url": "https://github.com/zsx020121/cve/blob/main/sql.md",
"refsource": "MISC",
"name": "https://github.com/zsx020121/cve/blob/main/sql.md"
},
{
"url": "https://code-projects.org/",
"refsource": "MISC",
"name": "https://code-projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "zsx020121 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

114
2024/11xxx/CVE-2024-11245.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11245",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in code-projects Farmacia 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /editar-produto.php. Dank Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "code-projects",
"product": {
"product_data": [
{
"product_name": "Farmacia",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.284681",
"refsource": "MISC",
"name": "https://vuldb.com/?id.284681"
},
{
"url": "https://vuldb.com/?ctiid.284681",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.284681"
},
{
"url": "https://vuldb.com/?submit.443188",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.443188"
},
{
"url": "https://github.com/WEFNNTT/cve/blob/main/sql.md",
"refsource": "MISC",
"name": "https://github.com/WEFNNTT/cve/blob/main/sql.md"
},
{
"url": "https://code-projects.org/",
"refsource": "MISC",
"name": "https://code-projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "WEFNNTT (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

78
2024/41xxx/CVE-2024-41784.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41784",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot dot\" sequences (/.../) to view arbitrary files on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-32 Path Traversal: '...' (Triple Dot)",
"cweId": "CWE-32"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Sterling Secure Proxy",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7173631",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7173631"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

81
2024/49xxx/CVE-2024-49759.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49759",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Manage User Access\" page allows authenticated users to inject arbitrary JavaScript through the \"bill_name\" parameter when creating a new bill. This vulnerability can lead to the execution of malicious code when visiting the \"Bill Access\" dropdown in the user's \"Manage Access\" page, potentially compromising user sessions and allowing unauthorized actions. This vulnerability is fixed in 24.10.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "librenms",
"product": {
"product_data": [
{
"product_name": "librenms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 24.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-888j-pjqh-fx58",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-888j-pjqh-fx58"
},
{
"url": "https://github.com/librenms/librenms/commit/237f4d2e818170171dfad6efad36a275cd2ba8d0",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/commit/237f4d2e818170171dfad6efad36a275cd2ba8d0"
}
]
},
"source": {
"advisory": "GHSA-888j-pjqh-fx58",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

81
2024/49xxx/CVE-2024-49764.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49764",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Capture Debug Information\" page allows authenticated users to inject arbitrary JavaScript through the \"hostname\" parameter when creating a new device. This vulnerability results in the execution of malicious code when the \"Capture Debug Information\" page is visited, redirecting the user and sending non-httponly cookies to an attacker-controlled domain. This vulnerability is fixed in 24.10.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "librenms",
"product": {
"product_data": [
{
"product_name": "librenms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 24.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-rmr4-x6c9-jc68",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-rmr4-x6c9-jc68"
},
{
"url": "https://github.com/librenms/librenms/commit/af15eabbb1752985d36f337cecf137a947e170f6",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/commit/af15eabbb1752985d36f337cecf137a947e170f6"
}
]
},
"source": {
"advisory": "GHSA-rmr4-x6c9-jc68",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

81
2024/50xxx/CVE-2024-50350.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50350",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Port Settings\" page allows authenticated users to inject arbitrary JavaScript through the \"name\" parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the \"Port Settings\" page is visited after the affected Port Group is added to a device, potentially compromising user sessions and allowing unauthorized actions. This vulnerability is fixed in 24.10.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "librenms",
"product": {
"product_data": [
{
"product_name": "librenms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 24.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-xh4g-c9p6-5jxg",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-xh4g-c9p6-5jxg"
},
{
"url": "https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0"
}
]
},
"source": {
"advisory": "GHSA-xh4g-c9p6-5jxg",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

81
2024/50xxx/CVE-2024-50351.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50351",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the \"section\" parameter of the \"logs\" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious \"section\" parameter, potentially compromising their session and enabling unauthorized actions. The issue arises from a lack of sanitization in the \"report_this()\" function. This vulnerability is fixed in 24.10.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "librenms",
"product": {
"product_data": [
{
"product_name": "librenms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 24.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-v7w9-63xh-6r3w",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-v7w9-63xh-6r3w"
},
{
"url": "https://github.com/librenms/librenms/commit/6a14a9bd767c6e452e4df77a24126c3eeb93dcbf",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/commit/6a14a9bd767c6e452e4df77a24126c3eeb93dcbf"
}
]
},
"source": {
"advisory": "GHSA-v7w9-63xh-6r3w",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

81
2024/50xxx/CVE-2024-50352.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50352",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Services\" section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the \"name\" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "librenms",
"product": {
"product_data": [
{
"product_name": "librenms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 24.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-qr8f-5qqg-j3wg",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-qr8f-5qqg-j3wg"
},
{
"url": "https://github.com/librenms/librenms/commit/b4af778ca42c5839801f16ece53505bb7fa1e7bc",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/commit/b4af778ca42c5839801f16ece53505bb7fa1e7bc"
}
]
},
"source": {
"advisory": "GHSA-qr8f-5qqg-j3wg",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

81
2024/50xxx/CVE-2024-50355.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50355",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input in the device Display Name, if java script code is inside the name of the device Display Name, its can be trigger from different sources. This vulnerability is fixed in 24.10.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "librenms",
"product": {
"product_data": [
{
"product_name": "librenms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 24.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-4m5r-w2rq-q54q",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-4m5r-w2rq-q54q"
},
{
"url": "https://github.com/librenms/librenms/commit/bb4731419b592867bf974dde525e536606a52976",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/commit/bb4731419b592867bf974dde525e536606a52976"
}
]
},
"source": {
"advisory": "GHSA-4m5r-w2rq-q54q",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

61
2024/50xxx/CVE-2024-50647.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50647",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-50647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through https://ip:port/api/myapp/index/user/info?id=1 And modify the ID value to obtain sensitive user information beyond authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Yllxx03/CVE/blob/main/python_food_Information_Disclosure.md",
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/blob/main/python_food_Information_Disclosure.md"
},
{
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50647",
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50647"
}
]
}

61
2024/50xxx/CVE-2024-50648.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50648",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-50648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Yllxx03/CVE/blob/main/yshop_fileu_pload.md",
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/blob/main/yshop_fileu_pload.md"
},
{
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50648",
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50648"
}
]
}

61
2024/50xxx/CVE-2024-50649.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50649",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-50649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Yllxx03/CVE/blob/main/python_book/FileUpload.md",
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/blob/main/python_book/FileUpload.md"
},
{
"refsource": "MISC",
"name": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50649",
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50649"
}
]
}

81
2024/51xxx/CVE-2024-51494.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-51494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Port Settings\" page allows authenticated users to inject arbitrary JavaScript through the \"descr\" parameter when editing a device's port settings. This vulnerability can lead to the execution of malicious code when the \"Port Settings\" page is visited, potentially compromising the user's session and allowing unauthorized actions. This vulnerability is fixed in 24.10.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "librenms",
"product": {
"product_data": [
{
"product_name": "librenms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 24.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-7663-37rg-c377",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-7663-37rg-c377"
},
{
"url": "https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0"
}
]
},
"source": {
"advisory": "GHSA-7663-37rg-c377",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

81
2024/51xxx/CVE-2024-51495.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-51495",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the \"overwrite_ip\" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is visited, potentially compromising the accounts of other users. This vulnerability is fixed in 24.10.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "librenms",
"product": {
"product_data": [
{
"product_name": "librenms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 24.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-p66q-ppwr-q5j8",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-p66q-ppwr-q5j8"
},
{
"url": "https://github.com/librenms/librenms/commit/4568188ce9097a2e3a3b563311077f2bb82455c0",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/commit/4568188ce9097a2e3a3b563311077f2bb82455c0"
}
]
},
"source": {
"advisory": "GHSA-p66q-ppwr-q5j8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

81
2024/51xxx/CVE-2024-51496.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-51496",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the \"metric\" parameter of the \"/wireless\" and \"/health\" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious \"metric\" parameter, potentially compromising their session and allowing unauthorized actions. This vulnerability is fixed in 24.10.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "librenms",
"product": {
"product_data": [
{
"product_name": "librenms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 24.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-28p7-f6h6-3jh3",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-28p7-f6h6-3jh3"
},
{
"url": "https://github.com/librenms/librenms/commit/aef739a438ffb507e927a4ec87b359164a7a053a",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/commit/aef739a438ffb507e927a4ec87b359164a7a053a"
}
]
},
"source": {
"advisory": "GHSA-28p7-f6h6-3jh3",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

81
2024/51xxx/CVE-2024-51497.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-51497",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Custom OID\" tab of a device allows authenticated users to inject arbitrary JavaScript through the \"unit\" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "librenms",
"product": {
"product_data": [
{
"product_name": "librenms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 24.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-gv4m-f6fx-859x",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/security/advisories/GHSA-gv4m-f6fx-859x"
},
{
"url": "https://github.com/librenms/librenms/commit/42b156e42a3811c23758772ce8c63d4d3eaba59b",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/commit/42b156e42a3811c23758772ce8c63d4d3eaba59b"
}
]
},
"source": {
"advisory": "GHSA-gv4m-f6fx-859x",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

18
2024/52xxx/CVE-2024-52726.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52726",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52727.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52727",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52728.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52728",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52729.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52729",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52730.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52730",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52731.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52731",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52732.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52732",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52733.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52733",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52734.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52734",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52735.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52735",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52736.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52736",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52737.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52737",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52738.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52738",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52739.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52739",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52740.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52740",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52741.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52741",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52742.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52742",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52743.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52744.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52744",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52745.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52745",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52746.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52746",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52747.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52747",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52748.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52748",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52749.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52749",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52750.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52750",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52751.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52751",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52752.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52752",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52753.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52754.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52755.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52755",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52756.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52757.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52757",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52758.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52758",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52759.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52759",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52760.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52760",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52761.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52761",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52762.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52762",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52763.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52763",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52764.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52764",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52765.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52765",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52766.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52766",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52767.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52767",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52768.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52768",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52769.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52769",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52770.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52770",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52771.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52771",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52772.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52772",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52773.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52773",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52774.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52774",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52775.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52775",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52776.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52776",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52777.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52777",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52778.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52778",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52779.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52779",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52780.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52780",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52781.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52781",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52782.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52782",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52783.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52783",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52784.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52784",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52785.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52785",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52786.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52786",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52787.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52787",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52788.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52788",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52789.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52789",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52790.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52790",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}