diff --git a/2023/1xxx/CVE-2023-1424.json b/2023/1xxx/CVE-2023-1424.json index b252ab653e5..680bce9c28a 100644 --- a/2023/1xxx/CVE-2023-1424.json +++ b/2023/1xxx/CVE-2023-1424.json @@ -481,7 +481,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "versions 26 and later" + "version_value": "versions from 26 to 31" } ] } @@ -492,7 +492,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "versions 26 and later" + "version_value": "versions from 26 to 31" } ] } @@ -503,7 +503,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "versions 26 and later" + "version_value": "versions from 26 to 31" } ] } @@ -514,7 +514,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "versions 26 and later" + "version_value": "versions from 26 to 31" } ] } diff --git a/2023/28xxx/CVE-2023-28826.json b/2023/28xxx/CVE-2023-28826.json index 07a568fcb73..50b4271300f 100644 --- a/2023/28xxx/CVE-2023-28826.json +++ b/2023/28xxx/CVE-2023-28826.json @@ -95,11 +95,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/0xxx/CVE-2024-0311.json b/2024/0xxx/CVE-2024-0311.json index 791401e1bcc..962afdf788c 100644 --- a/2024/0xxx/CVE-2024-0311.json +++ b/2024/0xxx/CVE-2024-0311.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0311", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "trellixpsirt@trellix.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-622-Improper Validation of Function Hook Arguments", + "cweId": "CWE-622" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Skyhigh", + "product": { + "product_data": [ + { + "product_name": "Skyhigh Client Proxy", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", + "refsource": "MISC", + "name": "https://kcm.trellix.com/corporate/index?page=content&id=SB10418" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "smkb (smkb@smokingbit.com)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0312.json b/2024/0xxx/CVE-2024-0312.json index 373aa86c129..335b7e0c38b 100644 --- a/2024/0xxx/CVE-2024-0312.json +++ b/2024/0xxx/CVE-2024-0312.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0312", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "trellixpsirt@trellix.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-622-Improper Validation of Function Hook Arguments", + "cweId": "CWE-622" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Skyhigh", + "product": { + "product_data": [ + { + "product_name": "Skyhigh Client Proxy", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", + "refsource": "MISC", + "name": "https://kcm.trellix.com/corporate/index?page=content&id=SB10418" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "smkb (smkb@smokingbit.com)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0313.json b/2024/0xxx/CVE-2024-0313.json index 3900b7d6a33..9c7ceeb8b17 100644 --- a/2024/0xxx/CVE-2024-0313.json +++ b/2024/0xxx/CVE-2024-0313.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0313", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "trellixpsirt@trellix.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to reach out to the Internet for retrieving application and system updates, a remote device could target it and undo the bypass, thereby denying the victim access to the update service, causing it to fail. " + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-670 Always-Incorrect Control Flow Implementation", + "cweId": "CWE-670" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Skyhigh", + "product": { + "product_data": [ + { + "product_name": "Skyhigh Client Proxy", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10418", + "refsource": "MISC", + "name": "https://kcm.trellix.com/corporate/index?page=content&id=SB10418" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Winston Ho (@violenttestpen)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1221.json b/2024/1xxx/CVE-2024-1221.json index 0716587f1b7..e5c09d78718 100644 --- a/2024/1xxx/CVE-2024-1221.json +++ b/2024/1xxx/CVE-2024-1221.json @@ -1,17 +1,139 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1221", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@papercut.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PaperCut", + "product": { + "product_data": [ + { + "product_name": "PaperCut NG, PaperCut MF", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "23.0.7", + "status": "unaffected" + } + ], + "lessThan": "23.0.7", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "22.1.5", + "status": "unaffected" + } + ], + "lessThan": "22.1.5", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "21.2.14", + "status": "unaffected" + } + ], + "lessThan": "21.2.14", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "20.1.10", + "status": "unaffected" + } + ], + "lessThan": "20.1.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", + "refsource": "MISC", + "name": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1222.json b/2024/1xxx/CVE-2024-1222.json index 88c558c0c5d..2a1b51b144f 100644 --- a/2024/1xxx/CVE-2024-1222.json +++ b/2024/1xxx/CVE-2024-1222.json @@ -1,17 +1,139 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1222", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@papercut.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PaperCut", + "product": { + "product_data": [ + { + "product_name": "PaperCut NG, PaperCut MF", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "23.0.7", + "status": "unaffected" + } + ], + "lessThan": "23.0.7", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "22.1.5", + "status": "unaffected" + } + ], + "lessThan": "22.1.5", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "21.2.14", + "status": "unaffected" + } + ], + "lessThan": "21.2.14", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "20.1.10", + "status": "unaffected" + } + ], + "lessThan": "20.1.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", + "refsource": "MISC", + "name": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1223.json b/2024/1xxx/CVE-2024-1223.json index a8e8c7ced3b..0dc5ffa6f6a 100644 --- a/2024/1xxx/CVE-2024-1223.json +++ b/2024/1xxx/CVE-2024-1223.json @@ -1,17 +1,139 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1223", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@papercut.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PaperCut", + "product": { + "product_data": [ + { + "product_name": "PaperCut NG, PaperCut MF", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "23.0.7", + "status": "unaffected" + } + ], + "lessThan": "23.0.7", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "22.1.5", + "status": "unaffected" + } + ], + "lessThan": "22.1.5", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "21.2.14", + "status": "unaffected" + } + ], + "lessThan": "21.2.14", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "20.1.10", + "status": "unaffected" + } + ], + "lessThan": "20.1.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", + "refsource": "MISC", + "name": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1654.json b/2024/1xxx/CVE-2024-1654.json index ef514337f6d..2c43dd56d5b 100644 --- a/2024/1xxx/CVE-2024-1654.json +++ b/2024/1xxx/CVE-2024-1654.json @@ -1,17 +1,139 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@papercut.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this. " + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-183 Permissive List of Allowed Inputs", + "cweId": "CWE-183" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PaperCut", + "product": { + "product_data": [ + { + "product_name": "PaperCut NG, PaperCut MF", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "23.0.7", + "status": "unaffected" + } + ], + "lessThan": "23.0.7", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "22.1.5", + "status": "unaffected" + } + ], + "lessThan": "22.1.5", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "21.2.14", + "status": "unaffected" + } + ], + "lessThan": "21.2.14", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "20.1.10", + "status": "unaffected" + } + ], + "lessThan": "20.1.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", + "refsource": "MISC", + "name": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1882.json b/2024/1xxx/CVE-2024-1882.json index e39dfa6fd6b..b62987e358b 100644 --- a/2024/1xxx/CVE-2024-1882.json +++ b/2024/1xxx/CVE-2024-1882.json @@ -1,17 +1,139 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1882", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@papercut.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PaperCut", + "product": { + "product_data": [ + { + "product_name": "PaperCut NG, PaperCut MF", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "23.0.7", + "status": "unaffected" + } + ], + "lessThan": "23.0.7", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "22.1.5", + "status": "unaffected" + } + ], + "lessThan": "22.1.5", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "21.2.14", + "status": "unaffected" + } + ], + "lessThan": "21.2.14", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "20.1.10", + "status": "unaffected" + } + ], + "lessThan": "20.1.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", + "refsource": "MISC", + "name": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1883.json b/2024/1xxx/CVE-2024-1883.json index 8dad2cfded8..9db0a55197f 100644 --- a/2024/1xxx/CVE-2024-1883.json +++ b/2024/1xxx/CVE-2024-1883.json @@ -1,17 +1,139 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1883", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@papercut.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability. " + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PaperCut", + "product": { + "product_data": [ + { + "product_name": "PaperCut NG, PaperCut MF", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "23.0.7", + "status": "unaffected" + } + ], + "lessThan": "23.0.7", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "22.1.5", + "status": "unaffected" + } + ], + "lessThan": "22.1.5", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "21.2.14", + "status": "unaffected" + } + ], + "lessThan": "21.2.14", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "20.1.10", + "status": "unaffected" + } + ], + "lessThan": "20.1.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", + "refsource": "MISC", + "name": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1884.json b/2024/1xxx/CVE-2024-1884.json index 1c09d3f87bf..c108638adad 100644 --- a/2024/1xxx/CVE-2024-1884.json +++ b/2024/1xxx/CVE-2024-1884.json @@ -1,17 +1,139 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1884", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@papercut.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918 Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PaperCut", + "product": { + "product_data": [ + { + "product_name": "PaperCut NG, PaperCut MF", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "23.0.7", + "status": "unaffected" + } + ], + "lessThan": "23.0.7", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "22.1.5", + "status": "unaffected" + } + ], + "lessThan": "22.1.5", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "21.2.14", + "status": "unaffected" + } + ], + "lessThan": "21.2.14", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "changes": [ + { + "at": "20.1.10", + "status": "unaffected" + } + ], + "lessThan": "20.1.10", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", + "refsource": "MISC", + "name": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22396.json b/2024/22xxx/CVE-2024-22396.json index c9cc95158f0..ce439c3d776 100644 --- a/2024/22xxx/CVE-2024-22396.json +++ b/2024/22xxx/CVE-2024-22396.json @@ -1,18 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22396", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@sonicwall.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SonicWall", + "product": { + "product_data": [ + { + "product_name": "SonicOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.0.1-5145 and earlier versions" + }, + { + "version_affected": "=", + "version_value": "7.1.1-7047 and earlier versions" + }, + { + "version_affected": "=", + "version_value": "6.5.4.13-105n and earlier versions" + }, + { + "version_affected": "=", + "version_value": "6.5.4.4-44v-21-2340 and earlier versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0004", + "refsource": "MISC", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0004" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2024/22xxx/CVE-2024-22397.json b/2024/22xxx/CVE-2024-22397.json index 2f683039ec5..9b8957e07cc 100644 --- a/2024/22xxx/CVE-2024-22397.json +++ b/2024/22xxx/CVE-2024-22397.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@sonicwall.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SonicWall", + "product": { + "product_data": [ + { + "product_name": "SonicOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.0.1-5145 and earlier versions" + }, + { + "version_affected": "=", + "version_value": "7.1.1-7047 and earlier versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0005", + "refsource": "MISC", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0005" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "SNWLID-2024-0005", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2024/22xxx/CVE-2024-22398.json b/2024/22xxx/CVE-2024-22398.json index 9a05ceb6fd9..1d4aa72e9b0 100644 --- a/2024/22xxx/CVE-2024-22398.json +++ b/2024/22xxx/CVE-2024-22398.json @@ -1,18 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@sonicwall.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SonicWall", + "product": { + "product_data": [ + { + "product_name": "Email Security", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.0.26.7807 and earlier versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0006", + "refsource": "MISC", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0006" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "SNWLID-2024-0006", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2024/23xxx/CVE-2024-23201.json b/2024/23xxx/CVE-2024-23201.json index c5174f2024e..af749bd9a89 100644 --- a/2024/23xxx/CVE-2024-23201.json +++ b/2024/23xxx/CVE-2024-23201.json @@ -144,11 +144,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23203.json b/2024/23xxx/CVE-2024-23203.json index e8be89ded37..f24d247c0b4 100644 --- a/2024/23xxx/CVE-2024-23203.json +++ b/2024/23xxx/CVE-2024-23203.json @@ -95,6 +95,11 @@ "url": "https://support.apple.com/kb/HT214085", "refsource": "MISC", "name": "https://support.apple.com/kb/HT214085" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23216.json b/2024/23xxx/CVE-2024-23216.json index 8e8c5eb35ad..996dc738cca 100644 --- a/2024/23xxx/CVE-2024-23216.json +++ b/2024/23xxx/CVE-2024-23216.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23217.json b/2024/23xxx/CVE-2024-23217.json index 5771bc4148a..b8066d42b20 100644 --- a/2024/23xxx/CVE-2024-23217.json +++ b/2024/23xxx/CVE-2024-23217.json @@ -112,6 +112,11 @@ "url": "https://support.apple.com/kb/HT214085", "refsource": "MISC", "name": "https://support.apple.com/kb/HT214085" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23218.json b/2024/23xxx/CVE-2024-23218.json index d00b3a3d244..30fbebff2b2 100644 --- a/2024/23xxx/CVE-2024-23218.json +++ b/2024/23xxx/CVE-2024-23218.json @@ -149,11 +149,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23227.json b/2024/23xxx/CVE-2024-23227.json index 8d7029466a3..97739600418 100644 --- a/2024/23xxx/CVE-2024-23227.json +++ b/2024/23xxx/CVE-2024-23227.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23230.json b/2024/23xxx/CVE-2024-23230.json index 1f2ebac251d..2c59fc5b7bd 100644 --- a/2024/23xxx/CVE-2024-23230.json +++ b/2024/23xxx/CVE-2024-23230.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23245.json b/2024/23xxx/CVE-2024-23245.json index 0050883cd1f..f2cf8750d7d 100644 --- a/2024/23xxx/CVE-2024-23245.json +++ b/2024/23xxx/CVE-2024-23245.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23247.json b/2024/23xxx/CVE-2024-23247.json index 4b7c4ad5b7b..59c41f6ff6e 100644 --- a/2024/23xxx/CVE-2024-23247.json +++ b/2024/23xxx/CVE-2024-23247.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23257.json b/2024/23xxx/CVE-2024-23257.json index e1dffb333da..bbec9d9eaec 100644 --- a/2024/23xxx/CVE-2024-23257.json +++ b/2024/23xxx/CVE-2024-23257.json @@ -107,6 +107,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23264.json b/2024/23xxx/CVE-2024-23264.json index 27e024998fc..283b0dc8a33 100644 --- a/2024/23xxx/CVE-2024-23264.json +++ b/2024/23xxx/CVE-2024-23264.json @@ -134,6 +134,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/25", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/25" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23266.json b/2024/23xxx/CVE-2024-23266.json index eca13f08220..92ff58e6a55 100644 --- a/2024/23xxx/CVE-2024-23266.json +++ b/2024/23xxx/CVE-2024-23266.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23267.json b/2024/23xxx/CVE-2024-23267.json index b5e092e6506..56e57194a13 100644 --- a/2024/23xxx/CVE-2024-23267.json +++ b/2024/23xxx/CVE-2024-23267.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23268.json b/2024/23xxx/CVE-2024-23268.json index 9a2f4d109f9..38c435adfa4 100644 --- a/2024/23xxx/CVE-2024-23268.json +++ b/2024/23xxx/CVE-2024-23268.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23269.json b/2024/23xxx/CVE-2024-23269.json index faf13edfafb..c60b2647bbf 100644 --- a/2024/23xxx/CVE-2024-23269.json +++ b/2024/23xxx/CVE-2024-23269.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23270.json b/2024/23xxx/CVE-2024-23270.json index 2b3541fdc3c..3971a1e8853 100644 --- a/2024/23xxx/CVE-2024-23270.json +++ b/2024/23xxx/CVE-2024-23270.json @@ -112,6 +112,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/25", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/25" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23272.json b/2024/23xxx/CVE-2024-23272.json index 06bc355b506..fcd2d81c4a5 100644 --- a/2024/23xxx/CVE-2024-23272.json +++ b/2024/23xxx/CVE-2024-23272.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23274.json b/2024/23xxx/CVE-2024-23274.json index 0c18e608b0e..c1e600ffd63 100644 --- a/2024/23xxx/CVE-2024-23274.json +++ b/2024/23xxx/CVE-2024-23274.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23283.json b/2024/23xxx/CVE-2024-23283.json index d57da3c2a76..f3ae0c69184 100644 --- a/2024/23xxx/CVE-2024-23283.json +++ b/2024/23xxx/CVE-2024-23283.json @@ -90,6 +90,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23672.json b/2024/23xxx/CVE-2024-23672.json index c58ef82f5fe..aded90acf4a 100644 --- a/2024/23xxx/CVE-2024-23672.json +++ b/2024/23xxx/CVE-2024-23672.json @@ -1,18 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23672", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.\n\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-459 Incomplete Cleanup", + "cweId": "CWE-459" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "11.0.0-M1", + "version_value": "11.0.0-M16" + }, + { + "version_affected": "<=", + "version_name": "10.1.0-M1", + "version_value": "10.1.18" + }, + { + "version_affected": "<=", + "version_name": "9.0.0-M1", + "version_value": "9.0.85" + }, + { + "version_affected": "<=", + "version_name": "8.5.0", + "version_value": "8.5.98" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24549.json b/2024/24xxx/CVE-2024-24549.json index 5d5c26ba5ab..0e5be5fcdda 100644 --- a/2024/24xxx/CVE-2024-24549.json +++ b/2024/24xxx/CVE-2024-24549.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.\n\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "11.0.0-M1", + "version_value": "11.0.0-M16" + }, + { + "version_affected": "<=", + "version_name": "10.1.0-M1", + "version_value": "10.1.18" + }, + { + "version_affected": "<=", + "version_name": "9.0.0-M1", + "version_value": "9.0.85" + }, + { + "version_affected": "<=", + "version_name": "8.5.0", + "version_value": "8.5.98" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Bartek Nowotarski" + } + ] } \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24975.json b/2024/24xxx/CVE-2024-24975.json new file mode 100644 index 00000000000..34e4fefe01b --- /dev/null +++ b/2024/24xxx/CVE-2024-24975.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24975", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25228.json b/2024/25xxx/CVE-2024-25228.json index e4b3fadbf4f..62c39601d11 100644 --- a/2024/25xxx/CVE-2024-25228.json +++ b/2024/25xxx/CVE-2024-25228.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25228", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25228", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/", + "url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/" + }, + { + "refsource": "FULLDISC", + "name": "20240313 [Full Disclosure] CVE-2024-25228: Unpatched Command Injection in Vinchin Backup & Recovery Versions 7.2 and Earlier", + "url": "https://seclists.org/fulldisclosure/2024/Mar/15" } ] } diff --git a/2024/25xxx/CVE-2024-25649.json b/2024/25xxx/CVE-2024-25649.json index 266dc16005d..3b1c783c222 100644 --- a/2024/25xxx/CVE-2024-25649.json +++ b/2024/25xxx/CVE-2024-25649.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25649", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25649", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649", + "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649" } ] } diff --git a/2024/25xxx/CVE-2024-25650.json b/2024/25xxx/CVE-2024-25650.json index 2c7b8446173..abeed7c95f6 100644 --- a/2024/25xxx/CVE-2024-25650.json +++ b/2024/25xxx/CVE-2024-25650.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25650", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25650", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25650", + "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25650" } ] } diff --git a/2024/25xxx/CVE-2024-25651.json b/2024/25xxx/CVE-2024-25651.json index a22c32355a0..e1ae1f8a6d2 100644 --- a/2024/25xxx/CVE-2024-25651.json +++ b/2024/25xxx/CVE-2024-25651.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25651", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25651", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25651", + "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25651" } ] } diff --git a/2024/25xxx/CVE-2024-25652.json b/2024/25xxx/CVE-2024-25652.json index 415f1a84610..4f491464ab4 100644 --- a/2024/25xxx/CVE-2024-25652.json +++ b/2024/25xxx/CVE-2024-25652.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25652", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25652", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652", + "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652" } ] } diff --git a/2024/25xxx/CVE-2024-25653.json b/2024/25xxx/CVE-2024-25653.json index 0b7fd4c2a74..608cbf49082 100644 --- a/2024/25xxx/CVE-2024-25653.json +++ b/2024/25xxx/CVE-2024-25653.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25653", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25653", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653", + "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653" } ] } diff --git a/2024/26xxx/CVE-2024-26630.json b/2024/26xxx/CVE-2024-26630.json index 156a505971c..3e350d6a1b7 100644 --- a/2024/26xxx/CVE-2024-26630.json +++ b/2024/26xxx/CVE-2024-26630.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26630", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: cachestat: fix folio read-after-free in cache walk\n\nIn cachestat, we access the folio from the page cache's xarray to compute\nits page offset, and check for its dirty and writeback flags. However, we\ndo not hold a reference to the folio before performing these actions,\nwhich means the folio can concurrently be released and reused as another\nfolio/page/slab.\n\nGet around this altogether by just using xarray's existing machinery for\nthe folio page offsets and dirty/writeback states.\n\nThis changes behavior for tmpfs files to now always report zeroes in their\ndirty and writeback counters. This is okay as tmpfs doesn't follow\nconventional writeback cache behavior: its pages get \"cleaned\" during\nswapout, after which they're no longer resident etc." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "cf264e1329fb", + "version_value": "ba60fdf75e89" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.5", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.5", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.21", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.9", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/ba60fdf75e89ea762bb617be578dc47f27655117", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ba60fdf75e89ea762bb617be578dc47f27655117" + }, + { + "url": "https://git.kernel.org/stable/c/fe7e008e0ce728252e4ec652cceebcc62211657c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fe7e008e0ce728252e4ec652cceebcc62211657c" + }, + { + "url": "https://git.kernel.org/stable/c/3a75cb05d53f4a6823a32deb078de1366954a804", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3a75cb05d53f4a6823a32deb078de1366954a804" + } + ] + }, + "generator": { + "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/27xxx/CVE-2024-27986.json b/2024/27xxx/CVE-2024-27986.json index 4bbdf2d4fee..0027819bc47 100644 --- a/2024/27xxx/CVE-2024-27986.json +++ b/2024/27xxx/CVE-2024-27986.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27986", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Elementor Addons by Livemesh allows Stored XSS.This issue affects Elementor Addons by Livemesh: from n/a through 8.3.5.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Livemesh", + "product": { + "product_data": [ + { + "product_name": "Elementor Addons by Livemesh", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "8.3.6", + "status": "unaffected" + } + ], + "lessThanOrEqual": "8.3.5", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/addons-for-elementor/wordpress-elementor-addons-by-livemesh-plugin-8-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/addons-for-elementor/wordpress-elementor-addons-by-livemesh-plugin-8-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 8.3.6 or a higher version." + } + ], + "value": "Update to\u00a08.3.6 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Abu Hurayra (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28053.json b/2024/28xxx/CVE-2024-28053.json new file mode 100644 index 00000000000..a9c292546b8 --- /dev/null +++ b/2024/28xxx/CVE-2024-28053.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28053", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28388.json b/2024/28xxx/CVE-2024-28388.json index ebf9f29743b..818acdc1717 100644 --- a/2024/28xxx/CVE-2024-28388.json +++ b/2024/28xxx/CVE-2024-28388.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28388", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28388", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/03/12/stproductcomments.html", + "url": "https://security.friendsofpresta.org/modules/2024/03/12/stproductcomments.html" } ] } diff --git a/2024/28xxx/CVE-2024-28390.json b/2024/28xxx/CVE-2024-28390.json index e5ea2ba6fb3..dacd0f76f08 100644 --- a/2024/28xxx/CVE-2024-28390.json +++ b/2024/28xxx/CVE-2024-28390.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28390", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28390", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/03/12/ultimateimagetool.html", + "url": "https://security.friendsofpresta.org/modules/2024/03/12/ultimateimagetool.html" } ] } diff --git a/2024/28xxx/CVE-2024-28391.json b/2024/28xxx/CVE-2024-28391.json index 23c9368ba63..fd43991e733 100644 --- a/2024/28xxx/CVE-2024-28391.json +++ b/2024/28xxx/CVE-2024-28391.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28391", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28391", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html", + "url": "https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html" } ] } diff --git a/2024/28xxx/CVE-2024-28669.json b/2024/28xxx/CVE-2024-28669.json index 51afa3510f1..7e33d9832e0 100644 --- a/2024/28xxx/CVE-2024-28669.json +++ b/2024/28xxx/CVE-2024-28669.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28669", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28669", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/777erp/cms/blob/main/10.md", + "refsource": "MISC", + "name": "https://github.com/777erp/cms/blob/main/10.md" } ] } diff --git a/2024/28xxx/CVE-2024-28676.json b/2024/28xxx/CVE-2024-28676.json index 517cc8fcce6..7956529e24a 100644 --- a/2024/28xxx/CVE-2024-28676.json +++ b/2024/28xxx/CVE-2024-28676.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28676", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28676", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/777erp/cms/blob/main/18.md", + "refsource": "MISC", + "name": "https://github.com/777erp/cms/blob/main/18.md" } ] } diff --git a/2024/28xxx/CVE-2024-28679.json b/2024/28xxx/CVE-2024-28679.json index 5b2b2cae06c..6e4d1f888a3 100644 --- a/2024/28xxx/CVE-2024-28679.json +++ b/2024/28xxx/CVE-2024-28679.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28679", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28679", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/777erp/cms/blob/main/19.md", + "refsource": "MISC", + "name": "https://github.com/777erp/cms/blob/main/19.md" } ] } diff --git a/2024/28xxx/CVE-2024-28680.json b/2024/28xxx/CVE-2024-28680.json index 540d877646f..dc5935ef1ee 100644 --- a/2024/28xxx/CVE-2024-28680.json +++ b/2024/28xxx/CVE-2024-28680.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28680", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28680", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/777erp/cms/blob/main/11.md", + "refsource": "MISC", + "name": "https://github.com/777erp/cms/blob/main/11.md" } ] } diff --git a/2024/28xxx/CVE-2024-28683.json b/2024/28xxx/CVE-2024-28683.json index ebe00130c73..5bcf98fc176 100644 --- a/2024/28xxx/CVE-2024-28683.json +++ b/2024/28xxx/CVE-2024-28683.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28683", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28683", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/777erp/cms/blob/main/20.md", + "refsource": "MISC", + "name": "https://github.com/777erp/cms/blob/main/20.md" } ] } diff --git a/2024/28xxx/CVE-2024-28746.json b/2024/28xxx/CVE-2024-28746.json index ca6391f2625..94a5c4780be 100644 --- a/2024/28xxx/CVE-2024-28746.json +++ b/2024/28xxx/CVE-2024-28746.json @@ -1,18 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28746", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.\u00a0\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-281 Improper Preservation of Permissions", + "cweId": "CWE-281" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Airflow", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.8.0", + "version_value": "2.8.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/apache/airflow/pull/37881", + "refsource": "MISC", + "name": "https://github.com/apache/airflow/pull/37881" + }, + { + "url": "https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Alex Liotta" + }, + { + "lang": "en", + "value": "Vincent(Vincbeck)" + } + ] } \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28926.json b/2024/28xxx/CVE-2024-28926.json new file mode 100644 index 00000000000..2b64145c2f0 --- /dev/null +++ b/2024/28xxx/CVE-2024-28926.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28926", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28927.json b/2024/28xxx/CVE-2024-28927.json new file mode 100644 index 00000000000..4e8694127ec --- /dev/null +++ b/2024/28xxx/CVE-2024-28927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28928.json b/2024/28xxx/CVE-2024-28928.json new file mode 100644 index 00000000000..01b4163349a --- /dev/null +++ b/2024/28xxx/CVE-2024-28928.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28928", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28929.json b/2024/28xxx/CVE-2024-28929.json new file mode 100644 index 00000000000..6eebf416ab5 --- /dev/null +++ b/2024/28xxx/CVE-2024-28929.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28929", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28930.json b/2024/28xxx/CVE-2024-28930.json new file mode 100644 index 00000000000..1bda4c858f2 --- /dev/null +++ b/2024/28xxx/CVE-2024-28930.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28930", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28931.json b/2024/28xxx/CVE-2024-28931.json new file mode 100644 index 00000000000..94190291857 --- /dev/null +++ b/2024/28xxx/CVE-2024-28931.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28931", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28932.json b/2024/28xxx/CVE-2024-28932.json new file mode 100644 index 00000000000..25242a6da51 --- /dev/null +++ b/2024/28xxx/CVE-2024-28932.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28932", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28933.json b/2024/28xxx/CVE-2024-28933.json new file mode 100644 index 00000000000..74738dc2b0c --- /dev/null +++ b/2024/28xxx/CVE-2024-28933.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28933", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28934.json b/2024/28xxx/CVE-2024-28934.json new file mode 100644 index 00000000000..536dad1aae4 --- /dev/null +++ b/2024/28xxx/CVE-2024-28934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28935.json b/2024/28xxx/CVE-2024-28935.json new file mode 100644 index 00000000000..efd6c0b6f2a --- /dev/null +++ b/2024/28xxx/CVE-2024-28935.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28935", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28936.json b/2024/28xxx/CVE-2024-28936.json new file mode 100644 index 00000000000..4c20b2c1eb8 --- /dev/null +++ b/2024/28xxx/CVE-2024-28936.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28936", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28937.json b/2024/28xxx/CVE-2024-28937.json new file mode 100644 index 00000000000..60b51c18b9a --- /dev/null +++ b/2024/28xxx/CVE-2024-28937.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28937", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28938.json b/2024/28xxx/CVE-2024-28938.json new file mode 100644 index 00000000000..5e57b3804f4 --- /dev/null +++ b/2024/28xxx/CVE-2024-28938.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28938", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28939.json b/2024/28xxx/CVE-2024-28939.json new file mode 100644 index 00000000000..7b0402cda12 --- /dev/null +++ b/2024/28xxx/CVE-2024-28939.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28939", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28940.json b/2024/28xxx/CVE-2024-28940.json new file mode 100644 index 00000000000..3ff14fad463 --- /dev/null +++ b/2024/28xxx/CVE-2024-28940.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28940", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28941.json b/2024/28xxx/CVE-2024-28941.json new file mode 100644 index 00000000000..b9317b5adca --- /dev/null +++ b/2024/28xxx/CVE-2024-28941.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28941", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28942.json b/2024/28xxx/CVE-2024-28942.json new file mode 100644 index 00000000000..dd62776178d --- /dev/null +++ b/2024/28xxx/CVE-2024-28942.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28942", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28943.json b/2024/28xxx/CVE-2024-28943.json new file mode 100644 index 00000000000..76e240f7da3 --- /dev/null +++ b/2024/28xxx/CVE-2024-28943.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28943", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28944.json b/2024/28xxx/CVE-2024-28944.json new file mode 100644 index 00000000000..4d0908a3923 --- /dev/null +++ b/2024/28xxx/CVE-2024-28944.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28944", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28969.json b/2024/28xxx/CVE-2024-28969.json new file mode 100644 index 00000000000..94b6b8c19b0 --- /dev/null +++ b/2024/28xxx/CVE-2024-28969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28970.json b/2024/28xxx/CVE-2024-28970.json new file mode 100644 index 00000000000..3c14cfb077c --- /dev/null +++ b/2024/28xxx/CVE-2024-28970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28971.json b/2024/28xxx/CVE-2024-28971.json new file mode 100644 index 00000000000..928ae2bbbcd --- /dev/null +++ b/2024/28xxx/CVE-2024-28971.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28971", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28972.json b/2024/28xxx/CVE-2024-28972.json new file mode 100644 index 00000000000..6ae01343fd9 --- /dev/null +++ b/2024/28xxx/CVE-2024-28972.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28972", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28973.json b/2024/28xxx/CVE-2024-28973.json new file mode 100644 index 00000000000..f6a3d51122b --- /dev/null +++ b/2024/28xxx/CVE-2024-28973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28974.json b/2024/28xxx/CVE-2024-28974.json new file mode 100644 index 00000000000..8f2a7d009ac --- /dev/null +++ b/2024/28xxx/CVE-2024-28974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28975.json b/2024/28xxx/CVE-2024-28975.json new file mode 100644 index 00000000000..b689a5bff9a --- /dev/null +++ b/2024/28xxx/CVE-2024-28975.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28975", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28976.json b/2024/28xxx/CVE-2024-28976.json new file mode 100644 index 00000000000..3306bb3cdb1 --- /dev/null +++ b/2024/28xxx/CVE-2024-28976.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28976", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28977.json b/2024/28xxx/CVE-2024-28977.json new file mode 100644 index 00000000000..a448faca6fd --- /dev/null +++ b/2024/28xxx/CVE-2024-28977.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28977", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28978.json b/2024/28xxx/CVE-2024-28978.json new file mode 100644 index 00000000000..af3d9f107d8 --- /dev/null +++ b/2024/28xxx/CVE-2024-28978.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28978", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28979.json b/2024/28xxx/CVE-2024-28979.json new file mode 100644 index 00000000000..b4dee6f55dd --- /dev/null +++ b/2024/28xxx/CVE-2024-28979.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28979", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28980.json b/2024/28xxx/CVE-2024-28980.json new file mode 100644 index 00000000000..0269b87db0b --- /dev/null +++ b/2024/28xxx/CVE-2024-28980.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28980", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29009.json b/2024/29xxx/CVE-2024-29009.json new file mode 100644 index 00000000000..779716aa6eb --- /dev/null +++ b/2024/29xxx/CVE-2024-29009.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29009", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29010.json b/2024/29xxx/CVE-2024-29010.json new file mode 100644 index 00000000000..b1007996917 --- /dev/null +++ b/2024/29xxx/CVE-2024-29010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29011.json b/2024/29xxx/CVE-2024-29011.json new file mode 100644 index 00000000000..a7823dbd32a --- /dev/null +++ b/2024/29xxx/CVE-2024-29011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29012.json b/2024/29xxx/CVE-2024-29012.json new file mode 100644 index 00000000000..fe61beb4fe3 --- /dev/null +++ b/2024/29xxx/CVE-2024-29012.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29012", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29013.json b/2024/29xxx/CVE-2024-29013.json new file mode 100644 index 00000000000..5fb1ff1e600 --- /dev/null +++ b/2024/29xxx/CVE-2024-29013.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29013", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29014.json b/2024/29xxx/CVE-2024-29014.json new file mode 100644 index 00000000000..abed4e8aadb --- /dev/null +++ b/2024/29xxx/CVE-2024-29014.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29014", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2247.json b/2024/2xxx/CVE-2024-2247.json index b5ca0571cf9..bbf9ca4db48 100644 --- a/2024/2xxx/CVE-2024-2247.json +++ b/2024/2xxx/CVE-2024-2247.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "JFrog Artifactory versions below 7.77.7, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism." + "value": "JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism." } ] }, diff --git a/2024/2xxx/CVE-2024-2400.json b/2024/2xxx/CVE-2024-2400.json index e843e42ad02..b0e8b67964e 100644 --- a/2024/2xxx/CVE-2024-2400.json +++ b/2024/2xxx/CVE-2024-2400.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/327696052", "refsource": "MISC", "name": "https://issues.chromium.org/issues/327696052" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T55OZ7JOMLNT5ICM4DTCZOJZD6TZICKO/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T55OZ7JOMLNT5ICM4DTCZOJZD6TZICKO/" } ] } diff --git a/2024/2xxx/CVE-2024-2437.json b/2024/2xxx/CVE-2024-2437.json index 297b7e3b3c1..86dce63ef57 100644 --- a/2024/2xxx/CVE-2024-2437.json +++ b/2024/2xxx/CVE-2024-2437.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2437", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-41728. Reason: This candidate is a reservation duplicate of CVE-2023-41728. Notes: All CVE users should reference CVE-2023-41728 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/2xxx/CVE-2024-2438.json b/2024/2xxx/CVE-2024-2438.json index 45acf9a2d75..dc2b9facc6a 100644 --- a/2024/2xxx/CVE-2024-2438.json +++ b/2024/2xxx/CVE-2024-2438.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2438", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-47851. Reason: This candidate is a reservation duplicate of CVE-2023-47851. Notes: All CVE users should reference CVE-2023-47851 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/2xxx/CVE-2024-2444.json b/2024/2xxx/CVE-2024-2444.json new file mode 100644 index 00000000000..f4e26aaa506 --- /dev/null +++ b/2024/2xxx/CVE-2024-2444.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2444", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2445.json b/2024/2xxx/CVE-2024-2445.json new file mode 100644 index 00000000000..a6a0bfecb06 --- /dev/null +++ b/2024/2xxx/CVE-2024-2445.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2445", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2446.json b/2024/2xxx/CVE-2024-2446.json new file mode 100644 index 00000000000..d1e07e9493e --- /dev/null +++ b/2024/2xxx/CVE-2024-2446.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-2446", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file