diff --git a/2020/4xxx/CVE-2020-4874.json b/2020/4xxx/CVE-2020-4874.json index d675424ebe0..df191ed2658 100644 --- a/2020/4xxx/CVE-2020-4874.json +++ b/2020/4xxx/CVE-2020-4874.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-4874", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", + "cweId": "CWE-327" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cognos Controller", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.4.1, 10.4.2, 11.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7149876", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7149876" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190837", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190837" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2021/20xxx/CVE-2021-20450.json b/2021/20xxx/CVE-2021-20450.json index 3e95b6a7a87..f49ab626a20 100644 --- a/2021/20xxx/CVE-2021-20450.json +++ b/2021/20xxx/CVE-2021-20450.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20450", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 196640." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cognos Controller", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.4.1, 10.4.2, 11.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7149876", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7149876" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196640", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196640" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28519.json b/2024/28xxx/CVE-2024-28519.json index ea7897976ba..746925bc803 100644 --- a/2024/28xxx/CVE-2024-28519.json +++ b/2024/28xxx/CVE-2024-28519.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28519", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28519", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologies Inc eScan Antivirus could allow privilege escalation for low-privileged users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://northwave-cybersecurity.com/vulnerability-notice-escan-antivirus", + "refsource": "MISC", + "name": "https://northwave-cybersecurity.com/vulnerability-notice-escan-antivirus" + }, + { + "url": "https://www.escanav.com/en/index.asp", + "refsource": "MISC", + "name": "https://www.escanav.com/en/index.asp" } ] } diff --git a/2024/31xxx/CVE-2024-31636.json b/2024/31xxx/CVE-2024-31636.json index 65ea8016233..7aa6a91af9c 100644 --- a/2024/31xxx/CVE-2024-31636.json +++ b/2024/31xxx/CVE-2024-31636.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-31636", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-31636", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://lief.com", + "refsource": "MISC", + "name": "http://lief.com" + }, + { + "url": "https://github.com/lief-project/LIEF", + "refsource": "MISC", + "name": "https://github.com/lief-project/LIEF" + }, + { + "url": "https://github.com/lief-project/LIEF/issues/1038", + "refsource": "MISC", + "name": "https://github.com/lief-project/LIEF/issues/1038" } ] } diff --git a/2024/31xxx/CVE-2024-31963.json b/2024/31xxx/CVE-2024-31963.json index f1523383f50..1417f44e050 100644 --- a/2024/31xxx/CVE-2024-31963.json +++ b/2024/31xxx/CVE-2024-31963.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an authenticated attacker to conduct a buffer overflow attack due to insufficient bounds checking and input sanitization. A successful exploit could allow an attacker to cause a denial of service." + "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker to conduct a buffer overflow attack due to insufficient bounds checking and input sanitization. A successful exploit could allow an attacker to gain access to sensitive information, modify system configuration or execute arbitrary commands within the context of the system." } ] }, diff --git a/2024/31xxx/CVE-2024-31964.json b/2024/31xxx/CVE-2024-31964.json index af43fd0d497..8abd5cd04ee 100644 --- a/2024/31xxx/CVE-2024-31964.json +++ b/2024/31xxx/CVE-2024-31964.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service." + "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service." } ] }, diff --git a/2024/31xxx/CVE-2024-31965.json b/2024/31xxx/CVE-2024-31965.json index 5085f7c1359..87b4cad3d27 100644 --- a/2024/31xxx/CVE-2024-31965.json +++ b/2024/31xxx/CVE-2024-31965.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information." + "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information." } ] }, diff --git a/2024/31xxx/CVE-2024-31966.json b/2024/31xxx/CVE-2024-31966.json index 4662c73fe13..e975d949cfa 100644 --- a/2024/31xxx/CVE-2024-31966.json +++ b/2024/31xxx/CVE-2024-31966.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to access sensitive information, modify the system configuration, or execute arbitrary commands." + "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to access sensitive information, modify system configuration or execute arbitrary commands." } ] }, diff --git a/2024/31xxx/CVE-2024-31967.json b/2024/31xxx/CVE-2024-31967.json index 4f2135b2a63..24c55651170 100644 --- a/2024/31xxx/CVE-2024-31967.json +++ b/2024/31xxx/CVE-2024-31967.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones, including 6970 Conference Unit, through 6.3 SP3 HF4 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration." + "value": "A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration." } ] }, diff --git a/2024/33xxx/CVE-2024-33793.json b/2024/33xxx/CVE-2024-33793.json index 09e5d4dc9ad..aa9b426ec36 100644 --- a/2024/33xxx/CVE-2024-33793.json +++ b/2024/33xxx/CVE-2024-33793.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-33793", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-33793", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ping test page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/ymkyu/CVE/tree/main/CVE-2024-33793", + "url": "https://github.com/ymkyu/CVE/tree/main/CVE-2024-33793" } ] } diff --git a/2024/34xxx/CVE-2024-34450.json b/2024/34xxx/CVE-2024-34450.json new file mode 100644 index 00000000000..f8c864d4941 --- /dev/null +++ b/2024/34xxx/CVE-2024-34450.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34450", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file