diff --git a/2024/0xxx/CVE-2024-0646.json b/2024/0xxx/CVE-2024-0646.json index 876d97de314..4f191d48d3b 100644 --- a/2024/0xxx/CVE-2024-0646.json +++ b/2024/0xxx/CVE-2024-0646.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "Missing Write Protection for Parametric Data Values", - "cweId": "CWE-1314" + "value": "Out-of-bounds Write", + "cweId": "CWE-787" } ] } diff --git a/2024/11xxx/CVE-2024-11664.json b/2024/11xxx/CVE-2024-11664.json index 59c81434fea..6f6da7b9bbd 100644 --- a/2024/11xxx/CVE-2024-11664.json +++ b/2024/11xxx/CVE-2024-11664.json @@ -1,17 +1,137 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11664", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in eNMS bis 4.2 entdeckt. Es geht hierbei um die Funktion multiselect_filtering der Datei eNMS/controller.py der Komponente TGZ File Handler. Durch Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 22b0b443acca740fc83b5544165c1f53eff3f529 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "eNMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0" + }, + { + "version_affected": "=", + "version_value": "4.1" + }, + { + "version_affected": "=", + "version_value": "4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.285986", + "refsource": "MISC", + "name": "https://vuldb.com/?id.285986" + }, + { + "url": "https://vuldb.com/?ctiid.285986", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.285986" + }, + { + "url": "https://vuldb.com/?submit.447374", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.447374" + }, + { + "url": "https://github.com/eNMS-automation/eNMS/pull/419", + "refsource": "MISC", + "name": "https://github.com/eNMS-automation/eNMS/pull/419" + }, + { + "url": "https://github.com/eNMS-automation/eNMS/pull/419#issuecomment-2495640750", + "refsource": "MISC", + "name": "https://github.com/eNMS-automation/eNMS/pull/419#issuecomment-2495640750" + }, + { + "url": "https://mega.nz/folder/ZhIiDQaI#TUJCRV-XN41L-WEVAu0sWg", + "refsource": "MISC", + "name": "https://mega.nz/folder/ZhIiDQaI#TUJCRV-XN41L-WEVAu0sWg" + }, + { + "url": "https://github.com/eNMS-automation/eNMS/pull/419/commits/22b0b443acca740fc83b5544165c1f53eff3f529", + "refsource": "MISC", + "name": "https://github.com/eNMS-automation/eNMS/pull/419/commits/22b0b443acca740fc83b5544165c1f53eff3f529" + }, + { + "url": "https://www.youtube.com/watch?v=FJVFtNb4_qA", + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=FJVFtNb4_qA" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "slash0x99 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] }