diff --git a/2024/11xxx/CVE-2024-11497.json b/2024/11xxx/CVE-2024-11497.json index edcd7b223ad..4aa26759f3d 100644 --- a/2024/11xxx/CVE-2024-11497.json +++ b/2024/11xxx/CVE-2024-11497.json @@ -1,17 +1,138 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11497", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "info@cert.vde.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732 Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHOENIX CONTACT", + "product": { + "product_data": [ + { + "product_name": "CHARX SEC-3000", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.7.0" + } + ] + } + }, + { + "product_name": "CHARX SEC-3050", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.7.0" + } + ] + } + }, + { + "product_name": "CHARX SEC-3100", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.7.0" + } + ] + } + }, + { + "product_name": "CHARX SEC-3150", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-070", + "refsource": "MISC", + "name": "https://cert.vde.com/en/advisories/VDE-2024-070" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "VDE-2024-070", + "defect": [ + "CERT@VDE#641697" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Tien Phan" + }, + { + "lang": "en", + "value": "Richard Jaletzki" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/11xxx/CVE-2024-11863.json b/2024/11xxx/CVE-2024-11863.json index 90fd15b7964..002b29d1f40 100644 --- a/2024/11xxx/CVE-2024-11863.json +++ b/2024/11xxx/CVE-2024-11863.json @@ -1,18 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11863", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "arm-security@arm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-755 Improper Handling of Exceptional Conditions", + "cweId": "CWE-755" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Arm", + "product": { + "product_data": [ + { + "product_name": "SCP-Firmware", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.15.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864", + "refsource": "MISC", + "name": "https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11864.json b/2024/11xxx/CVE-2024-11864.json index db9dcf4c563..8e2c6ed8ec6 100644 --- a/2024/11xxx/CVE-2024-11864.json +++ b/2024/11xxx/CVE-2024-11864.json @@ -1,18 +1,71 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11864", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "arm-security@arm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-755 Improper Handling of Exceptional Conditions", + "cweId": "CWE-755" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Arm", + "product": { + "product_data": [ + { + "product_name": "SCP-Firmware", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.15.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864", + "refsource": "MISC", + "name": "https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12988.json b/2024/12xxx/CVE-2024-12988.json index 45da71a4b1b..c44b05ce20b 100644 --- a/2024/12xxx/CVE-2024-12988.json +++ b/2024/12xxx/CVE-2024-12988.json @@ -1,17 +1,139 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12988", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED ** In Netgear R6900P and R7000P 1.3.3.154 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft die Funktion sub_16C4C der Komponente HTTP Header Handler. Durch Manipulation des Arguments Host mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Netgear", + "product": { + "product_data": [ + { + "product_name": "R6900P", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.3.3.154" + } + ] + } + }, + { + "product_name": "R7000P", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.3.3.154" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.289381", + "refsource": "MISC", + "name": "https://vuldb.com/?id.289381" + }, + { + "url": "https://vuldb.com/?ctiid.289381", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.289381" + }, + { + "url": "https://vuldb.com/?submit.462781", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.462781" + }, + { + "url": "https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154", + "refsource": "MISC", + "name": "https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154" + }, + { + "url": "https://www.netgear.com/about/eos/", + "refsource": "MISC", + "name": "https://www.netgear.com/about/eos/" + }, + { + "url": "https://www.netgear.com/", + "refsource": "MISC", + "name": "https://www.netgear.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "physicszq (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2024/13xxx/CVE-2024-13131.json b/2024/13xxx/CVE-2024-13131.json index 5e3acf49e45..7fec2033089 100644 --- a/2024/13xxx/CVE-2024-13131.json +++ b/2024/13xxx/CVE-2024-13131.json @@ -5,147 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2024-13131", "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic has been found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." - }, - { - "lang": "deu", - "value": "Es wurde eine Schwachstelle in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S bis 20241222 entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /web_caps/webCapsConfig der Komponente Web Interface. Durch die Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Information Disclosure", - "cweId": "CWE-200" - } - ] - }, - { - "description": [ - { - "lang": "eng", - "value": "Improper Access Controls", - "cweId": "CWE-284" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Dahua", - "product": { - "product_data": [ - { - "product_name": "IPC-HFW1200S", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "20241222" - } - ] - } - }, - { - "product_name": "IPC-HFW2300R-Z", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "20241222" - } - ] - } - }, - { - "product_name": "IPC-HFW5220E-Z", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "20241222" - } - ] - } - }, - { - "product_name": "IPC-HDW1200S", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "20241222" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://vuldb.com/?id.290205", - "refsource": "MISC", - "name": "https://vuldb.com/?id.290205" - }, - { - "url": "https://vuldb.com/?ctiid.290205", - "refsource": "MISC", - "name": "https://vuldb.com/?ctiid.290205" - }, - { - "url": "https://vuldb.com/?submit.464258", - "refsource": "MISC", - "name": "https://vuldb.com/?submit.464258" - }, - { - "url": "https://netsecfish.notion.site/IntelBras-IP-Camera-Information-Disclosure-15e6b683e67c80a89f89daf59daa9ea8?pvs=73", - "refsource": "MISC", - "name": "https://netsecfish.notion.site/IntelBras-IP-Camera-Information-Disclosure-15e6b683e67c80a89f89daf59daa9ea8?pvs=73" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "netsecfish (VulDB User)" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "baseScore": 5.3, - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "3.0", - "baseScore": 5.3, - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "baseSeverity": "MEDIUM" - }, - { - "version": "2.0", - "baseScore": 5, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-9680. Reason: This candidate is a reservation duplicate of CVE-2019-9680. Notes: All CVE users should reference CVE-2019-9680 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/13xxx/CVE-2024-13381.json b/2024/13xxx/CVE-2024-13381.json new file mode 100644 index 00000000000..974b279516b --- /dev/null +++ b/2024/13xxx/CVE-2024-13381.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13381", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13382.json b/2024/13xxx/CVE-2024-13382.json new file mode 100644 index 00000000000..1a70ff80194 --- /dev/null +++ b/2024/13xxx/CVE-2024-13382.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13382", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50312.json b/2024/50xxx/CVE-2024-50312.json index b8282e64c7a..a546fb83287 100644 --- a/2024/50xxx/CVE-2024-50312.json +++ b/2024/50xxx/CVE-2024-50312.json @@ -36,12 +36,20 @@ "product": { "product_data": [ { - "product_name": "Red Hat OpenShift Container Platform 4", + "product_name": "Red Hat OpenShift Container Platform 4.17", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v4.17.0-202501080135.p0.gedbd12e.assembly.stream.el9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } @@ -56,6 +64,11 @@ }, "references": { "reference_data": [ + { + "url": "https://access.redhat.com/errata/RHSA-2025:0115", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:0115" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-50312", "refsource": "MISC", @@ -98,8 +111,8 @@ "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "version": "3.0" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/7xxx/CVE-2024-7344.json b/2024/7xxx/CVE-2024-7344.json index 4049d7abae6..c37b036d28a 100644 --- a/2024/7xxx/CVE-2024-7344.json +++ b/2024/7xxx/CVE-2024-7344.json @@ -1,18 +1,196 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7344", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cert@cert.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426: Untrusted Search Path" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Lack/Improper Verification of Cryptographic Signature" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Radix", + "product": { + "product_data": [ + { + "product_name": "SmartRecovery", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "11.2.023-20240927" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Greenware Technologies", + "product": { + "product_data": [ + { + "product_name": "GreenGuard", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "10.2.023-20240927" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Howyar Technologies", + "product": { + "product_data": [ + { + "product_name": "SysReturn (32-bit and 64-bit)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "10.2.02320240919" + } + ] + } + } + ] + } + }, + { + "vendor_name": "SANFONG", + "product": { + "product_data": [ + { + "product_name": "SANFONG EZ-Back System", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "10.3.024-20241127" + } + ] + } + } + ] + } + }, + { + "vendor_name": "CES Taiwan", + "product": { + "product_data": [ + { + "product_name": "CES NeoImpact", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "10.1.024-20241127" + } + ] + } + } + ] + } + }, + { + "vendor_name": "SignalComputer", + "product": { + "product_data": [ + { + "product_name": "HDD King", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "10.3.021-20241127" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://uefi.org/revocationlistfile", + "refsource": "MISC", + "name": "https://uefi.org/revocationlistfile" + }, + { + "url": "https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html", + "refsource": "MISC", + "name": "https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html" + }, + { + "url": "https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html", + "refsource": "MISC", + "name": "https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html" + }, + { + "url": "https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/", + "refsource": "MISC", + "name": "https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/" + } + ] + }, + "generator": { + "engine": "VINCE 3.0.11", + "env": "prod", + "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-7344" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Thanks to Martin Smolar of ESET" + } + ] } \ No newline at end of file