From 7f76f4020f4d2a42feb69e658bc7ee9bdd19f190 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 22 Nov 2024 16:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/38xxx/CVE-2021-38116.json | 88 +++++++++++++++++++++++++++-- 2021/38xxx/CVE-2021-38117.json | 88 +++++++++++++++++++++++++++-- 2021/38xxx/CVE-2021-38118.json | 88 +++++++++++++++++++++++++++-- 2021/38xxx/CVE-2021-38119.json | 88 +++++++++++++++++++++++++++-- 2021/38xxx/CVE-2021-38134.json | 88 +++++++++++++++++++++++++++-- 2021/38xxx/CVE-2021-38135.json | 97 ++++++++++++++++++++++++++++++-- 2022/26xxx/CVE-2022-26324.json | 88 +++++++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24466.json | 88 +++++++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24467.json | 97 ++++++++++++++++++++++++++++++-- 2024/10xxx/CVE-2024-10863.json | 82 +++++++++++++++++++++++++-- 2024/11xxx/CVE-2024-11623.json | 18 ++++++ 2024/11xxx/CVE-2024-11624.json | 18 ++++++ 2024/32xxx/CVE-2024-32767.json | 99 ++++++++++++++++++++++++++++++-- 2024/32xxx/CVE-2024-32768.json | 99 ++++++++++++++++++++++++++++++-- 2024/32xxx/CVE-2024-32769.json | 99 ++++++++++++++++++++++++++++++-- 2024/32xxx/CVE-2024-32770.json | 99 ++++++++++++++++++++++++++++++-- 2024/37xxx/CVE-2024-37041.json | 100 +++++++++++++++++++++++++++++++-- 2024/37xxx/CVE-2024-37042.json | 95 +++++++++++++++++++++++++++++-- 2024/37xxx/CVE-2024-37043.json | 95 +++++++++++++++++++++++++++++-- 2024/37xxx/CVE-2024-37044.json | 100 +++++++++++++++++++++++++++++++-- 2024/37xxx/CVE-2024-37045.json | 95 +++++++++++++++++++++++++++++-- 2024/37xxx/CVE-2024-37046.json | 95 +++++++++++++++++++++++++++++-- 2024/37xxx/CVE-2024-37047.json | 100 +++++++++++++++++++++++++++++++-- 2024/37xxx/CVE-2024-37048.json | 95 +++++++++++++++++++++++++++++-- 2024/37xxx/CVE-2024-37049.json | 100 +++++++++++++++++++++++++++++++-- 2024/37xxx/CVE-2024-37050.json | 100 +++++++++++++++++++++++++++++++-- 2024/38xxx/CVE-2024-38643.json | 83 +++++++++++++++++++++++++-- 2024/38xxx/CVE-2024-38644.json | 88 +++++++++++++++++++++++++++-- 2024/38xxx/CVE-2024-38645.json | 83 +++++++++++++++++++++++++-- 2024/38xxx/CVE-2024-38646.json | 83 +++++++++++++++++++++++++-- 2024/38xxx/CVE-2024-38647.json | 88 +++++++++++++++++++++++++++-- 2024/48xxx/CVE-2024-48860.json | 88 +++++++++++++++++++++++++++-- 2024/48xxx/CVE-2024-48861.json | 88 +++++++++++++++++++++++++++-- 2024/48xxx/CVE-2024-48862.json | 88 +++++++++++++++++++++++++++-- 2024/50xxx/CVE-2024-50395.json | 83 +++++++++++++++++++++++++-- 2024/50xxx/CVE-2024-50396.json | 95 +++++++++++++++++++++++++++++-- 2024/50xxx/CVE-2024-50397.json | 95 +++++++++++++++++++++++++++++-- 2024/50xxx/CVE-2024-50398.json | 95 +++++++++++++++++++++++++++++-- 2024/50xxx/CVE-2024-50399.json | 95 +++++++++++++++++++++++++++++-- 2024/50xxx/CVE-2024-50400.json | 95 +++++++++++++++++++++++++++++-- 2024/50xxx/CVE-2024-50401.json | 95 +++++++++++++++++++++++++++++-- 2024/50xxx/CVE-2024-50965.json | 56 ++++++++++++++++-- 2024/51xxx/CVE-2024-51072.json | 66 ++++++++++++++++++++-- 2024/51xxx/CVE-2024-51073.json | 66 ++++++++++++++++++++-- 2024/51xxx/CVE-2024-51074.json | 61 ++++++++++++++++++-- 2024/52xxx/CVE-2024-52723.json | 61 ++++++++++++++++++-- 2024/52xxx/CVE-2024-52793.json | 68 ++++++++++++++++++++-- 2024/52xxx/CVE-2024-52802.json | 85 ++++++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52804.json | 95 +++++++++++++++++++++++++++++-- 2024/52xxx/CVE-2024-52814.json | 96 +++++++++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53833.json | 18 ++++++ 2024/53xxx/CVE-2024-53834.json | 18 ++++++ 2024/53xxx/CVE-2024-53835.json | 18 ++++++ 2024/53xxx/CVE-2024-53836.json | 18 ++++++ 2024/53xxx/CVE-2024-53837.json | 18 ++++++ 2024/53xxx/CVE-2024-53838.json | 18 ++++++ 2024/53xxx/CVE-2024-53839.json | 18 ++++++ 2024/53xxx/CVE-2024-53840.json | 18 ++++++ 2024/53xxx/CVE-2024-53841.json | 18 ++++++ 2024/53xxx/CVE-2024-53842.json | 18 ++++++ 60 files changed, 4247 insertions(+), 228 deletions(-) create mode 100644 2024/11xxx/CVE-2024-11623.json create mode 100644 2024/11xxx/CVE-2024-11624.json create mode 100644 2024/53xxx/CVE-2024-53833.json create mode 100644 2024/53xxx/CVE-2024-53834.json create mode 100644 2024/53xxx/CVE-2024-53835.json create mode 100644 2024/53xxx/CVE-2024-53836.json create mode 100644 2024/53xxx/CVE-2024-53837.json create mode 100644 2024/53xxx/CVE-2024-53838.json create mode 100644 2024/53xxx/CVE-2024-53839.json create mode 100644 2024/53xxx/CVE-2024-53840.json create mode 100644 2024/53xxx/CVE-2024-53841.json create mode 100644 2024/53xxx/CVE-2024-53842.json diff --git a/2021/38xxx/CVE-2021-38116.json b/2021/38xxx/CVE-2021-38116.json index a2e969546f6..1ae71078675 100644 --- a/2021/38xxx/CVE-2021-38116.json +++ b/2021/38xxx/CVE-2021-38116.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38116", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@opentext.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Possible Elevation of Privilege Vulnerability\n\nin iManager has been discovered in\nOpenText\u2122 iManager. This impacts all versions before 3.2.5" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenText", + "product": { + "product_data": [ + { + "product_name": "iManager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.2.4.0000", + "status": "affected", + "version": "3.0.0", + "versionType": "rpm, exe" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html", + "refsource": "MISC", + "name": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2021/38xxx/CVE-2021-38117.json b/2021/38xxx/CVE-2021-38117.json index ae0969f56f1..425657d910e 100644 --- a/2021/38xxx/CVE-2021-38117.json +++ b/2021/38xxx/CVE-2021-38117.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38117", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@opentext.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Possible Command injection Vulnerability\n\nin iManager has been discovered in\nOpenText\u2122 iManager 3.2.4.0000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenText", + "product": { + "product_data": [ + { + "product_name": "iManager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.2.4.0000", + "status": "affected", + "version": "3.0.0", + "versionType": "rpm, exe" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html", + "refsource": "MISC", + "name": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2021/38xxx/CVE-2021-38118.json b/2021/38xxx/CVE-2021-38118.json index 7d5024e0fca..11b440c1eae 100644 --- a/2021/38xxx/CVE-2021-38118.json +++ b/2021/38xxx/CVE-2021-38118.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38118", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@opentext.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Possible improper input validation Vulnerability\n\nin iManager has been discovered in\nOpenText\u2122 iManager 3.2.4.0000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-250: Execution with Unnecessary Privileges", + "cweId": "CWE-250" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenText", + "product": { + "product_data": [ + { + "product_name": "iManager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.2.4.0000", + "status": "affected", + "version": "3.0.0", + "versionType": "rpm, exe" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html", + "refsource": "MISC", + "name": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2021/38xxx/CVE-2021-38119.json b/2021/38xxx/CVE-2021-38119.json index 908d97d41c0..824cf7d1acb 100644 --- a/2021/38xxx/CVE-2021-38119.json +++ b/2021/38xxx/CVE-2021-38119.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38119", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@opentext.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Possible Reflected Cross-Site Scripting (XSS) Vulnerability\n\nin iManager has been discovered in\nOpenText\u2122 iManager 3.2.4.0000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenText", + "product": { + "product_data": [ + { + "product_name": "iManager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.2.4.0000", + "status": "affected", + "version": "3.0.0", + "versionType": "rpm, exe" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html", + "refsource": "MISC", + "name": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2021/38xxx/CVE-2021-38134.json b/2021/38xxx/CVE-2021-38134.json index 50330d00b4f..9c47f324922 100644 --- a/2021/38xxx/CVE-2021-38134.json +++ b/2021/38xxx/CVE-2021-38134.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38134", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@opentext.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Possible XSS in iManager URL for access Component has been discovered in\nOpenText\u2122 iManager 3.2.5.0000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenText", + "product": { + "product_data": [ + { + "product_name": "iManager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.2.5.0000", + "status": "affected", + "version": "3.0.0", + "versionType": "rpm, exe" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html", + "refsource": "MISC", + "name": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2021/38xxx/CVE-2021-38135.json b/2021/38xxx/CVE-2021-38135.json index c139cb9e7c4..56af3d3b2e1 100644 --- a/2021/38xxx/CVE-2021-38135.json +++ b/2021/38xxx/CVE-2021-38135.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38135", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@opentext.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Possible \nExternal Service Interaction attack\n\nin iManager has been discovered in\nOpenText\u2122 iManager 3.2.6.0000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918 Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-406: Insufficient Control of Network Message Volume (Network Amplification)", + "cweId": "CWE-406" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenText", + "product": { + "product_data": [ + { + "product_name": "iManager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.2.5.0000", + "status": "affected", + "version": "3.0.0", + "versionType": "rpm, exe" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html", + "refsource": "MISC", + "name": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2022/26xxx/CVE-2022-26324.json b/2022/26xxx/CVE-2022-26324.json index afc80179721..3d6fd4db33a 100644 --- a/2022/26xxx/CVE-2022-26324.json +++ b/2022/26xxx/CVE-2022-26324.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26324", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@opentext.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Possible XSS in iManager URL for access Component has been discovered in\nOpenText\u2122 iManager 3.2.6.0000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenText", + "product": { + "product_data": [ + { + "product_name": "iManager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.2.6.0000", + "status": "affected", + "version": "3.0.0", + "versionType": "rpm, exe" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch1_releasenotes/imanager326_patch1_releasenotes.pdf", + "refsource": "MISC", + "name": "https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch1_releasenotes/imanager326_patch1_releasenotes.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/24xxx/CVE-2023-24466.json b/2023/24xxx/CVE-2023-24466.json index c87ba12c911..aaf59a67053 100644 --- a/2023/24xxx/CVE-2023-24466.json +++ b/2023/24xxx/CVE-2023-24466.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-24466", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@opentext.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Possible XML External Entity Injection\n\n\n in iManager GET parameter has been discovered in\nOpenText\u2122 iManager 3.2.6.0200." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 Improper Restriction of XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenText", + "product": { + "product_data": [ + { + "product_name": "iManager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.2.6.0200", + "status": "affected", + "version": "3.0.0", + "versionType": "rpm, exe" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch3_releasenotes/imanager326_patch3_releasenotes.pdf", + "refsource": "MISC", + "name": "https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch3_releasenotes/imanager326_patch3_releasenotes.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/24xxx/CVE-2023-24467.json b/2023/24xxx/CVE-2023-24467.json index a600255d713..85c896587a3 100644 --- a/2023/24xxx/CVE-2023-24467.json +++ b/2023/24xxx/CVE-2023-24467.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-24467", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@opentext.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Possible Command Injection\n\n\n in iManager GET parameter has been discovered in\nOpenText\u2122 iManager 3.2.6.0000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenText", + "product": { + "product_data": [ + { + "product_name": "iManager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.2.6.0200", + "status": "affected", + "version": "3.0.0", + "versionType": "rpm, exe" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch3_releasenotes/imanager326_patch3_releasenotes.pdf", + "refsource": "MISC", + "name": "https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch3_releasenotes/imanager326_patch3_releasenotes.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/10xxx/CVE-2024-10863.json b/2024/10xxx/CVE-2024-10863.json index 5171de9ca7f..f985aaa9cfb 100644 --- a/2024/10xxx/CVE-2024-10863.json +++ b/2024/10xxx/CVE-2024-10863.json @@ -1,18 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10863", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@opentext.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": ": Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before <24.4.\n\n\n\nEnd-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-778: Insufficient Logging", + "cweId": "CWE-778" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenText", + "product": { + "product_data": [ + { + "product_name": "Secure Content Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.1", + "version_value": "<24.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://portal.microfocus.com/s/article/KM000036389?", + "refsource": "MISC", + "name": "https://portal.microfocus.com/s/article/KM000036389?" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Audit trails will be captured on the server side instead of the client side, thereby eliminating the vulnerability and its impact

Apply the following patch builds in your data center.

Secure Content Manager 24.3 Patch 1: Patch 219146 - Content Manager 24.3 Patch 1 Build 86
Secure Content Manager 24.2 Patch 1: Patch 219145 - Content Manager 24.2 Patch 1 Build 123
Secure Content Manager 23.4 Patch 2: Patch 1593502 - Content Manager 23.4 Patch 2 Build 240
Secure Content Manager 10.1 Patch 6: Patch 1593711 \u2013 Content Manager 10.1 Patch 6 Build 1185

" + } + ], + "value": "Audit trails will be captured on the server side instead of the client side, thereby eliminating the vulnerability and its impact\n\nApply the following patch builds in your data center.\n\nSecure Content Manager 24.3 Patch 1: Patch 219146 - Content Manager 24.3 Patch 1 Build 86\nSecure Content Manager 24.2 Patch 1: Patch 219145 - Content Manager 24.2 Patch 1 Build 123\nSecure Content Manager 23.4 Patch 2: Patch 1593502 - Content Manager 23.4 Patch 2 Build 240\nSecure Content Manager 10.1 Patch 6: Patch 1593711 \u2013 Content Manager 10.1 Patch 6 Build 1185" + } + ], + "credits": [ + { + "lang": "en", + "value": "Evan Pearce of CyberCX" + } + ] } \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11623.json b/2024/11xxx/CVE-2024-11623.json new file mode 100644 index 00000000000..e67f2939d46 --- /dev/null +++ b/2024/11xxx/CVE-2024-11623.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11623", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11624.json b/2024/11xxx/CVE-2024-11624.json new file mode 100644 index 00000000000..c6dfa7fc839 --- /dev/null +++ b/2024/11xxx/CVE-2024-11624.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11624", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32767.json b/2024/32xxx/CVE-2024-32767.json index 729170fb2fd..22b96000602 100644 --- a/2024/32xxx/CVE-2024-32767.json +++ b/2024/32xxx/CVE-2024-32767.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32767", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.\n\nWe have already fixed the vulnerability in the following version:\nPhoto Station 6.4.3 ( 2024/07/12 ) and later" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "Photo Station", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.4.x", + "version_value": "6.4.3 ( 2024/07/12 )" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-39", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-39" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-39", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
Photo Station 6.4.3 ( 2024/07/12 ) and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nPhoto Station 6.4.3 ( 2024/07/12 ) and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Nemar Nil" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/32xxx/CVE-2024-32768.json b/2024/32xxx/CVE-2024-32768.json index e7d336bdf06..dda0284c970 100644 --- a/2024/32xxx/CVE-2024-32768.json +++ b/2024/32xxx/CVE-2024-32768.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32768", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.\n\nWe have already fixed the vulnerability in the following version:\nPhoto Station 6.4.3 ( 2024/07/12 ) and later" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "Photo Station", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.4.x", + "version_value": "6.4.3 ( 2024/07/12 )" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-39", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-39" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-39", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
Photo Station 6.4.3 ( 2024/07/12 ) and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nPhoto Station 6.4.3 ( 2024/07/12 ) and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Nemar Nil" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/32xxx/CVE-2024-32769.json b/2024/32xxx/CVE-2024-32769.json index f507fd794da..23776e3690b 100644 --- a/2024/32xxx/CVE-2024-32769.json +++ b/2024/32xxx/CVE-2024-32769.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32769", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.\n\nWe have already fixed the vulnerability in the following version:\nPhoto Station 6.4.3 ( 2024/07/12 ) and later" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "Photo Station", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.4.x", + "version_value": "6.4.3 ( 2024/07/12 )" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-39", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-39" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-39", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
Photo Station 6.4.3 ( 2024/07/12 ) and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nPhoto Station 6.4.3 ( 2024/07/12 ) and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Nemar Nil" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/32xxx/CVE-2024-32770.json b/2024/32xxx/CVE-2024-32770.json index 0a876b5c336..202e235c4fc 100644 --- a/2024/32xxx/CVE-2024-32770.json +++ b/2024/32xxx/CVE-2024-32770.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32770", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.\n\nWe have already fixed the vulnerability in the following version:\nPhoto Station 6.4.3 ( 2024/07/12 ) and later" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "Photo Station", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.4.x", + "version_value": "6.4.3 ( 2024/07/12 )" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-39", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-39" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-39", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
Photo Station 6.4.3 ( 2024/07/12 ) and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nPhoto Station 6.4.3 ( 2024/07/12 ) and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Nemar Nil" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/37xxx/CVE-2024-37041.json b/2024/37xxx/CVE-2024-37041.json index fbff745d690..a5f14591a7e 100644 --- a/2024/37xxx/CVE-2024-37041.json +++ b/2024/37xxx/CVE-2024-37041.json @@ -1,18 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37041", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120", + "cweId": "CWE-120" + }, + { + "lang": "eng", + "value": "CWE-122", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Jiaxu Zhao && Bingwei Peng" + } + ] } \ No newline at end of file diff --git a/2024/37xxx/CVE-2024-37042.json b/2024/37xxx/CVE-2024-37042.json index c32c952f25f..a6fa7fa1218 100644 --- a/2024/37xxx/CVE-2024-37042.json +++ b/2024/37xxx/CVE-2024-37042.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37042", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Jiaxu Zhao && Bingwei Peng" + } + ] } \ No newline at end of file diff --git a/2024/37xxx/CVE-2024-37043.json b/2024/37xxx/CVE-2024-37043.json index b765137ccf3..0f64c324c45 100644 --- a/2024/37xxx/CVE-2024-37043.json +++ b/2024/37xxx/CVE-2024-37043.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37043", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Jiaxu Zhao && Bingwei Peng" + } + ] } \ No newline at end of file diff --git a/2024/37xxx/CVE-2024-37044.json b/2024/37xxx/CVE-2024-37044.json index 04d8820e163..5c144dc8c73 100644 --- a/2024/37xxx/CVE-2024-37044.json +++ b/2024/37xxx/CVE-2024-37044.json @@ -1,18 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37044", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120", + "cweId": "CWE-120" + }, + { + "lang": "eng", + "value": "CWE-121", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Jiaxu Zhao && Bingwei Peng" + } + ] } \ No newline at end of file diff --git a/2024/37xxx/CVE-2024-37045.json b/2024/37xxx/CVE-2024-37045.json index 540b7f79c64..38150f39a9a 100644 --- a/2024/37xxx/CVE-2024-37045.json +++ b/2024/37xxx/CVE-2024-37045.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37045", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Jiaxu Zhao && Bingwei Peng" + } + ] } \ No newline at end of file diff --git a/2024/37xxx/CVE-2024-37046.json b/2024/37xxx/CVE-2024-37046.json index eb2a3faf9f3..7579863d1b1 100644 --- a/2024/37xxx/CVE-2024-37046.json +++ b/2024/37xxx/CVE-2024-37046.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37046", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Jiaxu Zhao && Bingwei Peng" + } + ] } \ No newline at end of file diff --git a/2024/37xxx/CVE-2024-37047.json b/2024/37xxx/CVE-2024-37047.json index 3ca4f6278e5..6e0e825492f 100644 --- a/2024/37xxx/CVE-2024-37047.json +++ b/2024/37xxx/CVE-2024-37047.json @@ -1,18 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37047", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120", + "cweId": "CWE-120" + }, + { + "lang": "eng", + "value": "CWE-121", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Jiaxu Zhao && Bingwei Peng" + } + ] } \ No newline at end of file diff --git a/2024/37xxx/CVE-2024-37048.json b/2024/37xxx/CVE-2024-37048.json index 91ae2c89a46..7c9776fe5e0 100644 --- a/2024/37xxx/CVE-2024-37048.json +++ b/2024/37xxx/CVE-2024-37048.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37048", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Jiaxu Zhao && Bingwei Peng" + } + ] } \ No newline at end of file diff --git a/2024/37xxx/CVE-2024-37049.json b/2024/37xxx/CVE-2024-37049.json index 83666fd7a67..3f367274e58 100644 --- a/2024/37xxx/CVE-2024-37049.json +++ b/2024/37xxx/CVE-2024-37049.json @@ -1,18 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37049", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120", + "cweId": "CWE-120" + }, + { + "lang": "eng", + "value": "CWE-121", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Jiaxu Zhao && Bingwei Peng" + } + ] } \ No newline at end of file diff --git a/2024/37xxx/CVE-2024-37050.json b/2024/37xxx/CVE-2024-37050.json index b622f4237ea..b0075b0c73e 100644 --- a/2024/37xxx/CVE-2024-37050.json +++ b/2024/37xxx/CVE-2024-37050.json @@ -1,18 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-37050", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120", + "cweId": "CWE-120" + }, + { + "lang": "eng", + "value": "CWE-121", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Jiaxu Zhao && Bingwei Peng" + } + ] } \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38643.json b/2024/38xxx/CVE-2024-38643.json index 748fb0217a2..b12bda5d39d 100644 --- a/2024/38xxx/CVE-2024-38643.json +++ b/2024/38xxx/CVE-2024-38643.json @@ -1,18 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38643", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions.\n\nWe have already fixed the vulnerability in the following version:\nNotes Station 3 3.9.7 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "Notes Station 3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.9.x", + "version_value": "3.9.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-36", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-36" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-36", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
Notes Station 3 3.9.7 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nNotes Station 3 3.9.7 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Thomas Fady" + } + ] } \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38644.json b/2024/38xxx/CVE-2024-38644.json index 2c67540faf2..6c078681b13 100644 --- a/2024/38xxx/CVE-2024-38644.json +++ b/2024/38xxx/CVE-2024-38644.json @@ -1,18 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands.\n\nWe have already fixed the vulnerability in the following version:\nNotes Station 3 3.9.7 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77", + "cweId": "CWE-77" + }, + { + "lang": "eng", + "value": "CWE-78", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "Notes Station 3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.9.x", + "version_value": "3.9.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-36", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-36" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-36", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
Notes Station 3 3.9.7 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nNotes Station 3 3.9.7 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Thomas Fady" + } + ] } \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38645.json b/2024/38xxx/CVE-2024-38645.json index 9b29a8cf8c1..f3072ef81ca 100644 --- a/2024/38xxx/CVE-2024-38645.json +++ b/2024/38xxx/CVE-2024-38645.json @@ -1,18 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38645", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data.\n\nWe have already fixed the vulnerability in the following version:\nNotes Station 3 3.9.7 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "Notes Station 3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.9.x", + "version_value": "3.9.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-36", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-36" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-36", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
Notes Station 3 3.9.7 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nNotes Station 3 3.9.7 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Thomas Fady" + } + ] } \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38646.json b/2024/38xxx/CVE-2024-38646.json index 1a78395cefb..28d30203216 100644 --- a/2024/38xxx/CVE-2024-38646.json +++ b/2024/38xxx/CVE-2024-38646.json @@ -1,18 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38646", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource.\n\nWe have already fixed the vulnerability in the following version:\nNotes Station 3 3.9.7 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "Notes Station 3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.9.x", + "version_value": "3.9.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-36", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-36" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-36", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
Notes Station 3 3.9.7 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nNotes Station 3 3.9.7 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Thomas Fady" + } + ] } \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38647.json b/2024/38xxx/CVE-2024-38647.json index b3829422915..9bd05d7e93e 100644 --- a/2024/38xxx/CVE-2024-38647.json +++ b/2024/38xxx/CVE-2024-38647.json @@ -1,18 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38647", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nQNAP AI Core 3.4.1 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-540", + "cweId": "CWE-540" + }, + { + "lang": "eng", + "value": "CWE-200", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QNAP AI Core", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.4.x", + "version_value": "3.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-40", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-40" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-40", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
QNAP AI Core 3.4.1 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nQNAP AI Core 3.4.1 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Thomas Fady" + } + ] } \ No newline at end of file diff --git a/2024/48xxx/CVE-2024-48860.json b/2024/48xxx/CVE-2024-48860.json index 7e203512310..16247fb787e 100644 --- a/2024/48xxx/CVE-2024-48860.json +++ b/2024/48xxx/CVE-2024-48860.json @@ -1,18 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48860", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.4.3.103 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77", + "cweId": "CWE-77" + }, + { + "lang": "eng", + "value": "CWE-78", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QuRouter", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.4.x", + "version_value": "2.4.3.103" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-44", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-44" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-44", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
QuRouter 2.4.3.103 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nQuRouter 2.4.3.103 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Midnight Blue / PHP Hooligans" + } + ] } \ No newline at end of file diff --git a/2024/48xxx/CVE-2024-48861.json b/2024/48xxx/CVE-2024-48861.json index 1dfea31dfaa..b675f199d2d 100644 --- a/2024/48xxx/CVE-2024-48861.json +++ b/2024/48xxx/CVE-2024-48861.json @@ -1,18 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48861", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands.\n\nWe have already fixed the vulnerability in the following versions:\nQuRouter 2.4.4.106 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77", + "cweId": "CWE-77" + }, + { + "lang": "eng", + "value": "CWE-78", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QuRouter", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.4.x", + "version_value": "2.4.4.106" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-44", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-44" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-44", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QuRouter 2.4.4.106 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQuRouter 2.4.4.106 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Midnight Blue / PHP Hooligans" + } + ] } \ No newline at end of file diff --git a/2024/48xxx/CVE-2024-48862.json b/2024/48xxx/CVE-2024-48862.json index 1b6eb132e33..da3f107e37f 100644 --- a/2024/48xxx/CVE-2024-48862.json +++ b/2024/48xxx/CVE-2024-48862.json @@ -1,18 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-48862", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files.\n\nWe have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59", + "cweId": "CWE-59" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QuLog Center", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.7.x.x", + "version_value": "1.7.0.831 ( 2024/10/15 )" + }, + { + "version_affected": "<", + "version_name": "1.8.x.x", + "version_value": "1.8.0.888 ( 2024/10/15 )" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-46", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-46" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-46", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QuLog Center 1.7.0.831 ( 2024/10/15 ) and later
QuLog Center 1.8.0.888 ( 2024/10/15 ) and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQuLog Center 1.7.0.831 ( 2024/10/15 ) and later\nQuLog Center 1.8.0.888 ( 2024/10/15 ) and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Dinh Ho Anh Khoa" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50395.json b/2024/50xxx/CVE-2024-50395.json index 5acd467bdba..7197e2a758c 100644 --- a/2024/50xxx/CVE-2024-50395.json +++ b/2024/50xxx/CVE-2024-50395.json @@ -1,18 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50395", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "Media Streaming add-on", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "500.1.x", + "version_value": "500.1.1.6 ( 2024/08/02 )" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-47", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-47" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-47", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following version:
Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later
" + } + ], + "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Dohwan KIM (neko_hat from TeamH4C)" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50396.json b/2024/50xxx/CVE-2024-50396.json index cf95bf429b8..19916f13fa6 100644 --- a/2024/50xxx/CVE-2024-50396.json +++ b/2024/50xxx/CVE-2024-50396.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50396", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134", + "cweId": "CWE-134" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "?", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Anh Nguyen Le Quoc (h4niz), Tri, Nguyen Huu, Quy, Cao Ngoc of bl4ckh0l3 from Galaxy One" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50397.json b/2024/50xxx/CVE-2024-50397.json index bda159b2faa..205d8e2c15d 100644 --- a/2024/50xxx/CVE-2024-50397.json +++ b/2024/50xxx/CVE-2024-50397.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134", + "cweId": "CWE-134" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Anh Nguyen Le Quoc (h4niz), Tri, Nguyen Huu, Quy, Cao Ngoc of bl4ckh0l3 from Galaxy One" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50398.json b/2024/50xxx/CVE-2024-50398.json index db31c455e74..387fabdfa48 100644 --- a/2024/50xxx/CVE-2024-50398.json +++ b/2024/50xxx/CVE-2024-50398.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134", + "cweId": "CWE-134" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Anh Nguyen Le Quoc (h4niz), Tri, Nguyen Huu, Quy, Cao Ngoc of bl4ckh0l3 from Galaxy One" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50399.json b/2024/50xxx/CVE-2024-50399.json index eac060e251a..929a580b512 100644 --- a/2024/50xxx/CVE-2024-50399.json +++ b/2024/50xxx/CVE-2024-50399.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50399", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134", + "cweId": "CWE-134" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Anh Nguyen Le Quoc (h4niz), Tri, Nguyen Huu, Quy, Cao Ngoc of bl4ckh0l3 from Galaxy One" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50400.json b/2024/50xxx/CVE-2024-50400.json index 16858ac3893..0f2609a00bd 100644 --- a/2024/50xxx/CVE-2024-50400.json +++ b/2024/50xxx/CVE-2024-50400.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50400", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134", + "cweId": "CWE-134" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Anh Nguyen Le Quoc (h4niz), Tri, Nguyen Huu, Quy, Cao Ngoc of bl4ckh0l3 from Galaxy One" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50401.json b/2024/50xxx/CVE-2024-50401.json index f17331c085b..c70d7de65bb 100644 --- a/2024/50xxx/CVE-2024-50401.json +++ b/2024/50xxx/CVE-2024-50401.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134", + "cweId": "CWE-134" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.2.x", + "version_value": "5.2.1.2930 build 20241025" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.2.x", + "version_value": "h5.2.1.2929 build 20241025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-24-43", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-24-43" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-24-43", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later" + } + ], + "credits": [ + { + "lang": "en", + "value": "Anh Nguyen Le Quoc (h4niz), Tri, Nguyen Huu, Quy, Cao Ngoc of bl4ckh0l3 from Galaxy One" + } + ] } \ No newline at end of file diff --git a/2024/50xxx/CVE-2024-50965.json b/2024/50xxx/CVE-2024-50965.json index a7e30a55f06..61d22ce1702 100644 --- a/2024/50xxx/CVE-2024-50965.json +++ b/2024/50xxx/CVE-2024-50965.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-50965", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-50965", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://openjournaltheme.com/urgent-critical-vulnerabilities-in-3-3-0-18-upgrade-your-ojs-now/", + "refsource": "MISC", + "name": "https://openjournaltheme.com/urgent-critical-vulnerabilities-in-3-3-0-18-upgrade-your-ojs-now/" } ] } diff --git a/2024/51xxx/CVE-2024-51072.json b/2024/51xxx/CVE-2024-51072.json index 553606026ff..fe7aa6ef4f5 100644 --- a/2024/51xxx/CVE-2024-51072.json +++ b/2024/51xxx/CVE-2024-51072.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-51072", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-51072", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 allows attackers to cause a Denial of Service (DoS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.iso.org/standard/77323.html", + "refsource": "MISC", + "name": "https://www.iso.org/standard/77323.html" + }, + { + "url": "https://udsoncan.readthedocs.io/en/latest/udsoncan/services.html", + "refsource": "MISC", + "name": "https://udsoncan.readthedocs.io/en/latest/udsoncan/services.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/nitinronge91/KIA-SELTOS-Cluster-Vulnerabilities/blob/628b1550f0093f79380929074b6a5e6ca6f2d04b/CVE/Denial%20of%20Service%20via%20ECU%20Reset%20Service%20For%20KIA%20SELTOS%20CVE-2024-51072.md", + "url": "https://github.com/nitinronge91/KIA-SELTOS-Cluster-Vulnerabilities/blob/628b1550f0093f79380929074b6a5e6ca6f2d04b/CVE/Denial%20of%20Service%20via%20ECU%20Reset%20Service%20For%20KIA%20SELTOS%20CVE-2024-51072.md" } ] } diff --git a/2024/51xxx/CVE-2024-51073.json b/2024/51xxx/CVE-2024-51073.json index a006dfdf5cd..6fe749d773e 100644 --- a/2024/51xxx/CVE-2024-51073.json +++ b/2024/51xxx/CVE-2024-51073.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-51073", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-51073", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 allows attackers to disrupt communications between the Instrument cluster and CAN bus." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.iso.org/standard/77323.html", + "refsource": "MISC", + "name": "https://www.iso.org/standard/77323.html" + }, + { + "url": "https://udsoncan.readthedocs.io/en/latest/udsoncan/services.html", + "refsource": "MISC", + "name": "https://udsoncan.readthedocs.io/en/latest/udsoncan/services.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/nitinronge91/KIA-SELTOS-Cluster-Vulnerabilities/blob/3755e3f692dce5b1ab06de2d04a2433c907ab21c/CVE/Control%20CAN%20communication%20for%20KIA%20SELTOS%20Cluster%20CVE-2024-51073.md", + "url": "https://github.com/nitinronge91/KIA-SELTOS-Cluster-Vulnerabilities/blob/3755e3f692dce5b1ab06de2d04a2433c907ab21c/CVE/Control%20CAN%20communication%20for%20KIA%20SELTOS%20Cluster%20CVE-2024-51073.md" } ] } diff --git a/2024/51xxx/CVE-2024-51074.json b/2024/51xxx/CVE-2024-51074.json index fdfb53b7a63..bbaa63ee80c 100644 --- a/2024/51xxx/CVE-2024-51074.json +++ b/2024/51xxx/CVE-2024-51074.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-51074", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-51074", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect access control in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://en.wikipedia.org/wiki/CAN_bus", + "refsource": "MISC", + "name": "https://en.wikipedia.org/wiki/CAN_bus" + }, + { + "refsource": "MISC", + "name": "https://github.com/nitinronge91/KIA-SELTOS-Cluster-Vulnerabilities/blob/0446f6fe6299eb39310e996c73d5513e70d76353/CVE/Odometer%20Manipulation(Increase)%20for%20KIA%20SELTOS%20Cluster%20CVE-2024-51074.md", + "url": "https://github.com/nitinronge91/KIA-SELTOS-Cluster-Vulnerabilities/blob/0446f6fe6299eb39310e996c73d5513e70d76353/CVE/Odometer%20Manipulation(Increase)%20for%20KIA%20SELTOS%20Cluster%20CVE-2024-51074.md" } ] } diff --git a/2024/52xxx/CVE-2024-52723.json b/2024/52xxx/CVE-2024-52723.json index 8481667a2cf..920c2278d47 100644 --- a/2024/52xxx/CVE-2024-52723.json +++ b/2024/52xxx/CVE-2024-52723.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-52723", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-52723", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://x6000r.com", + "refsource": "MISC", + "name": "http://x6000r.com" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/M4rg4tr01d/e84f8ed8dc27960d7c56ad289f6fb0ff", + "url": "https://gist.github.com/M4rg4tr01d/e84f8ed8dc27960d7c56ad289f6fb0ff" } ] } diff --git a/2024/52xxx/CVE-2024-52793.json b/2024/52xxx/CVE-2024-52793.json index d8aea9f2eec..4a8cc5c95b5 100644 --- a/2024/52xxx/CVE-2024-52793.json +++ b/2024/52xxx/CVE-2024-52793.json @@ -1,18 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52793", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, `http/file-server`'s `serveDir` with `showDirListing: true` option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names. Exploitation might also be possible on other systems but less trivial due to e.g. lack of file name support for `<>` in Windows. Version 1.0.11 fixes the issue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "denoland", + "product": { + "product_data": [ + { + "product_name": "std", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.0.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/denoland/std/security/advisories/GHSA-32fx-h446-h8pf", + "refsource": "MISC", + "name": "https://github.com/denoland/std/security/advisories/GHSA-32fx-h446-h8pf" + }, + { + "url": "https://github.com/denoland/std/blob/065296ca5a05a47f9741df8f99c32fae4f960070/http/file_server.ts#L507", + "refsource": "MISC", + "name": "https://github.com/denoland/std/blob/065296ca5a05a47f9741df8f99c32fae4f960070/http/file_server.ts#L507" + }, + { + "url": "https://github.com/denoland/std/blob/065296ca5a05a47f9741df8f99c32fae4f960070/http/file_server.ts#L532", + "refsource": "MISC", + "name": "https://github.com/denoland/std/blob/065296ca5a05a47f9741df8f99c32fae4f960070/http/file_server.ts#L532" + } + ] + }, + "source": { + "advisory": "GHSA-32fx-h446-h8pf", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/52xxx/CVE-2024-52802.json b/2024/52xxx/CVE-2024-52802.json index 3d4ad532cca..ba4d7465ee9 100644 --- a/2024/52xxx/CVE-2024-52802.json +++ b/2024/52xxx/CVE-2024-52802.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processing `dhcpv6_msg_t`. This omission could lead to an out-of-bound read, causing system inconsistency. Additionally, the same lack of a header length check is present in the function `_preparse_advertise`, which is called by `_parse_advertise` before handling the request. As of time of publication, no known patched version exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "RIOT-OS", + "product": { + "product_data": [ + { + "product_name": "RIOT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 2024.04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xgv3-pcq6-qmrg", + "refsource": "MISC", + "name": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-xgv3-pcq6-qmrg" + } + ] + }, + "source": { + "advisory": "GHSA-xgv3-pcq6-qmrg", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52804.json b/2024/52xxx/CVE-2024-52804.json index 24ad0761535..710c81d5668 100644 --- a/2024/52xxx/CVE-2024-52804.json +++ b/2024/52xxx/CVE-2024-52804.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52804", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tornadoweb", + "product": { + "product_data": [ + { + "product_name": "tornado", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 6.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c", + "refsource": "MISC", + "name": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c" + }, + { + "url": "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533", + "refsource": "MISC", + "name": "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533" + }, + { + "url": "https://github.com/advisories/GHSA-7pwv-g7hj-39pr", + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-7pwv-g7hj-39pr" + } + ] + }, + "source": { + "advisory": "GHSA-8w49-h785-mj3c", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/52xxx/CVE-2024-52814.json b/2024/52xxx/CVE-2024-52814.json index 23eddc85936..68864819b35 100644 --- a/2024/52xxx/CVE-2024-52814.json +++ b/2024/52xxx/CVE-2024-52814.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52814", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Argo Helm is a collection of community maintained charts for `argoproj.github.io` projects. Prior to version 0.45.0, the `workflow-role`) lacks granularity in its privileges, giving permissions to `workflowtasksets` and `workflowartifactgctasks` to all workflow Pods, when only certain types of Pods created by the Controller require these privileges. The impact is minimal, as an attack could only affect status reporting for certain types of Pods and templates. Version 0.45.0 fixes the issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1220: Insufficient Granularity of Access Control", + "cweId": "CWE-1220" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "argoproj", + "product": { + "product_data": [ + { + "product_name": "argo-helm", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.45.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/argoproj/argo-helm/security/advisories/GHSA-h974-w8pg-cx73", + "refsource": "MISC", + "name": "https://github.com/argoproj/argo-helm/security/advisories/GHSA-h974-w8pg-cx73" + }, + { + "url": "https://github.com/argoproj/argo-helm/blob/2653aef414ab6a5d8617af75f04190a8f7da28dc/charts/argo-workflows/templates/controller/workflow-role.yaml", + "refsource": "MISC", + "name": "https://github.com/argoproj/argo-helm/blob/2653aef414ab6a5d8617af75f04190a8f7da28dc/charts/argo-workflows/templates/controller/workflow-role.yaml" + }, + { + "url": "https://github.com/argoproj/argo-helm/blob/2653aef414ab6a5d8617af75f04190a8f7da28dc/charts/argo-workflows/templates/controller/workflow-role.yaml#L45-L56", + "refsource": "MISC", + "name": "https://github.com/argoproj/argo-helm/blob/2653aef414ab6a5d8617af75f04190a8f7da28dc/charts/argo-workflows/templates/controller/workflow-role.yaml#L45-L56" + }, + { + "url": "https://github.com/argoproj/argo-workflows/blob/5aac5a8f61f4e8273d04509dffe7d80123ff67f5/manifests/quick-start/base/agent-role.yaml", + "refsource": "MISC", + "name": "https://github.com/argoproj/argo-workflows/blob/5aac5a8f61f4e8273d04509dffe7d80123ff67f5/manifests/quick-start/base/agent-role.yaml" + }, + { + "url": "https://github.com/argoproj/argo-workflows/blob/5aac5a8f61f4e8273d04509dffe7d80123ff67f5/manifests/quick-start/base/artifactgc-role.yaml", + "refsource": "MISC", + "name": "https://github.com/argoproj/argo-workflows/blob/5aac5a8f61f4e8273d04509dffe7d80123ff67f5/manifests/quick-start/base/artifactgc-role.yaml" + } + ] + }, + "source": { + "advisory": "GHSA-h974-w8pg-cx73", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.8, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/53xxx/CVE-2024-53833.json b/2024/53xxx/CVE-2024-53833.json new file mode 100644 index 00000000000..5caafedb30a --- /dev/null +++ b/2024/53xxx/CVE-2024-53833.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53833", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53834.json b/2024/53xxx/CVE-2024-53834.json new file mode 100644 index 00000000000..ec048baa1b5 --- /dev/null +++ b/2024/53xxx/CVE-2024-53834.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53834", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53835.json b/2024/53xxx/CVE-2024-53835.json new file mode 100644 index 00000000000..d1e99808d8a --- /dev/null +++ b/2024/53xxx/CVE-2024-53835.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53835", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53836.json b/2024/53xxx/CVE-2024-53836.json new file mode 100644 index 00000000000..f84685229a7 --- /dev/null +++ b/2024/53xxx/CVE-2024-53836.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53836", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53837.json b/2024/53xxx/CVE-2024-53837.json new file mode 100644 index 00000000000..cb60ba2b2d5 --- /dev/null +++ b/2024/53xxx/CVE-2024-53837.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53837", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53838.json b/2024/53xxx/CVE-2024-53838.json new file mode 100644 index 00000000000..6a233e9bc2a --- /dev/null +++ b/2024/53xxx/CVE-2024-53838.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53838", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53839.json b/2024/53xxx/CVE-2024-53839.json new file mode 100644 index 00000000000..5d608f7f095 --- /dev/null +++ b/2024/53xxx/CVE-2024-53839.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53839", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53840.json b/2024/53xxx/CVE-2024-53840.json new file mode 100644 index 00000000000..f8bc814057c --- /dev/null +++ b/2024/53xxx/CVE-2024-53840.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53840", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53841.json b/2024/53xxx/CVE-2024-53841.json new file mode 100644 index 00000000000..3f79a74b7f1 --- /dev/null +++ b/2024/53xxx/CVE-2024-53841.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53841", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53842.json b/2024/53xxx/CVE-2024-53842.json new file mode 100644 index 00000000000..c051716145f --- /dev/null +++ b/2024/53xxx/CVE-2024-53842.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53842", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file