admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-02-07 17:00:35 +00:00
parent c24463f748
commit 7ff76ed454
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
18 changed files with 2213 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
2023/31xxx/CVE-2023-31002.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31002",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "256 Plaintext Storage of a Password"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Access Appliance",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0.0",
"version_value": "10.0.6.1"
}
]
}
},
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0.0",
"version_value": "10.0.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7106586",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7106586"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254657",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254657"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

96
2023/32xxx/CVE-2023-32328.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32328",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information",
"cweId": "CWE-319"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Access Appliance",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0.0",
"version_value": "10.0.6.1"
}
]
}
},
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0.0",
"version_value": "10.0.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7106586",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7106586"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254657",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254657"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

96
2023/32xxx/CVE-2023-32330.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32330",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Access Appliance",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0.0",
"version_value": "10.0.6.1"
}
]
}
},
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0.0",
"version_value": "10.0.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7106586",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7106586"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254977",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254977"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

96
2023/38xxx/CVE-2023-38369.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38369",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521 Weak Password Requirements",
"cweId": "CWE-521"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Access Appliance",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0.0",
"version_value": "10.0.6.1"
}
]
}
},
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0.0",
"version_value": "10.0.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7106586",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7106586"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261196",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261196"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

12
2023/40xxx/CVE-2023-40547.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise."
"value": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully."
}
]
},
@ -126,6 +126,11 @@
},
"references": {
"reference_data": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/26/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/26/1"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-40547",
"refsource": "MISC",
@ -135,11 +140,6 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2234589"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/26/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/26/1"
}
]
},

96
2023/43xxx/CVE-2023-43017.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43017",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Access Appliance",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0.0",
"version_value": "10.0.6.1"
}
]
}
},
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0.0",
"version_value": "10.0.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7106586",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7106586"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266155",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266155"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

83
2023/47xxx/CVE-2023-47700.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47700",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Storage Virtualize",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7114767",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7114767"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

18
2024/1xxx/CVE-2024-1316.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1316",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/1xxx/CVE-2024-1317.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1317",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/1xxx/CVE-2024-1318.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1318",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/1xxx/CVE-2024-1319.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1319",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

357
2024/20xxx/CVE-2024-20252.json
View File

@ -1,17 +1,366 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20252",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Video Communication Server (VCS) Expressway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "X8.5.1"
},
{
"version_affected": "=",
"version_value": "X8.5.3"
},
{
"version_affected": "=",
"version_value": "X8.5"
},
{
"version_affected": "=",
"version_value": "X8.6.1"
},
{
"version_affected": "=",
"version_value": "X8.6"
},
{
"version_affected": "=",
"version_value": "X8.1.1"
},
{
"version_affected": "=",
"version_value": "X8.1.2"
},
{
"version_affected": "=",
"version_value": "X8.1"
},
{
"version_affected": "=",
"version_value": "X8.2.1"
},
{
"version_affected": "=",
"version_value": "X8.2.2"
},
{
"version_affected": "=",
"version_value": "X8.2"
},
{
"version_affected": "=",
"version_value": "X8.7.1"
},
{
"version_affected": "=",
"version_value": "X8.7.2"
},
{
"version_affected": "=",
"version_value": "X8.7.3"
},
{
"version_affected": "=",
"version_value": "X8.7"
},
{
"version_affected": "=",
"version_value": "X8.8.1"
},
{
"version_affected": "=",
"version_value": "X8.8.2"
},
{
"version_affected": "=",
"version_value": "X8.8.3"
},
{
"version_affected": "=",
"version_value": "X8.8"
},
{
"version_affected": "=",
"version_value": "X8.9.1"
},
{
"version_affected": "=",
"version_value": "X8.9.2"
},
{
"version_affected": "=",
"version_value": "X8.9"
},
{
"version_affected": "=",
"version_value": "X8.10.0"
},
{
"version_affected": "=",
"version_value": "X8.10.1"
},
{
"version_affected": "=",
"version_value": "X8.10.2"
},
{
"version_affected": "=",
"version_value": "X8.10.3"
},
{
"version_affected": "=",
"version_value": "X8.10.4"
},
{
"version_affected": "=",
"version_value": "X12.5.8"
},
{
"version_affected": "=",
"version_value": "X12.5.9"
},
{
"version_affected": "=",
"version_value": "X12.5.0"
},
{
"version_affected": "=",
"version_value": "X12.5.2"
},
{
"version_affected": "=",
"version_value": "X12.5.7"
},
{
"version_affected": "=",
"version_value": "X12.5.3"
},
{
"version_affected": "=",
"version_value": "X12.5.4"
},
{
"version_affected": "=",
"version_value": "X12.5.5"
},
{
"version_affected": "=",
"version_value": "X12.5.1"
},
{
"version_affected": "=",
"version_value": "X12.5.6"
},
{
"version_affected": "=",
"version_value": "X12.6.0"
},
{
"version_affected": "=",
"version_value": "X12.6.1"
},
{
"version_affected": "=",
"version_value": "X12.6.2"
},
{
"version_affected": "=",
"version_value": "X12.6.3"
},
{
"version_affected": "=",
"version_value": "X12.6.4"
},
{
"version_affected": "=",
"version_value": "X12.7.0"
},
{
"version_affected": "=",
"version_value": "X12.7.1"
},
{
"version_affected": "=",
"version_value": "X8.11.1"
},
{
"version_affected": "=",
"version_value": "X8.11.2"
},
{
"version_affected": "=",
"version_value": "X8.11.4"
},
{
"version_affected": "=",
"version_value": "X8.11.3"
},
{
"version_affected": "=",
"version_value": "X8.11.0"
},
{
"version_affected": "=",
"version_value": "X14.0.1"
},
{
"version_affected": "=",
"version_value": "X14.0.3"
},
{
"version_affected": "=",
"version_value": "X14.0.2"
},
{
"version_affected": "=",
"version_value": "X14.0.4"
},
{
"version_affected": "=",
"version_value": "X14.0.5"
},
{
"version_affected": "=",
"version_value": "X14.0.6"
},
{
"version_affected": "=",
"version_value": "X14.0.7"
},
{
"version_affected": "=",
"version_value": "X14.0.8"
},
{
"version_affected": "=",
"version_value": "X14.0.9"
},
{
"version_affected": "=",
"version_value": "X14.0.10"
},
{
"version_affected": "=",
"version_value": "X14.0.11"
},
{
"version_affected": "=",
"version_value": "X14.2.1"
},
{
"version_affected": "=",
"version_value": "X14.2.2"
},
{
"version_affected": "=",
"version_value": "X14.2.5"
},
{
"version_affected": "=",
"version_value": "X14.2.6"
},
{
"version_affected": "=",
"version_value": "X14.2.0"
},
{
"version_affected": "=",
"version_value": "X14.2.7"
},
{
"version_affected": "=",
"version_value": "X14.3.0"
},
{
"version_affected": "=",
"version_value": "X14.3.1"
},
{
"version_affected": "=",
"version_value": "X14.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3"
}
]
},
"source": {
"advisory": "cisco-sa-expressway-csrf-KnnZDMj3",
"discovery": "INTERNAL",
"defects": [
"CSCwa25099"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

357
2024/20xxx/CVE-2024-20254.json
View File

@ -1,17 +1,366 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Video Communication Server (VCS) Expressway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "X8.5.1"
},
{
"version_affected": "=",
"version_value": "X8.5.3"
},
{
"version_affected": "=",
"version_value": "X8.5"
},
{
"version_affected": "=",
"version_value": "X8.6.1"
},
{
"version_affected": "=",
"version_value": "X8.6"
},
{
"version_affected": "=",
"version_value": "X8.1.1"
},
{
"version_affected": "=",
"version_value": "X8.1.2"
},
{
"version_affected": "=",
"version_value": "X8.1"
},
{
"version_affected": "=",
"version_value": "X8.2.1"
},
{
"version_affected": "=",
"version_value": "X8.2.2"
},
{
"version_affected": "=",
"version_value": "X8.2"
},
{
"version_affected": "=",
"version_value": "X8.7.1"
},
{
"version_affected": "=",
"version_value": "X8.7.2"
},
{
"version_affected": "=",
"version_value": "X8.7.3"
},
{
"version_affected": "=",
"version_value": "X8.7"
},
{
"version_affected": "=",
"version_value": "X8.8.1"
},
{
"version_affected": "=",
"version_value": "X8.8.2"
},
{
"version_affected": "=",
"version_value": "X8.8.3"
},
{
"version_affected": "=",
"version_value": "X8.8"
},
{
"version_affected": "=",
"version_value": "X8.9.1"
},
{
"version_affected": "=",
"version_value": "X8.9.2"
},
{
"version_affected": "=",
"version_value": "X8.9"
},
{
"version_affected": "=",
"version_value": "X8.10.0"
},
{
"version_affected": "=",
"version_value": "X8.10.1"
},
{
"version_affected": "=",
"version_value": "X8.10.2"
},
{
"version_affected": "=",
"version_value": "X8.10.3"
},
{
"version_affected": "=",
"version_value": "X8.10.4"
},
{
"version_affected": "=",
"version_value": "X12.5.8"
},
{
"version_affected": "=",
"version_value": "X12.5.9"
},
{
"version_affected": "=",
"version_value": "X12.5.0"
},
{
"version_affected": "=",
"version_value": "X12.5.2"
},
{
"version_affected": "=",
"version_value": "X12.5.7"
},
{
"version_affected": "=",
"version_value": "X12.5.3"
},
{
"version_affected": "=",
"version_value": "X12.5.4"
},
{
"version_affected": "=",
"version_value": "X12.5.5"
},
{
"version_affected": "=",
"version_value": "X12.5.1"
},
{
"version_affected": "=",
"version_value": "X12.5.6"
},
{
"version_affected": "=",
"version_value": "X12.6.0"
},
{
"version_affected": "=",
"version_value": "X12.6.1"
},
{
"version_affected": "=",
"version_value": "X12.6.2"
},
{
"version_affected": "=",
"version_value": "X12.6.3"
},
{
"version_affected": "=",
"version_value": "X12.6.4"
},
{
"version_affected": "=",
"version_value": "X12.7.0"
},
{
"version_affected": "=",
"version_value": "X12.7.1"
},
{
"version_affected": "=",
"version_value": "X8.11.1"
},
{
"version_affected": "=",
"version_value": "X8.11.2"
},
{
"version_affected": "=",
"version_value": "X8.11.4"
},
{
"version_affected": "=",
"version_value": "X8.11.3"
},
{
"version_affected": "=",
"version_value": "X8.11.0"
},
{
"version_affected": "=",
"version_value": "X14.0.1"
},
{
"version_affected": "=",
"version_value": "X14.0.3"
},
{
"version_affected": "=",
"version_value": "X14.0.2"
},
{
"version_affected": "=",
"version_value": "X14.0.4"
},
{
"version_affected": "=",
"version_value": "X14.0.5"
},
{
"version_affected": "=",
"version_value": "X14.0.6"
},
{
"version_affected": "=",
"version_value": "X14.0.7"
},
{
"version_affected": "=",
"version_value": "X14.0.8"
},
{
"version_affected": "=",
"version_value": "X14.0.9"
},
{
"version_affected": "=",
"version_value": "X14.0.10"
},
{
"version_affected": "=",
"version_value": "X14.0.11"
},
{
"version_affected": "=",
"version_value": "X14.2.1"
},
{
"version_affected": "=",
"version_value": "X14.2.2"
},
{
"version_affected": "=",
"version_value": "X14.2.5"
},
{
"version_affected": "=",
"version_value": "X14.2.6"
},
{
"version_affected": "=",
"version_value": "X14.2.0"
},
{
"version_affected": "=",
"version_value": "X14.2.7"
},
{
"version_affected": "=",
"version_value": "X14.3.0"
},
{
"version_affected": "=",
"version_value": "X14.3.1"
},
{
"version_affected": "=",
"version_value": "X14.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3"
}
]
},
"source": {
"advisory": "cisco-sa-expressway-csrf-KnnZDMj3",
"discovery": "INTERNAL",
"defects": [
"CSCwa25100"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

357
2024/20xxx/CVE-2024-20255.json
View File

@ -1,17 +1,366 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20255",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Video Communication Server (VCS) Expressway",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "X8.5.1"
},
{
"version_affected": "=",
"version_value": "X8.5.3"
},
{
"version_affected": "=",
"version_value": "X8.5"
},
{
"version_affected": "=",
"version_value": "X8.6.1"
},
{
"version_affected": "=",
"version_value": "X8.6"
},
{
"version_affected": "=",
"version_value": "X8.1.1"
},
{
"version_affected": "=",
"version_value": "X8.1.2"
},
{
"version_affected": "=",
"version_value": "X8.1"
},
{
"version_affected": "=",
"version_value": "X8.2.1"
},
{
"version_affected": "=",
"version_value": "X8.2.2"
},
{
"version_affected": "=",
"version_value": "X8.2"
},
{
"version_affected": "=",
"version_value": "X8.7.1"
},
{
"version_affected": "=",
"version_value": "X8.7.2"
},
{
"version_affected": "=",
"version_value": "X8.7.3"
},
{
"version_affected": "=",
"version_value": "X8.7"
},
{
"version_affected": "=",
"version_value": "X8.8.1"
},
{
"version_affected": "=",
"version_value": "X8.8.2"
},
{
"version_affected": "=",
"version_value": "X8.8.3"
},
{
"version_affected": "=",
"version_value": "X8.8"
},
{
"version_affected": "=",
"version_value": "X8.9.1"
},
{
"version_affected": "=",
"version_value": "X8.9.2"
},
{
"version_affected": "=",
"version_value": "X8.9"
},
{
"version_affected": "=",
"version_value": "X8.10.0"
},
{
"version_affected": "=",
"version_value": "X8.10.1"
},
{
"version_affected": "=",
"version_value": "X8.10.2"
},
{
"version_affected": "=",
"version_value": "X8.10.3"
},
{
"version_affected": "=",
"version_value": "X8.10.4"
},
{
"version_affected": "=",
"version_value": "X12.5.8"
},
{
"version_affected": "=",
"version_value": "X12.5.9"
},
{
"version_affected": "=",
"version_value": "X12.5.0"
},
{
"version_affected": "=",
"version_value": "X12.5.2"
},
{
"version_affected": "=",
"version_value": "X12.5.7"
},
{
"version_affected": "=",
"version_value": "X12.5.3"
},
{
"version_affected": "=",
"version_value": "X12.5.4"
},
{
"version_affected": "=",
"version_value": "X12.5.5"
},
{
"version_affected": "=",
"version_value": "X12.5.1"
},
{
"version_affected": "=",
"version_value": "X12.5.6"
},
{
"version_affected": "=",
"version_value": "X12.6.0"
},
{
"version_affected": "=",
"version_value": "X12.6.1"
},
{
"version_affected": "=",
"version_value": "X12.6.2"
},
{
"version_affected": "=",
"version_value": "X12.6.3"
},
{
"version_affected": "=",
"version_value": "X12.6.4"
},
{
"version_affected": "=",
"version_value": "X12.7.0"
},
{
"version_affected": "=",
"version_value": "X12.7.1"
},
{
"version_affected": "=",
"version_value": "X8.11.1"
},
{
"version_affected": "=",
"version_value": "X8.11.2"
},
{
"version_affected": "=",
"version_value": "X8.11.4"
},
{
"version_affected": "=",
"version_value": "X8.11.3"
},
{
"version_affected": "=",
"version_value": "X8.11.0"
},
{
"version_affected": "=",
"version_value": "X14.0.1"
},
{
"version_affected": "=",
"version_value": "X14.0.3"
},
{
"version_affected": "=",
"version_value": "X14.0.2"
},
{
"version_affected": "=",
"version_value": "X14.0.4"
},
{
"version_affected": "=",
"version_value": "X14.0.5"
},
{
"version_affected": "=",
"version_value": "X14.0.6"
},
{
"version_affected": "=",
"version_value": "X14.0.7"
},
{
"version_affected": "=",
"version_value": "X14.0.8"
},
{
"version_affected": "=",
"version_value": "X14.0.9"
},
{
"version_affected": "=",
"version_value": "X14.0.10"
},
{
"version_affected": "=",
"version_value": "X14.0.11"
},
{
"version_affected": "=",
"version_value": "X14.2.1"
},
{
"version_affected": "=",
"version_value": "X14.2.2"
},
{
"version_affected": "=",
"version_value": "X14.2.5"
},
{
"version_affected": "=",
"version_value": "X14.2.6"
},
{
"version_affected": "=",
"version_value": "X14.2.0"
},
{
"version_affected": "=",
"version_value": "X14.2.7"
},
{
"version_affected": "=",
"version_value": "X14.3.0"
},
{
"version_affected": "=",
"version_value": "X14.3.1"
},
{
"version_affected": "=",
"version_value": "X14.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3"
}
]
},
"source": {
"advisory": "cisco-sa-expressway-csrf-KnnZDMj3",
"discovery": "INTERNAL",
"defects": [
"CSCwa25074"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
}
]
}

236
2024/20xxx/CVE-2024-20290.json
View File

@ -1,17 +1,245 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20290",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.\r\n\r For a description of this vulnerability, see the ClamAV blog ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read",
"cweId": "CWE-126"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Secure Endpoint",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0.9"
},
{
"version_affected": "=",
"version_value": "6.0.7"
},
{
"version_affected": "=",
"version_value": "6.1.5"
},
{
"version_affected": "=",
"version_value": "6.1.7"
},
{
"version_affected": "=",
"version_value": "6.1.9"
},
{
"version_affected": "=",
"version_value": "6.2.1"
},
{
"version_affected": "=",
"version_value": "6.2.5"
},
{
"version_affected": "=",
"version_value": "6.2.19"
},
{
"version_affected": "=",
"version_value": "6.2.3"
},
{
"version_affected": "=",
"version_value": "6.2.9"
},
{
"version_affected": "=",
"version_value": "6.3.5"
},
{
"version_affected": "=",
"version_value": "6.3.1"
},
{
"version_affected": "=",
"version_value": "6.3.7"
},
{
"version_affected": "=",
"version_value": "6.3.3"
},
{
"version_affected": "=",
"version_value": "7.0.5"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.1.5"
},
{
"version_affected": "=",
"version_value": "7.2.13"
},
{
"version_affected": "=",
"version_value": "7.2.7"
},
{
"version_affected": "=",
"version_value": "7.2.3"
},
{
"version_affected": "=",
"version_value": "7.2.11"
},
{
"version_affected": "=",
"version_value": "7.2.5"
},
{
"version_affected": "=",
"version_value": "7.3.1"
},
{
"version_affected": "=",
"version_value": "7.3.9"
},
{
"version_affected": "=",
"version_value": "7.3.3"
},
{
"version_affected": "=",
"version_value": "7.3.5"
},
{
"version_affected": "=",
"version_value": "8.1.7"
},
{
"version_affected": "=",
"version_value": "8.1.5"
},
{
"version_affected": "=",
"version_value": "8.1.3.21242"
},
{
"version_affected": "=",
"version_value": "8.1.7.21512"
},
{
"version_affected": "=",
"version_value": "8.1.3"
},
{
"version_affected": "=",
"version_value": "8.1.5.21322"
},
{
"version_affected": "=",
"version_value": "8.1.7.21417"
}
]
}
},
{
"product_name": "Cisco Secure Endpoint Private Cloud Administration Portal",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
},
{
"product_name": "Cisco Secure Endpoint Private Cloud Console",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t"
}
]
},
"source": {
"advisory": "cisco-sa-clamav-hDffu6t",
"discovery": "INTERNAL",
"defects": [
"CSCwh88483",
"CSCwh88484"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

114
2024/23xxx/CVE-2024-23806.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23806",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\n\nSensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authorization",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HID Global",
"product": {
"product_data": [
{
"product_name": "HID iCLASS SE reader configuration cards",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All"
}
]
}
},
{
"product_name": "OMNIKEY Secure Elements reader configuration cards",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02",
"refsource": "MISC",
"name": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02"
},
{
"url": "https://www.hidglobal.com/support",
"refsource": "MISC",
"name": "https://www.hidglobal.com/support"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-037-02",
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>HID Global recommends the following mitigations to reduce the risk:</p><ul><li><p>Elite Key and Custom Key customers that have kept their configuration cards secure should continue to be vigilant and restrict access to those cards. To exploit this vulnerability, a reader must be physically close to or in possession of the configuration cards to communicate with the card and extract information.</p></li><li><p>Administrators should plan to securely destroy unneeded configuration cards.</p></li><li><p>Customers using the HID standard key, and other customers who are concerned their keys may be compromised should consider steps to update the readers and credentials with new keys. To assist in this effort, HID will be introducing a free upgrade to the Elite Key program. Contact your HID representative for more information at <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.hidglobal.com/support\">https://www.hidglobal.com/support</a>.</p></li></ul><p>HID has also provided additional steps users can take steps to harden their readers to prevent malicious configuration changes.</p><p>iCLASS SE Readers</p><ul><li>iCLASS SE Readers using firmware version 8.6.0.4 or higher can use the HID Reader Manager application to prevent the readers from accepting configuration changes from Configuration Cards.<br>If you need assistance, or if the reader firmware has not been updated to 8.6.0.4 or higher, contact HID Technical Support.</li></ul><p>HID OMNIKEY Readers, OMNIKEY Secure Elements, iCLASS SE Reader Modules, iCLASS SE Processors</p><ul><li>Contact HID to receive a \"Shield Card\" that will prevent further configuration changes using reader configuration cards.</li></ul>\n\n<br>"
}
],
"value": "\nHID Global recommends the following mitigations to reduce the risk:\n\n * Elite Key and Custom Key customers that have kept their configuration cards secure should continue to be vigilant and restrict access to those cards. To exploit this vulnerability, a reader must be physically close to or in possession of the configuration cards to communicate with the card and extract information.\n\n\n * Administrators should plan to securely destroy unneeded configuration cards.\n\n\n * Customers using the HID standard key, and other customers who are concerned their keys may be compromised should consider steps to update the readers and credentials with new keys. To assist in this effort, HID will be introducing a free upgrade to the Elite Key program. Contact your HID representative for more information at https://www.hidglobal.com/support https://www.hidglobal.com/support .\n\n\n\n\nHID has also provided additional steps users can take steps to harden their readers to prevent malicious configuration changes.\n\niCLASS SE Readers\n\n * iCLASS SE Readers using firmware version 8.6.0.4 or higher can use the HID Reader Manager application to prevent the readers from accepting configuration changes from Configuration Cards.\nIf you need assistance, or if the reader firmware has not been updated to 8.6.0.4 or higher, contact HID Technical Support.\n\n\nHID OMNIKEY Readers, OMNIKEY Secure Elements, iCLASS SE Reader Modules, iCLASS SE Processors\n\n * Contact HID to receive a \"Shield Card\" that will prevent further configuration changes using reader configuration cards.\n\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "HID Global reported this vulnerability to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

118
2024/24xxx/CVE-2024-24706.json
View File

@ -1,17 +1,127 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24706",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Forum One",
"product": {
"product_data": [
{
"product_name": "WP-CFM",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "1.7.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.7.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/wp-cfm/wordpress-wp-cfm-plugin-1-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/wp-cfm/wordpress-wp-cfm-plugin-1-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"url": "https://github.com/forumone/wp-cfm/security/advisories/GHSA-2449-jmfc-gc7f",
"refsource": "MISC",
"name": "https://github.com/forumone/wp-cfm/security/advisories/GHSA-2449-jmfc-gc7f"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;1.7.9 or a higher version."
}
],
"value": "Update to\u00a01.7.9 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Nguyen Xuan Chien (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

86
2024/24xxx/CVE-2024-24816.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-24816",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ckeditor",
"product": {
"product_data": [
{
"product_name": "ckeditor4",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.24.0-lts"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76",
"refsource": "MISC",
"name": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76"
},
{
"url": "https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb",
"refsource": "MISC",
"name": "https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb"
},
{
"url": "https://ckeditor.com/cke4/addon/preview",
"refsource": "MISC",
"name": "https://ckeditor.com/cke4/addon/preview"
}
]
},
"source": {
"advisory": "GHSA-mw2c-vx6j-mg76",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}