From 828f10567deae877c7200bf650254d680833e60f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 14 Jun 2024 04:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/6xxx/CVE-2023-6492.json | 75 +++++++++++++++++- 2024/0xxx/CVE-2024-0892.json | 75 +++++++++++++++++- 2024/27xxx/CVE-2024-27155.json | 120 +++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27156.json | 133 ++++++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27157.json | 133 ++++++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27158.json | 133 ++++++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27159.json | 120 +++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27160.json | 120 +++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27161.json | 120 +++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27162.json | 133 ++++++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27163.json | 133 ++++++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27164.json | 133 ++++++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27165.json | 120 +++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27166.json | 138 ++++++++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27167.json | 120 +++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27168.json | 120 +++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27169.json | 120 +++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27170.json | 120 +++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27171.json | 120 +++++++++++++++++++++++++++- 2024/31xxx/CVE-2024-31159.json | 98 ++++++++++++++++++++++- 2024/31xxx/CVE-2024-31160.json | 98 ++++++++++++++++++++++- 2024/31xxx/CVE-2024-31161.json | 98 ++++++++++++++++++++++- 2024/34xxx/CVE-2024-34055.json | 5 ++ 2024/35xxx/CVE-2024-35235.json | 5 ++ 2024/5xxx/CVE-2024-5830.json | 5 ++ 2024/5xxx/CVE-2024-5831.json | 5 ++ 2024/5xxx/CVE-2024-5832.json | 5 ++ 2024/5xxx/CVE-2024-5833.json | 5 ++ 2024/5xxx/CVE-2024-5834.json | 5 ++ 2024/5xxx/CVE-2024-5835.json | 5 ++ 2024/5xxx/CVE-2024-5836.json | 5 ++ 2024/5xxx/CVE-2024-5837.json | 5 ++ 2024/5xxx/CVE-2024-5838.json | 5 ++ 2024/5xxx/CVE-2024-5839.json | 5 ++ 2024/5xxx/CVE-2024-5840.json | 5 ++ 2024/5xxx/CVE-2024-5841.json | 5 ++ 2024/5xxx/CVE-2024-5842.json | 5 ++ 2024/5xxx/CVE-2024-5843.json | 5 ++ 2024/5xxx/CVE-2024-5844.json | 5 ++ 2024/5xxx/CVE-2024-5845.json | 5 ++ 2024/5xxx/CVE-2024-5846.json | 5 ++ 2024/5xxx/CVE-2024-5847.json | 5 ++ 42 files changed, 2592 insertions(+), 88 deletions(-) diff --git a/2023/6xxx/CVE-2023-6492.json b/2023/6xxx/CVE-2023-6492.json index b4d2cd5a80b..df83d4b22c1 100644 --- a/2023/6xxx/CVE-2023-6492.json +++ b/2023/6xxx/CVE-2023-6492.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6492", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Simple Sitemap \u2013 Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible for unauthenticated attackers to reset the plugin options to a default state via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dgwyer", + "product": { + "product_data": [ + { + "product_name": "Simple Sitemap \u2013 Create a Responsive HTML Sitemap", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.5.13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a228e60c-c91b-4a82-8b05-a0ffaed82524?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a228e60c-c91b-4a82-8b05-a0ffaed82524?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3099425/simple-sitemap/trunk/lib/classes/plugin-admin-pages/class-settings.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3099425/simple-sitemap/trunk/lib/classes/plugin-admin-pages/class-settings.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Rafshanzani Suhada" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0892.json b/2024/0xxx/CVE-2024-0892.json index 6023f1fc263..53451576151 100644 --- a/2024/0xxx/CVE-2024-0892.json +++ b/2024/0xxx/CVE-2024-0892.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0892", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vberkel", + "product": { + "product_data": [ + { + "product_name": "Schema App Structured Data", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/254291b3-a30d-44ff-9df4-6ba700a9efc9?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/254291b3-a30d-44ff-9df4-6ba700a9efc9?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/27xxx/CVE-2024-27155.json b/2024/27xxx/CVE-2024-27155.json index f9d06cd462d..fa680a484c0 100644 --- a/2024/27xxx/CVE-2024-27155.json +++ b/2024/27xxx/CVE-2024-27155.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27155", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276 Incorrect Default Permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27156.json b/2024/27xxx/CVE-2024-27156.json index c7dc3cf6dcd..0535a7ee964 100644 --- a/2024/27xxx/CVE-2024-27156.json +++ b/2024/27xxx/CVE-2024-27156.json @@ -1,17 +1,142 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27156", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The session cookies, used for authentication, are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532 Insertion of Sensitive Information into Log File", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.
" + } + ], + "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users." + } + ], + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27157.json b/2024/27xxx/CVE-2024-27157.json index 8f6c47c223e..fe296e6c39f 100644 --- a/2024/27xxx/CVE-2024-27157.json +++ b/2024/27xxx/CVE-2024-27157.json @@ -1,17 +1,142 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27157", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532 Insertion of Sensitive Information into Log File", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.
" + } + ], + "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users." + } + ], + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27158.json b/2024/27xxx/CVE-2024-27158.json index 52bf3491615..161894ec9a0 100644 --- a/2024/27xxx/CVE-2024-27158.json +++ b/2024/27xxx/CVE-2024-27158.json @@ -1,17 +1,142 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27158", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1392 Use of Default Credentials", + "cweId": "CWE-1392" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.
" + } + ], + "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users." + } + ], + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27159.json b/2024/27xxx/CVE-2024-27159.json index a9e7339975b..f40b568e2dd 100644 --- a/2024/27xxx/CVE-2024-27159.json +++ b/2024/27xxx/CVE-2024-27159.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27159", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the \"Base Score\" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point.\n https://www.toshibatec.com/contacts/products/ \nAs for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27160.json b/2024/27xxx/CVE-2024-27160.json index aca12853732..869632f84a7 100644 --- a/2024/27xxx/CVE-2024-27160.json +++ b/2024/27xxx/CVE-2024-27160.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27160", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the \"Base Score\" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point.\n https://www.toshibatec.com/contacts/products/ \nAs for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27161.json b/2024/27xxx/CVE-2024-27161.json index 0e55fe0b2bd..79022777d92 100644 --- a/2024/27xxx/CVE-2024-27161.json +++ b/2024/27xxx/CVE-2024-27161.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27161", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the \"Base Score\" of this vulnerability.\u00a0For detail on related other vulnerabilities, please ask to the below contact point.\n https://www.toshibatec.com/contacts/products/ \nAs for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27162.json b/2024/27xxx/CVE-2024-27162.json index 8b31cb08a69..2b4340013ef 100644 --- a/2024/27xxx/CVE-2024-27162.json +++ b/2024/27xxx/CVE-2024-27162.json @@ -1,17 +1,142 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27162", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Toshiba printers provide a web interface that will load the JavaScript file. The file contains insecure codes vulnerable to XSS and is loaded inside all the webpages provided by the printer. An attacker can steal the cookie of an admin user. As for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.
" + } + ], + "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users." + } + ], + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27163.json b/2024/27xxx/CVE-2024-27163.json index f5bcc928c2a..28a39fabcb6 100644 --- a/2024/27xxx/CVE-2024-27163.json +++ b/2024/27xxx/CVE-2024-27163.json @@ -1,17 +1,142 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27163", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the \"Base Score\" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point.\n https://www.toshibatec.com/contacts/products/ \nAs for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information", + "cweId": "CWE-319" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.
" + } + ], + "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users." + } + ], + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27164.json b/2024/27xxx/CVE-2024-27164.json index a80db033927..eb0a7f1a0e0 100644 --- a/2024/27xxx/CVE-2024-27164.json +++ b/2024/27xxx/CVE-2024-27164.json @@ -1,17 +1,142 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27164", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-259 Use of Hard-coded Password", + "cweId": "CWE-259" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.
" + } + ], + "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users." + } + ], + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27165.json b/2024/27xxx/CVE-2024-27165.json index b204c7de64b..0b426b1e682 100644 --- a/2024/27xxx/CVE-2024-27165.json +++ b/2024/27xxx/CVE-2024-27165.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27165", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. As for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-272 Least Privilege Violation", + "cweId": "CWE-272" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27166.json b/2024/27xxx/CVE-2024-27166.json index de956492b5c..afc189d9ab7 100644 --- a/2024/27xxx/CVE-2024-27166.json +++ b/2024/27xxx/CVE-2024-27166.json @@ -1,17 +1,147 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27166", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276 Incorrect Default Permissions", + "cweId": "CWE-276" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information", + "cweId": "CWE-319" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-256 Plaintext Storage of a Password", + "cweId": "CWE-256" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27167.json b/2024/27xxx/CVE-2024-27167.json index 7ae8e10e516..21431a4fe3a 100644 --- a/2024/27xxx/CVE-2024-27167.json +++ b/2024/27xxx/CVE-2024-27167.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27167", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276 Incorrect Default Permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27168.json b/2024/27xxx/CVE-2024-27168.json index 2e1f0860c7b..9999da053fd 100644 --- a/2024/27xxx/CVE-2024-27168.json +++ b/2024/27xxx/CVE-2024-27168.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27168", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27169.json b/2024/27xxx/CVE-2024-27169.json index a14e4d95e53..55301d0f1bc 100644 --- a/2024/27xxx/CVE-2024-27169.json +++ b/2024/27xxx/CVE-2024-27169.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27169", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27170.json b/2024/27xxx/CVE-2024-27170.json index 342a22706d6..a73e5d75549 100644 --- a/2024/27xxx/CVE-2024-27170.json +++ b/2024/27xxx/CVE-2024-27170.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27170", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27171.json b/2024/27xxx/CVE-2024-27171.json index e7bd895aef8..8a48efde9e5 100644 --- a/2024/27xxx/CVE-2024-27171.json +++ b/2024/27xxx/CVE-2024-27171.json @@ -1,17 +1,129 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27171", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276 Incorrect Default Permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "see the reference URL" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.toshibatec.com/information/20240531_01.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_01.html" + }, + { + "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU97136265/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We are not aware of any malicious exploitation by these vulnerabilities.
" + } + ], + "value": "We are not aware of any malicious exploitation by these vulnerabilities." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.
" + } + ], + "value": "This issue is fixed in the version released on June 14, 2024 and all later versions." + } + ], + "credits": [ + { + "lang": "en", + "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/31xxx/CVE-2024-31159.json b/2024/31xxx/CVE-2024-31159.json index 381422698f0..8dbfcdd626f 100644 --- a/2024/31xxx/CVE-2024-31159.json +++ b/2024/31xxx/CVE-2024-31159.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31159", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@cert.org.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ASUS", + "product": { + "product_data": [ + { + "product_name": "Download Master", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "earlier", + "version_value": "3.1.0.113" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7861-1a06f-1.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/tw/cp-132-7861-1a06f-1.html" + }, + { + "url": "https://www.twcert.org.tw/en/cp-139-7862-e43e4-2.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/en/cp-139-7862-e43e4-2.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TVN-202406004", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Upate to version 3.1.0.114 or later." + } + ], + "value": "Upate to version 3.1.0.114 or later." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/31xxx/CVE-2024-31160.json b/2024/31xxx/CVE-2024-31160.json index 3556baa1d92..d684ce8d9f9 100644 --- a/2024/31xxx/CVE-2024-31160.json +++ b/2024/31xxx/CVE-2024-31160.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31160", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@cert.org.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ASUS", + "product": { + "product_data": [ + { + "product_name": "Download Master", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "earlier", + "version_value": "3.1.0.113" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7863-49a2d-1.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/tw/cp-132-7863-49a2d-1.html" + }, + { + "url": "https://www.twcert.org.tw/en/cp-139-7864-d7a0d-2.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/en/cp-139-7864-d7a0d-2.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TVN-202406005", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to version 3.1.0.114 or later" + } + ], + "value": "Update to version 3.1.0.114 or later" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/31xxx/CVE-2024-31161.json b/2024/31xxx/CVE-2024-31161.json index 010986bf8ec..73323fd1cde 100644 --- a/2024/31xxx/CVE-2024-31161.json +++ b/2024/31xxx/CVE-2024-31161.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31161", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@cert.org.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ASUS", + "product": { + "product_data": [ + { + "product_name": "Download Master", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "earlier", + "version_value": "3.1.0.113" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7865-d3823-1.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/tw/cp-132-7865-d3823-1.html" + }, + { + "url": "https://www.twcert.org.tw/en/cp-139-7866-469e0-2.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/en/cp-139-7866-469e0-2.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TVN-202406006", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to version 3.1.0.114 or later." + } + ], + "value": "Update to version 3.1.0.114 or later." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/34xxx/CVE-2024-34055.json b/2024/34xxx/CVE-2024-34055.json index 57241b48062..eee74085eef 100644 --- a/2024/34xxx/CVE-2024-34055.json +++ b/2024/34xxx/CVE-2024-34055.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://www.cyrusimap.org/dev/imap/download/release-notes/3.10/x/3.10.0-rc1.html", "url": "https://www.cyrusimap.org/dev/imap/download/release-notes/3.10/x/3.10.0-rc1.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2024-f3e0255c75", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJZQAE3XC2GBCE5KSTWJ5A6QYANFWGFB/" } ] } diff --git a/2024/35xxx/CVE-2024-35235.json b/2024/35xxx/CVE-2024-35235.json index 5c30bdc33e4..93f7f56d06b 100644 --- a/2024/35xxx/CVE-2024-35235.json +++ b/2024/35xxx/CVE-2024-35235.json @@ -97,6 +97,11 @@ "url": "http://www.openwall.com/lists/oss-security/2024/06/12/5", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2024/06/12/5" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00001.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00001.html" } ] }, diff --git a/2024/5xxx/CVE-2024-5830.json b/2024/5xxx/CVE-2024-5830.json index d77964ae24d..eca78c34dfd 100644 --- a/2024/5xxx/CVE-2024-5830.json +++ b/2024/5xxx/CVE-2024-5830.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/342456991", "refsource": "MISC", "name": "https://issues.chromium.org/issues/342456991" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5831.json b/2024/5xxx/CVE-2024-5831.json index 9c18ee19cb8..68eaf20d50a 100644 --- a/2024/5xxx/CVE-2024-5831.json +++ b/2024/5xxx/CVE-2024-5831.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/339171223", "refsource": "MISC", "name": "https://issues.chromium.org/issues/339171223" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5832.json b/2024/5xxx/CVE-2024-5832.json index a4fe0668c0a..aa4f787a6b0 100644 --- a/2024/5xxx/CVE-2024-5832.json +++ b/2024/5xxx/CVE-2024-5832.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/340196361", "refsource": "MISC", "name": "https://issues.chromium.org/issues/340196361" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5833.json b/2024/5xxx/CVE-2024-5833.json index e8107554b12..4d6168a9898 100644 --- a/2024/5xxx/CVE-2024-5833.json +++ b/2024/5xxx/CVE-2024-5833.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/342602616", "refsource": "MISC", "name": "https://issues.chromium.org/issues/342602616" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5834.json b/2024/5xxx/CVE-2024-5834.json index c3e32bc34e9..87a85d076bf 100644 --- a/2024/5xxx/CVE-2024-5834.json +++ b/2024/5xxx/CVE-2024-5834.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/342840932", "refsource": "MISC", "name": "https://issues.chromium.org/issues/342840932" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5835.json b/2024/5xxx/CVE-2024-5835.json index eb44102339e..21007981d86 100644 --- a/2024/5xxx/CVE-2024-5835.json +++ b/2024/5xxx/CVE-2024-5835.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/341991535", "refsource": "MISC", "name": "https://issues.chromium.org/issues/341991535" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5836.json b/2024/5xxx/CVE-2024-5836.json index 17082fa1596..cfd49b77674 100644 --- a/2024/5xxx/CVE-2024-5836.json +++ b/2024/5xxx/CVE-2024-5836.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/341875171", "refsource": "MISC", "name": "https://issues.chromium.org/issues/341875171" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5837.json b/2024/5xxx/CVE-2024-5837.json index b054a95755c..419175cd938 100644 --- a/2024/5xxx/CVE-2024-5837.json +++ b/2024/5xxx/CVE-2024-5837.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/342415789", "refsource": "MISC", "name": "https://issues.chromium.org/issues/342415789" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5838.json b/2024/5xxx/CVE-2024-5838.json index 5b3d4611dd9..8535660a06d 100644 --- a/2024/5xxx/CVE-2024-5838.json +++ b/2024/5xxx/CVE-2024-5838.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/342522151", "refsource": "MISC", "name": "https://issues.chromium.org/issues/342522151" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5839.json b/2024/5xxx/CVE-2024-5839.json index ae30b580426..6fdeb470b5b 100644 --- a/2024/5xxx/CVE-2024-5839.json +++ b/2024/5xxx/CVE-2024-5839.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/340122160", "refsource": "MISC", "name": "https://issues.chromium.org/issues/340122160" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5840.json b/2024/5xxx/CVE-2024-5840.json index 3ee4af06f5b..978c1c1dd49 100644 --- a/2024/5xxx/CVE-2024-5840.json +++ b/2024/5xxx/CVE-2024-5840.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/41492103", "refsource": "MISC", "name": "https://issues.chromium.org/issues/41492103" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5841.json b/2024/5xxx/CVE-2024-5841.json index 7e1e4d4cfd9..fc0b1b87ebb 100644 --- a/2024/5xxx/CVE-2024-5841.json +++ b/2024/5xxx/CVE-2024-5841.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/326765855", "refsource": "MISC", "name": "https://issues.chromium.org/issues/326765855" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5842.json b/2024/5xxx/CVE-2024-5842.json index e757f5b88ef..e4d6273bb71 100644 --- a/2024/5xxx/CVE-2024-5842.json +++ b/2024/5xxx/CVE-2024-5842.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/40062622", "refsource": "MISC", "name": "https://issues.chromium.org/issues/40062622" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5843.json b/2024/5xxx/CVE-2024-5843.json index 69b6a48f950..aad6753e50b 100644 --- a/2024/5xxx/CVE-2024-5843.json +++ b/2024/5xxx/CVE-2024-5843.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/333940412", "refsource": "MISC", "name": "https://issues.chromium.org/issues/333940412" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5844.json b/2024/5xxx/CVE-2024-5844.json index 2d727f616be..b19cc50a78e 100644 --- a/2024/5xxx/CVE-2024-5844.json +++ b/2024/5xxx/CVE-2024-5844.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/331960660", "refsource": "MISC", "name": "https://issues.chromium.org/issues/331960660" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5845.json b/2024/5xxx/CVE-2024-5845.json index 72166d3cc15..5c8605b4e90 100644 --- a/2024/5xxx/CVE-2024-5845.json +++ b/2024/5xxx/CVE-2024-5845.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/340178596", "refsource": "MISC", "name": "https://issues.chromium.org/issues/340178596" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5846.json b/2024/5xxx/CVE-2024-5846.json index f786748cfdc..d4089a546da 100644 --- a/2024/5xxx/CVE-2024-5846.json +++ b/2024/5xxx/CVE-2024-5846.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/341095523", "refsource": "MISC", "name": "https://issues.chromium.org/issues/341095523" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] } diff --git a/2024/5xxx/CVE-2024-5847.json b/2024/5xxx/CVE-2024-5847.json index e62e73f731d..1a20ed2869d 100644 --- a/2024/5xxx/CVE-2024-5847.json +++ b/2024/5xxx/CVE-2024-5847.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/341313077", "refsource": "MISC", "name": "https://issues.chromium.org/issues/341313077" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/" } ] }