admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-15 11:00:31 +00:00
parent a5432cdaea
commit 83ce3c1a5e
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
16 changed files with 1386 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
2023/22xxx/CVE-2023-22644.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged.\nThis issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4.\n\n"
"value": "A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File",
"value": "CWE-532 Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
@ -36,25 +36,23 @@
"product": {
"product_data": [
{
"product_name": "SUSE Manager Server Module 4.2",
"product_name": "Rancher",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "?",
"version_value": "4.2.50-150300.3.66.5"
}
]
}
"version_name": "2.6.0",
"version_value": "2.6.14"
},
{
"product_name": "SUSE Manager Server Module 4.3",
"version": {
"version_data": [
"version_affected": "<",
"version_name": "2.7.0",
"version_value": "2.7.10"
},
{
"version_affected": "<",
"version_name": "?",
"version_value": "4.3.58-150400.3.46.4"
"version_name": "2.8.0",
"version_value": "2.8.2"
}
]
}
@ -68,9 +66,14 @@
"references": {
"reference_data": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22644",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22649",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22644"
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22649"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-xfj7-qf8w-2gcr",
"refsource": "MISC",
"name": "https://github.com/rancher/rancher/security/advisories/GHSA-xfj7-qf8w-2gcr"
}
]
},
@ -79,29 +82,5 @@
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Paolo Perego of SUSE"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}
}

14
2024/34xxx/CVE-2024-34010.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758."
"value": "Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690."
}
]
},
@ -46,6 +46,18 @@
}
]
}
},
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "38690"
}
]
}
}
]
}

118
2024/45xxx/CVE-2024-45271.json
View File

@ -1,17 +1,127 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45271",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MB connect line",
"product": {
"product_data": [
{
"product_name": "mbNET.mini",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.2.13"
}
]
}
}
]
}
},
{
"vendor_name": "Helmholz",
"product": {
"product_data": [
{
"product_name": "REX100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.2.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-056",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-056"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-066",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-066"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-056, VDE-2024-066",
"defect": [
"CERT@VDE#641679",
"CERT@VDE#641692"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Moritz Abrell"
},
{
"lang": "en",
"value": "SySS GmbH"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

142
2024/45xxx/CVE-2024-45272.json
View File

@ -1,17 +1,151 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45272",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1391: Use of Weak Credentials",
"cweId": "CWE-1391"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MB connect line",
"product": {
"product_data": [
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.16.2"
}
]
}
},
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.16.2"
}
]
}
}
]
}
},
{
"vendor_name": "Helmholz",
"product": {
"product_data": [
{
"product_name": "myREX24 V2",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.16.2"
}
]
}
},
{
"product_name": "myREX24.virtual",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.16.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-068",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-068"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-069",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-069"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-068, VDE-2024-069",
"defect": [
"CERT@VDE#641695",
"CERT@VDE#641696"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Moritz Abrell"
},
{
"lang": "en",
"value": "SySS GmbH"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

238
2024/45xxx/CVE-2024-45273.json
View File

@ -1,17 +1,247 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45273",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-261: Weak Encoding for Password",
"cweId": "CWE-261"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MB connect line",
"product": {
"product_data": [
{
"product_name": "mbNET.mini",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.2.13"
}
]
}
},
{
"product_name": "mbNET/mbNET.rokey",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "8.2.0"
}
]
}
},
{
"product_name": "mbNET HW1",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "5.1.11"
}
]
}
},
{
"product_name": "mbSPIDER",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.6.5"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.16.2"
}
]
}
},
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.16.2"
}
]
}
}
]
}
},
{
"vendor_name": "Helmholz",
"product": {
"product_data": [
{
"product_name": "REX100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "<= 2.2.13"
}
]
}
},
{
"product_name": "REX200/250",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "<= 8.2.0"
}
]
}
},
{
"product_name": "myREX24 V2",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "<= 2.16.2"
}
]
}
},
{
"product_name": "myREX24.virtual",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "<= 2.16.2"
}
]
}
},
{
"product_name": "REX300",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "<= 5.1.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-056",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-056"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-066",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-066"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-068",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-068"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-069",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-069"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-056, VDE-2024-066, VDE-2024-068, VDE-2024-069",
"defect": [
"CERT@VDE#641679",
"CERT@VDE#641695",
"CERT@VDE#641692",
"CERT@VDE#641696"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Moritz Abrell"
},
{
"lang": "en",
"value": "SySS GmbH"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

118
2024/45xxx/CVE-2024-45274.json
View File

@ -1,17 +1,127 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45274",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MB connect line",
"product": {
"product_data": [
{
"product_name": "mbNET.mini",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.2.13"
}
]
}
}
]
}
},
{
"vendor_name": "Helmholz",
"product": {
"product_data": [
{
"product_name": "REX100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.2.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-056",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-056"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-066",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-066"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-056, VDE-2024-066",
"defect": [
"CERT@VDE#641679",
"CERT@VDE#641692"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Moritz Abrell"
},
{
"lang": "en",
"value": "SySS GmbH"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

118
2024/45xxx/CVE-2024-45275.json
View File

@ -1,17 +1,127 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45275",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MB connect line",
"product": {
"product_data": [
{
"product_name": "mbNET.mini",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.2.13"
}
]
}
}
]
}
},
{
"vendor_name": "Helmholz",
"product": {
"product_data": [
{
"product_name": "REX100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.2.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-056",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-056"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-066",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-066"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-056, VDE-2024-066",
"defect": [
"CERT@VDE#641679",
"CERT@VDE#641692"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Moritz Abrell"
},
{
"lang": "en",
"value": "SySS GmbH"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

118
2024/45xxx/CVE-2024-45276.json
View File

@ -1,17 +1,127 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45276",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unauthenticated remote attacker can get read access to files in the \"/tmp\" directory due to missing authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552: Files or Directories Accessible to External Parties",
"cweId": "CWE-552"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MB connect line",
"product": {
"product_data": [
{
"product_name": "mbNET.mini",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.2.13"
}
]
}
}
]
}
},
{
"vendor_name": "Helmholz",
"product": {
"product_data": [
{
"product_name": "REX100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0",
"version_value": "2.2.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-056",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-056"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-066",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-066"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-056, VDE-2024-066",
"defect": [
"CERT@VDE#641679",
"CERT@VDE#641692"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Moritz Abrell"
},
{
"lang": "en",
"value": "SySS GmbH"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

104
2024/47xxx/CVE-2024-47674.json
View File

@ -1,18 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47674",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: avoid leaving partial pfn mappings around in error case\n\nAs Jann points out, PFN mappings are special, because unlike normal\nmemory mappings, there is no lifetime information associated with the\nmapping - it is just a raw mapping of PFNs with no reference counting of\na 'struct page'.\n\nThat's all very much intentional, but it does mean that it's easy to\nmess up the cleanup in case of errors. Yes, a failed mmap() will always\neventually clean up any partial mappings, but without any explicit\nlifetime in the page table mapping itself, it's very easy to do the\nerror handling in the wrong order.\n\nIn particular, it's easy to mistakenly free the physical backing store\nbefore the page tables are actually cleaned up and (temporarily) have\nstale dangling PTE entries.\n\nTo make this situation less error-prone, just make sure that any partial\npfn mapping is torn down early, before any other error handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "65d0db500d7c"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.111",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.52",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10.11",
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.11",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2"
},
{
"url": "https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80"
},
{
"url": "https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3"
},
{
"url": "https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

105
2024/47xxx/CVE-2024-47945.json
View File

@ -1,18 +1,115 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47945",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-research@sec-consult.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The devices are vulnerable to session hijacking due to insufficient \nentropy in its session ID generation algorithm. The session IDs are \npredictable, with only 32,768 possible values per user, which allows \nattackers to pre-generate valid session IDs, leading to unauthorized \naccess to user sessions. This is not only due to the use of an \n(insecure) rand() function call but also because of missing \ninitialization via srand(). As a result only the PIDs are effectively \nused as seed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-340: Generation of Predictable Numbers or Identifiers",
"cweId": "CWE-340"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "RITTAL GmbH & Co. KG",
"product": {
"product_data": [
{
"product_name": "IoT Interface & CMC III Processing Unit",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "<6.21.00.2"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://r.sec-consult.com/rittaliot",
"refsource": "MISC",
"name": "https://r.sec-consult.com/rittaliot"
},
{
"url": "https://www.rittal.com/de-de/products/deep/3124300",
"refsource": "MISC",
"name": "https://www.rittal.com/de-de/products/deep/3124300"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SEC Consult has published proof of concept code for this vulnerability."
}
],
"value": "SEC Consult has published proof of concept code for this vulnerability."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>The vendor provides a patched version V6.21.00.2 which can be downloaded from the following URL:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.rittal.com/de-de/products/deep/3124300\">www.rittal.com/de-de/products/deep/3124300</a></p><br>"
}
],
"value": "The vendor provides a patched version V6.21.00.2 which can be downloaded from the following URL:\u00a0 www.rittal.com/de-de/products/deep/3124300 https://www.rittal.com/de-de/products/deep/3124300"
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Kruchem, SEC Consult Vulnerability Lab"
}
]
}

65
2024/49xxx/CVE-2024-49382.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49382",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@acronis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1327",
"cweId": "CWE-1327"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Acronis",
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "38690"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-7286",
"refsource": "MISC",
"name": "https://security-advisory.acronis.com/advisories/SEC-7286"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}

65
2024/49xxx/CVE-2024-49383.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49383",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@acronis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1327",
"cweId": "CWE-1327"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Acronis",
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "38690"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-7285",
"refsource": "MISC",
"name": "https://security-advisory.acronis.com/advisories/SEC-7285"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}

65
2024/49xxx/CVE-2024-49384.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49384",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@acronis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1327",
"cweId": "CWE-1327"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Acronis",
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "38690"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-7284",
"refsource": "MISC",
"name": "https://security-advisory.acronis.com/advisories/SEC-7284"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}

65
2024/49xxx/CVE-2024-49387.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49387",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@acronis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319",
"cweId": "CWE-319"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Acronis",
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "38690"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-7022",
"refsource": "MISC",
"name": "https://security-advisory.acronis.com/advisories/SEC-7022"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N"
}
]
}

65
2024/49xxx/CVE-2024-49388.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49388",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@acronis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Acronis",
"product": {
"product_data": [
{
"product_name": "Acronis Cyber Protect 16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "38690"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5984",
"refsource": "MISC",
"name": "https://security-advisory.acronis.com/advisories/SEC-5984"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
]
}

18
2024/9xxx/CVE-2024-9987.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9987",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}