diff --git a/2024/5xxx/CVE-2024-5148.json b/2024/5xxx/CVE-2024-5148.json index 84d981b9a92..54d47bf6eff 100644 --- a/2024/5xxx/CVE-2024-5148.json +++ b/2024/5xxx/CVE-2024-5148.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5148", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users. This flaw allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exposure of Data Element to Wrong Session", + "cweId": "CWE-488" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-5148", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-5148" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282003", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2282003" + }, + { + "url": "https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." + } + ], + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Matthias Gerstner (SUSE) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/7xxx/CVE-2024-7932.json b/2024/7xxx/CVE-2024-7932.json index d8922afee7c..22d39d907c4 100644 --- a/2024/7xxx/CVE-2024-7932.json +++ b/2024/7xxx/CVE-2024-7932.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7932", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "3DS.Information-Security@3ds.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dassault Syst\u00e8mes", + "product": { + "product_data": [ + { + "product_name": "3DSwymer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "Release 3DEXPERIENCE R2024x Golden", + "version_value": "Release 3DEXPERIENCE R2024x.FP.CFA.2405" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.3ds.com/vulnerability/advisories", + "refsource": "MISC", + "name": "https://www.3ds.com/vulnerability/advisories" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseSeverity": "HIGH", + "baseScore": 8.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" } ] } diff --git a/2024/7xxx/CVE-2024-7938.json b/2024/7xxx/CVE-2024-7938.json index d85bbdf5ff8..bb236e7c4c8 100644 --- a/2024/7xxx/CVE-2024-7938.json +++ b/2024/7xxx/CVE-2024-7938.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7938", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "3DS.Information-Security@3ds.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dassault Syst\u00e8mes", + "product": { + "product_data": [ + { + "product_name": "3DSwymer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "Release 3DEXPERIENCE R2023x Golden", + "version_value": "Release 3DEXPERIENCE R2023x.FP.CFA.2410" + }, + { + "version_affected": "<=", + "version_name": "Release 3DEXPERIENCE R2024x Golden", + "version_value": "Release 3DEXPERIENCE R2024x.FP.CFA.2405" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.3ds.com/vulnerability/advisories", + "refsource": "MISC", + "name": "https://www.3ds.com/vulnerability/advisories" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseSeverity": "HIGH", + "baseScore": 8.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" } ] } diff --git a/2024/7xxx/CVE-2024-7939.json b/2024/7xxx/CVE-2024-7939.json index c27954d62ae..c1f3427c3b4 100644 --- a/2024/7xxx/CVE-2024-7939.json +++ b/2024/7xxx/CVE-2024-7939.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7939", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "3DS.Information-Security@3ds.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dassault Syst\u00e8mes", + "product": { + "product_data": [ + { + "product_name": "3DSwymer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "Release 3DEXPERIENCE R2024x Golden", + "version_value": "Release 3DEXPERIENCE R2024x.FP.CFA.2405" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.3ds.com/vulnerability/advisories", + "refsource": "MISC", + "name": "https://www.3ds.com/vulnerability/advisories" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseSeverity": "HIGH", + "baseScore": 8.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" } ] } diff --git a/2024/8xxx/CVE-2024-8004.json b/2024/8xxx/CVE-2024-8004.json index b8c158409cd..c36b8456e24 100644 --- a/2024/8xxx/CVE-2024-8004.json +++ b/2024/8xxx/CVE-2024-8004.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "3DS.Information-Security@3ds.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dassault Syst\u00e8mes", + "product": { + "product_data": [ + { + "product_name": "ENOVIA Collaborative Industry Innovator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "Release 3DEXPERIENCE R2022x Golden", + "version_value": "Release 3DEXPERIENCE R2022x.FP.CFA.2406" + }, + { + "version_affected": "<=", + "version_name": "Release 3DEXPERIENCE R2023x Golden", + "version_value": "Release 3DEXPERIENCE R2023x.FP.CFA.2410" + }, + { + "version_affected": "<=", + "version_name": "Release 3DEXPERIENCE R2024x Golden", + "version_value": "Release 3DEXPERIENCE R2024x.FP.CFA.2405" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.3ds.com/vulnerability/advisories", + "refsource": "MISC", + "name": "https://www.3ds.com/vulnerability/advisories" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseSeverity": "HIGH", + "baseScore": 8.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" } ] } diff --git a/2024/8xxx/CVE-2024-8374.json b/2024/8xxx/CVE-2024-8374.json new file mode 100644 index 00000000000..6b7917997da --- /dev/null +++ b/2024/8xxx/CVE-2024-8374.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8374", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file