From 900b56b1057da1e2513b6bb92b06867d168a88d3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Feb 2024 17:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/1xxx/CVE-2024-1444.json | 8 +-- 2024/1xxx/CVE-2024-1586.json | 18 +++++++ 2024/1xxx/CVE-2024-1587.json | 18 +++++++ 2024/1xxx/CVE-2024-1588.json | 18 +++++++ 2024/1xxx/CVE-2024-1589.json | 18 +++++++ 2024/23xxx/CVE-2024-23591.json | 98 ++++++++++++++++++++++++++++++++-- 2024/26xxx/CVE-2024-26289.json | 18 +++++++ 2024/26xxx/CVE-2024-26290.json | 18 +++++++ 2024/26xxx/CVE-2024-26291.json | 18 +++++++ 2024/26xxx/CVE-2024-26292.json | 18 +++++++ 2024/26xxx/CVE-2024-26293.json | 18 +++++++ 11 files changed, 260 insertions(+), 8 deletions(-) create mode 100644 2024/1xxx/CVE-2024-1586.json create mode 100644 2024/1xxx/CVE-2024-1587.json create mode 100644 2024/1xxx/CVE-2024-1588.json create mode 100644 2024/1xxx/CVE-2024-1589.json create mode 100644 2024/26xxx/CVE-2024-26289.json create mode 100644 2024/26xxx/CVE-2024-26290.json create mode 100644 2024/26xxx/CVE-2024-26291.json create mode 100644 2024/26xxx/CVE-2024-26292.json create mode 100644 2024/26xxx/CVE-2024-26293.json diff --git a/2024/1xxx/CVE-2024-1444.json b/2024/1xxx/CVE-2024-1444.json index ac97eb60a1d..51214c9874d 100644 --- a/2024/1xxx/CVE-2024-1444.json +++ b/2024/1xxx/CVE-2024-1444.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1444", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Erroneous assignment" } ] } diff --git a/2024/1xxx/CVE-2024-1586.json b/2024/1xxx/CVE-2024-1586.json new file mode 100644 index 00000000000..7268cb4d254 --- /dev/null +++ b/2024/1xxx/CVE-2024-1586.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1586", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1587.json b/2024/1xxx/CVE-2024-1587.json new file mode 100644 index 00000000000..018de372b25 --- /dev/null +++ b/2024/1xxx/CVE-2024-1587.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1587", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1588.json b/2024/1xxx/CVE-2024-1588.json new file mode 100644 index 00000000000..d775dd493b3 --- /dev/null +++ b/2024/1xxx/CVE-2024-1588.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1588", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1589.json b/2024/1xxx/CVE-2024-1589.json new file mode 100644 index 00000000000..cf724b68350 --- /dev/null +++ b/2024/1xxx/CVE-2024-1589.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1589", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/23xxx/CVE-2024-23591.json b/2024/23xxx/CVE-2024-23591.json index 2d183eee63c..05fa404d0e8 100644 --- a/2024/23xxx/CVE-2024-23591.json +++ b/2024/23xxx/CVE-2024-23591.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@lenovo.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow \n\nan attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1269 Product Released in Non-Release Configuration", + "cweId": "CWE-1269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lenovo", + "product": { + "product_data": [ + { + "product_name": "ThinkSystem SR670 V2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": " ", + "version_value": "U8E126I-2.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://support.lenovo.com/us/en/product_security/LEN-150020", + "refsource": "MISC", + "name": "https://https://support.lenovo.com/us/en/product_security/LEN-150020" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update system UEFI firmware to version u8e126i-2.20 (or newer) indicated for your model in the Product Impact section of our advisory: https://support.lenovo.com/us/en/product_security/LEN-150020
" + } + ], + "value": "Update system UEFI firmware to version u8e126i-2.20 (or newer) indicated for your model in the Product Impact section of our advisory: https://support.lenovo.com/us/en/product_security/LEN-150020 \n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Lenovo thanks Eclypsium\u2019s Supply Chain Security Solution for identifying instances of this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/26xxx/CVE-2024-26289.json b/2024/26xxx/CVE-2024-26289.json new file mode 100644 index 00000000000..2744775fb16 --- /dev/null +++ b/2024/26xxx/CVE-2024-26289.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-26289", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26290.json b/2024/26xxx/CVE-2024-26290.json new file mode 100644 index 00000000000..83432734d48 --- /dev/null +++ b/2024/26xxx/CVE-2024-26290.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-26290", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26291.json b/2024/26xxx/CVE-2024-26291.json new file mode 100644 index 00000000000..ce70f8787dc --- /dev/null +++ b/2024/26xxx/CVE-2024-26291.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-26291", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26292.json b/2024/26xxx/CVE-2024-26292.json new file mode 100644 index 00000000000..b90f35562dc --- /dev/null +++ b/2024/26xxx/CVE-2024-26292.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-26292", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26293.json b/2024/26xxx/CVE-2024-26293.json new file mode 100644 index 00000000000..cafb37a5c24 --- /dev/null +++ b/2024/26xxx/CVE-2024-26293.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-26293", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file