admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-12 08:00:32 +00:00
parent d0f6a439e9
commit 98bf11ddc5
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 271 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2024/21xxx/CVE-2024-21875.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.\n\n" "value": "Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3."
} }
] ]
}, },

5
2024/3xxx/CVE-2024-3094.json
View File

@ -375,6 +375,11 @@
"url": "https://research.swtch.com/xz-script", "url": "https://research.swtch.com/xz-script",
"refsource": "MISC", "refsource": "MISC",
"name": "https://research.swtch.com/xz-script" "name": "https://research.swtch.com/xz-script"
},
{
"url": "https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz",
"refsource": "MISC",
"name": "https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz"
} }
] ]
}, },

233
2024/3xxx/CVE-2024-3400.json
View File

@ -1,17 +1,242 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-3400", "ID": "CVE-2024-3400",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.\n\nFixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9.0"
},
{
"status": "unaffected",
"version": "9.1"
},
{
"status": "unaffected",
"version": "10.0"
},
{
"status": "unaffected",
"version": "10.1"
},
{
"changes": [
{
"at": "10.2.9-h1",
"status": "unaffected"
}
],
"lessThan": "10.2.9-h1",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.0.4-h1",
"status": "unaffected"
}
],
"lessThan": "11.0.4-h1",
"status": "affected",
"version": "11.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.2-h3",
"status": "unaffected"
}
],
"lessThan": "11.1.2-h3",
"status": "affected",
"version": "11.1",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Cloud NGFW",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Prisma Access",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3400",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-3400"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"PAN-252214"
],
"discovery": "USER"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled.\n\nYou can verify whether you have a GlobalProtect gateway configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways) and verify whether you have device telemetry enabled by checking your firewall web interface (Device > Setup > Telemetry)."
}
],
"value": "This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled.\n\nYou can verify whether you have a GlobalProtect gateway configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways) and verify whether you have device telemetry enabled by checking your firewall web interface (Device > Setup > Telemetry)."
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Recommended Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682).\n\nIn addition to enabling Threat ID 95187, customers must ensure vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device. Please see <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184\">https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184</a> for more information.\n\nIf you are unable to apply the Threat Prevention based mitigation at this time, you can still mitigate the impact of this vulnerability by temporarily disabling device telemetry until the device is upgraded to a fixed PAN-OS version. Once upgraded, device telemetry must be re-enabled on the device.\n\nPlease see the following page for details on how to temporarily disable device telemetry: <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/device-telemetry/device-telemetry-configure/device-telemetry-disable\">https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/device-telemetry/device-telemetry-configure/device-telemetry-disable</a>.<br>"
}
],
"value": "Recommended Mitigation: Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682).\n\nIn addition to enabling Threat ID 95187, customers must ensure vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device. Please see https://live.paloaltonetworks.com/t5/globalprotect-articles/applying-vulnerability-protection-to-globalprotect-interfaces/ta-p/340184 for more information.\n\nIf you are unable to apply the Threat Prevention based mitigation at this time, you can still mitigate the impact of this vulnerability by temporarily disabling device telemetry until the device is upgraded to a fixed PAN-OS version. Once upgraded, device telemetry must be re-enabled on the device.\n\nPlease see the following page for details on how to temporarily disable device telemetry: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/device-telemetry/device-telemetry-configure/device-telemetry-disable .\n"
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability.<br>"
}
],
"value": "Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability.\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>This issue will be fixed in hotfix releases of PAN-OS 10.2.9-h1 (ETA: By 4/14), PAN-OS 11.0.4-h1 (ETA: By 4/14), and PAN-OS 11.1.2-h3 (ETA: By 4/14), and in all later PAN-OS versions.</p>"
}
],
"value": "This issue will be fixed in hotfix releases of PAN-OS 10.2.9-h1 (ETA: By 4/14), PAN-OS 11.0.4-h1 (ETA: By 4/14), and PAN-OS 11.1.2-h3 (ETA: By 4/14), and in all later PAN-OS versions.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Volexity for detecting and identifying this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

18
2024/3xxx/CVE-2024-3690.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3690",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/3xxx/CVE-2024-3691.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3691",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}