From 9c6366c53b1988a1721f7e36b630eadec7cf7612 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 25 Nov 2024 15:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11670.json | 71 ++++++++++++++++++++++++++++++++++ 2024/11xxx/CVE-2024-11671.json | 71 ++++++++++++++++++++++++++++++++++ 2024/11xxx/CVE-2024-11672.json | 71 ++++++++++++++++++++++++++++++++++ 2024/11xxx/CVE-2024-11673.json | 18 +++++++++ 2024/11xxx/CVE-2024-11674.json | 18 +++++++++ 2024/11xxx/CVE-2024-11675.json | 18 +++++++++ 2024/11xxx/CVE-2024-11676.json | 18 +++++++++ 2024/11xxx/CVE-2024-11677.json | 18 +++++++++ 2024/11xxx/CVE-2024-11678.json | 18 +++++++++ 2024/11xxx/CVE-2024-11679.json | 18 +++++++++ 2024/7xxx/CVE-2024-7130.json | 17 ++------ 11 files changed, 343 insertions(+), 13 deletions(-) create mode 100644 2024/11xxx/CVE-2024-11670.json create mode 100644 2024/11xxx/CVE-2024-11671.json create mode 100644 2024/11xxx/CVE-2024-11672.json create mode 100644 2024/11xxx/CVE-2024-11673.json create mode 100644 2024/11xxx/CVE-2024-11674.json create mode 100644 2024/11xxx/CVE-2024-11675.json create mode 100644 2024/11xxx/CVE-2024-11676.json create mode 100644 2024/11xxx/CVE-2024-11677.json create mode 100644 2024/11xxx/CVE-2024-11678.json create mode 100644 2024/11xxx/CVE-2024-11679.json diff --git a/2024/11xxx/CVE-2024-11670.json b/2024/11xxx/CVE-2024-11670.json new file mode 100644 index 00000000000..17efae63187 --- /dev/null +++ b/2024/11xxx/CVE-2024-11670.json @@ -0,0 +1,71 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-11670", + "ASSIGNER": "security@devolutions.net", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the \"View Password\" permission via specific actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Devolutions", + "product": { + "product_data": [ + { + "product_name": "Remote Desktop Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.2.21.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2024-0015", + "refsource": "MISC", + "name": "https://devolutions.net/security/advisories/DEVO-2024-0015" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11671.json b/2024/11xxx/CVE-2024-11671.json new file mode 100644 index 00000000000..a097fc1403f --- /dev/null +++ b/2024/11xxx/CVE-2024-11671.json @@ -0,0 +1,71 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-11671", + "ASSIGNER": "security@devolutions.net", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Devolutions", + "product": { + "product_data": [ + { + "product_name": "Remote Desktop Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.3.17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2024-0016", + "refsource": "MISC", + "name": "https://devolutions.net/security/advisories/DEVO-2024-0016" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11672.json b/2024/11xxx/CVE-2024-11672.json new file mode 100644 index 00000000000..029337e8d43 --- /dev/null +++ b/2024/11xxx/CVE-2024-11672.json @@ -0,0 +1,71 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-11672", + "ASSIGNER": "security@devolutions.net", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the \"Add\" permission via the import in vault feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Devolutions", + "product": { + "product_data": [ + { + "product_name": "Remote Desktop Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2024.2.21.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2024-0016", + "refsource": "MISC", + "name": "https://devolutions.net/security/advisories/DEVO-2024-0016" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11673.json b/2024/11xxx/CVE-2024-11673.json new file mode 100644 index 00000000000..d18d1f089f6 --- /dev/null +++ b/2024/11xxx/CVE-2024-11673.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11673", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11674.json b/2024/11xxx/CVE-2024-11674.json new file mode 100644 index 00000000000..afefdfb5258 --- /dev/null +++ b/2024/11xxx/CVE-2024-11674.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11674", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11675.json b/2024/11xxx/CVE-2024-11675.json new file mode 100644 index 00000000000..cc2d1bb8f25 --- /dev/null +++ b/2024/11xxx/CVE-2024-11675.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11675", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11676.json b/2024/11xxx/CVE-2024-11676.json new file mode 100644 index 00000000000..9984934bd88 --- /dev/null +++ b/2024/11xxx/CVE-2024-11676.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11676", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11677.json b/2024/11xxx/CVE-2024-11677.json new file mode 100644 index 00000000000..1f98a89f436 --- /dev/null +++ b/2024/11xxx/CVE-2024-11677.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11677", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11678.json b/2024/11xxx/CVE-2024-11678.json new file mode 100644 index 00000000000..60f83e06505 --- /dev/null +++ b/2024/11xxx/CVE-2024-11678.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11678", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11679.json b/2024/11xxx/CVE-2024-11679.json new file mode 100644 index 00000000000..3353598875e --- /dev/null +++ b/2024/11xxx/CVE-2024-11679.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11679", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7130.json b/2024/7xxx/CVE-2024-7130.json index 841c6f8fb92..1b6e0489bac 100644 --- a/2024/7xxx/CVE-2024-7130.json +++ b/2024/7xxx/CVE-2024-7130.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kion Computer KION Exchange Programs Software allows Reflected XSS.This issue affects KION Exchange Programs Software: through 21.11.2024.\n\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kion Computer KION Exchange Programs Software allows Reflected XSS.This issue affects KION Exchange Programs Software: before 1.21.9092.29966." } ] }, @@ -40,18 +40,9 @@ "version": { "version_data": [ { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "lessThanOrEqual": "21.11.2024", - "status": "affected", - "version": "0", - "versionType": "custom" - } - ], - "defaultStatus": "affected" - } + "version_affected": "<", + "version_name": "0", + "version_value": "1.21.9092.29966" } ] }