From 9efca41727e8d47be3835e1c9c3bdbe781196988 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 26 Nov 2024 08:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11202.json | 218 ++++++++++++++++++++++++++++++++- 2024/11xxx/CVE-2024-11737.json | 18 +++ 2024/11xxx/CVE-2024-11738.json | 18 +++ 2024/28xxx/CVE-2024-28038.json | 107 +++++++++++++++- 2024/28xxx/CVE-2024-28955.json | 107 +++++++++++++++- 2024/29xxx/CVE-2024-29146.json | 107 +++++++++++++++- 2024/29xxx/CVE-2024-29978.json | 107 +++++++++++++++- 2024/32xxx/CVE-2024-32151.json | 97 ++++++++++++++- 2024/33xxx/CVE-2024-33605.json | 97 ++++++++++++++- 2024/33xxx/CVE-2024-33610.json | 107 +++++++++++++++- 2024/33xxx/CVE-2024-33616.json | 106 +++++++++++++++- 2024/34xxx/CVE-2024-34162.json | 107 +++++++++++++++- 2024/35xxx/CVE-2024-35244.json | 107 +++++++++++++++- 2024/36xxx/CVE-2024-36248.json | 107 +++++++++++++++- 2024/36xxx/CVE-2024-36249.json | 102 ++++++++++++++- 2024/36xxx/CVE-2024-36251.json | 107 +++++++++++++++- 2024/36xxx/CVE-2024-36254.json | 102 ++++++++++++++- 2024/47xxx/CVE-2024-47257.json | 89 +++++++++++++- 2024/6xxx/CVE-2024-6476.json | 89 +++++++++++++- 2024/6xxx/CVE-2024-6749.json | 89 +++++++++++++- 2024/6xxx/CVE-2024-6831.json | 89 +++++++++++++- 2024/8xxx/CVE-2024-8160.json | 78 +++++++++++- 2024/8xxx/CVE-2024-8772.json | 78 +++++++++++- 2024/9xxx/CVE-2024-9504.json | 81 +++++++++++- 24 files changed, 2226 insertions(+), 88 deletions(-) create mode 100644 2024/11xxx/CVE-2024-11737.json create mode 100644 2024/11xxx/CVE-2024-11738.json diff --git a/2024/11xxx/CVE-2024-11202.json b/2024/11xxx/CVE-2024-11202.json index 65c2ff35754..2022231c3e6 100644 --- a/2024/11xxx/CVE-2024-11202.json +++ b/2024/11xxx/CVE-2024-11202.json @@ -1,17 +1,227 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11202", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "creativemindssolutions", + "product": { + "product_data": [ + { + "product_name": "CM WordPress Search And Replace Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.4.2" + } + ] + } + }, + { + "product_name": "Video Lessons Manager \u2013 WordPress LMS Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.8.2" + } + ] + } + }, + { + "product_name": "CM Tooltip Glossary", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.3.11" + } + ] + } + }, + { + "product_name": "CM Pop-Up Banners for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.7.5" + } + ] + } + }, + { + "product_name": "CM Header & Footer Script Loader \u2013 Insert Script Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.2.1" + } + ] + } + }, + { + "product_name": "Name: CM E-Mail Registration Blacklist", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.5.3" + } + ] + } + }, + { + "product_name": "CM Business Directory Plugin \u2013 Business Listing Directory", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db759c60-9ce9-407d-8d1f-cbbfd09759d5?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db759c60-9ce9-407d-8d1f-cbbfd09759d5?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/cm-pop-up-banners/trunk/package/cminds-free.php#L1471", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/cm-pop-up-banners/trunk/package/cminds-free.php#L1471" + }, + { + "url": "https://wordpress.org/plugins/cm-pop-up-banners/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/cm-pop-up-banners/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/cm-header-footer-script-loader/trunk/package/cminds-free.php#L1465", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/cm-header-footer-script-loader/trunk/package/cminds-free.php#L1465" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/enhanced-tooltipglossary/trunk/package/cminds-free.php#L1465", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/enhanced-tooltipglossary/trunk/package/cminds-free.php#L1465" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/cm-business-directory/trunk/package/cminds-free.php#L1465", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/cm-business-directory/trunk/package/cminds-free.php#L1465" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/cm-video-lesson-manager/trunk/package/cminds-free.php#L1465", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/cm-video-lesson-manager/trunk/package/cminds-free.php#L1465" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/cm-email-blacklist/trunk/package/cminds-free.php#L1465", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/cm-email-blacklist/trunk/package/cminds-free.php#L1465" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/cm-on-demand-search-and-replace/trunk/package/cminds-free.php#L1469", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/cm-on-demand-search-and-replace/trunk/package/cminds-free.php#L1469" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3191536/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3191536/" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3192416/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3192416/" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3193808/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3193808/" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3192354/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3192354/" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3194393/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3194393/" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3192808/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3192808/" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3192381/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3192381/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Peter Thaleikis" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/11xxx/CVE-2024-11737.json b/2024/11xxx/CVE-2024-11737.json new file mode 100644 index 00000000000..db33dee0aba --- /dev/null +++ b/2024/11xxx/CVE-2024-11737.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11737", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11738.json b/2024/11xxx/CVE-2024-11738.json new file mode 100644 index 00000000000..350e34e884f --- /dev/null +++ b/2024/11xxx/CVE-2024-11738.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11738", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28038.json b/2024/28xxx/CVE-2024-28038.json index 17753d158d7..6a0bc6d62b6 100644 --- a/2024/28xxx/CVE-2024-28038.json +++ b/2024/28xxx/CVE-2024-28038.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28038", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sharp Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Sharp Corporation listed under [References]" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Toshiba Tec Corporation listed under [References]" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://global.sharp/products/copier/info/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2024-05.html" + }, + { + "url": "https://jp.sharp/business/print/information/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://jp.sharp/business/print/information/info_security_2024-05.html" + }, + { + "url": "https://www.toshibatec.com/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_02.html" + }, + { + "url": "https://www.toshibatec.co.jp/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.co.jp/information/20240531_02.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93051062/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU93051062/" + }, + { + "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "CRITICAL", + "baseScore": 9, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ] } diff --git a/2024/28xxx/CVE-2024-28955.json b/2024/28xxx/CVE-2024-28955.json index 78d8809dba2..3527ec7d842 100644 --- a/2024/28xxx/CVE-2024-28955.json +++ b/2024/28xxx/CVE-2024-28955.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28955", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect permission assignment for critical resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sharp Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Sharp Corporation listed under [References]" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Toshiba Tec Corporation listed under [References]" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://global.sharp/products/copier/info/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2024-05.html" + }, + { + "url": "https://jp.sharp/business/print/information/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://jp.sharp/business/print/information/info_security_2024-05.html" + }, + { + "url": "https://www.toshibatec.com/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_02.html" + }, + { + "url": "https://www.toshibatec.co.jp/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.co.jp/information/20240531_02.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93051062/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU93051062/" + }, + { + "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 5.9, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ] } diff --git a/2024/29xxx/CVE-2024-29146.json b/2024/29xxx/CVE-2024-29146.json index fbb5cdfefe5..318868d6848 100644 --- a/2024/29xxx/CVE-2024-29146.json +++ b/2024/29xxx/CVE-2024-29146.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29146", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext storage of sensitive information", + "cweId": "CWE-312" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sharp Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Sharp Corporation listed under [References]" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Toshiba Tec Corporation listed under [References]" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://global.sharp/products/copier/info/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2024-05.html" + }, + { + "url": "https://jp.sharp/business/print/information/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://jp.sharp/business/print/information/info_security_2024-05.html" + }, + { + "url": "https://www.toshibatec.com/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_02.html" + }, + { + "url": "https://www.toshibatec.co.jp/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.co.jp/information/20240531_02.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93051062/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU93051062/" + }, + { + "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 5.9, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ] } diff --git a/2024/29xxx/CVE-2024-29978.json b/2024/29xxx/CVE-2024-29978.json index 4e8fe2371d3..e4a0a51e7d6 100644 --- a/2024/29xxx/CVE-2024-29978.json +++ b/2024/29xxx/CVE-2024-29978.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29978", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Plaintext storage of a password", + "cweId": "CWE-256" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sharp Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Sharp Corporation listed under [References]" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Toshiba Tec Corporation listed under [References]" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://global.sharp/products/copier/info/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2024-05.html" + }, + { + "url": "https://jp.sharp/business/print/information/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://jp.sharp/business/print/information/info_security_2024-05.html" + }, + { + "url": "https://www.toshibatec.com/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_02.html" + }, + { + "url": "https://www.toshibatec.co.jp/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.co.jp/information/20240531_02.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93051062/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU93051062/" + }, + { + "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 5.9, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ] } diff --git a/2024/32xxx/CVE-2024-32151.json b/2024/32xxx/CVE-2024-32151.json index 96aacff8014..6367b4bcccc 100644 --- a/2024/32xxx/CVE-2024-32151.json +++ b/2024/32xxx/CVE-2024-32151.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32151", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Storing passwords in a recoverable format", + "cweId": "CWE-257" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sharp Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Sharp Corporation listed under [References]" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Toshiba Tec Corporation listed under [References]" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://global.sharp/products/copier/info/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2024-05.html" + }, + { + "url": "https://jp.sharp/business/print/information/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://jp.sharp/business/print/information/info_security_2024-05.html" + }, + { + "url": "https://www.toshibatec.com/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_02.html" + }, + { + "url": "https://www.toshibatec.co.jp/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.co.jp/information/20240531_02.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93051062/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU93051062/" + }, + { + "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } diff --git a/2024/33xxx/CVE-2024-33605.json b/2024/33xxx/CVE-2024-33605.json index 459ae3778f1..47472ea415b 100644 --- a/2024/33xxx/CVE-2024-33605.json +++ b/2024/33xxx/CVE-2024-33605.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper limitation of a pathname to a restricted directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sharp Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Sharp Corporation listed under [References]" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Toshiba Tec Corporation listed under [References]" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://global.sharp/products/copier/info/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2024-05.html" + }, + { + "url": "https://jp.sharp/business/print/information/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://jp.sharp/business/print/information/info_security_2024-05.html" + }, + { + "url": "https://www.toshibatec.com/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_02.html" + }, + { + "url": "https://www.toshibatec.co.jp/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.co.jp/information/20240531_02.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93051062/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU93051062/" + }, + { + "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } diff --git a/2024/33xxx/CVE-2024-33610.json b/2024/33xxx/CVE-2024-33610.json index 945888dca75..8f48e45de34 100644 --- a/2024/33xxx/CVE-2024-33610.json +++ b/2024/33xxx/CVE-2024-33610.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33610", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\"sessionlist.html\" and \"sys_trayentryreboot.html\" are accessible with no authentication. \"sessionlist.html\" provides logged-in users' session information including session cookies, and \"sys_trayentryreboot.html\" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass Using an Alternate Path or Channel", + "cweId": "CWE-288" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sharp Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Sharp Corporation listed under [References]" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Toshiba Tec Corporation listed under [References]" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://global.sharp/products/copier/info/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2024-05.html" + }, + { + "url": "https://jp.sharp/business/print/information/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://jp.sharp/business/print/information/info_security_2024-05.html" + }, + { + "url": "https://www.toshibatec.com/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_02.html" + }, + { + "url": "https://www.toshibatec.co.jp/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.co.jp/information/20240531_02.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93051062/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU93051062/" + }, + { + "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "CRITICAL", + "baseScore": 9.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ] } diff --git a/2024/33xxx/CVE-2024-33616.json b/2024/33xxx/CVE-2024-33616.json index 3ec13e7b114..c0fb22b7e2e 100644 --- a/2024/33xxx/CVE-2024-33616.json +++ b/2024/33xxx/CVE-2024-33616.json @@ -1,17 +1,115 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sharp Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Sharp Corporation listed under [References]" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Toshiba Tec Corporation listed under [References]" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://global.sharp/products/copier/info/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2024-05.html" + }, + { + "url": "https://jp.sharp/business/print/information/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://jp.sharp/business/print/information/info_security_2024-05.html" + }, + { + "url": "https://www.toshibatec.com/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_02.html" + }, + { + "url": "https://www.toshibatec.co.jp/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.co.jp/information/20240531_02.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93051062/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU93051062/" + }, + { + "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] } diff --git a/2024/34xxx/CVE-2024-34162.json b/2024/34xxx/CVE-2024-34162.json index 8fd492db29c..31d9aaa0ee4 100644 --- a/2024/34xxx/CVE-2024-34162.json +++ b/2024/34xxx/CVE-2024-34162.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34162", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to \"SIMPLE\", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access to critical private variable via public method", + "cweId": "CWE-767" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sharp Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Sharp Corporation listed under [References]" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Toshiba Tec Corporation listed under [References]" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://global.sharp/products/copier/info/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2024-05.html" + }, + { + "url": "https://jp.sharp/business/print/information/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://jp.sharp/business/print/information/info_security_2024-05.html" + }, + { + "url": "https://www.toshibatec.com/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_02.html" + }, + { + "url": "https://www.toshibatec.co.jp/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.co.jp/information/20240531_02.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93051062/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU93051062/" + }, + { + "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] } diff --git a/2024/35xxx/CVE-2024-35244.json b/2024/35xxx/CVE-2024-35244.json index 79f1b883dd0..f2c1e65e697 100644 --- a/2024/35xxx/CVE-2024-35244.json +++ b/2024/35xxx/CVE-2024-35244.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35244", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of hard-coded credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sharp Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Sharp Corporation listed under [References]" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Toshiba Tec Corporation listed under [References]" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://global.sharp/products/copier/info/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2024-05.html" + }, + { + "url": "https://jp.sharp/business/print/information/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://jp.sharp/business/print/information/info_security_2024-05.html" + }, + { + "url": "https://www.toshibatec.com/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_02.html" + }, + { + "url": "https://www.toshibatec.co.jp/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.co.jp/information/20240531_02.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93051062/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU93051062/" + }, + { + "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "CRITICAL", + "baseScore": 9.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ] } diff --git a/2024/36xxx/CVE-2024-36248.json b/2024/36xxx/CVE-2024-36248.json index c240a876a64..8934108fe15 100644 --- a/2024/36xxx/CVE-2024-36248.json +++ b/2024/36xxx/CVE-2024-36248.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-36248", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of hard-coded credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sharp Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Sharp Corporation listed under [References]" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Toshiba Tec Corporation listed under [References]" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://global.sharp/products/copier/info/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2024-05.html" + }, + { + "url": "https://jp.sharp/business/print/information/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://jp.sharp/business/print/information/info_security_2024-05.html" + }, + { + "url": "https://www.toshibatec.com/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_02.html" + }, + { + "url": "https://www.toshibatec.co.jp/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.co.jp/information/20240531_02.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93051062/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU93051062/" + }, + { + "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "CRITICAL", + "baseScore": 9.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ] } diff --git a/2024/36xxx/CVE-2024-36249.json b/2024/36xxx/CVE-2024-36249.json index cf6645e4270..abd5fa4f3dd 100644 --- a/2024/36xxx/CVE-2024-36249.json +++ b/2024/36xxx/CVE-2024-36249.json @@ -1,17 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-36249", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sharp Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Sharp Corporation listed under [References]" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Toshiba Tec Corporation listed under [References]" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://global.sharp/products/copier/info/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2024-05.html" + }, + { + "url": "https://jp.sharp/business/print/information/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://jp.sharp/business/print/information/info_security_2024-05.html" + }, + { + "url": "https://www.toshibatec.com/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_02.html" + }, + { + "url": "https://www.toshibatec.co.jp/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.co.jp/information/20240531_02.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93051062/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU93051062/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" } ] } diff --git a/2024/36xxx/CVE-2024-36251.json b/2024/36xxx/CVE-2024-36251.json index 9ccc75b0d9e..904ed4f508b 100644 --- a/2024/36xxx/CVE-2024-36251.json +++ b/2024/36xxx/CVE-2024-36251.json @@ -1,17 +1,116 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-36251", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sharp Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Sharp Corporation listed under [References]" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Toshiba Tec Corporation listed under [References]" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://global.sharp/products/copier/info/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2024-05.html" + }, + { + "url": "https://jp.sharp/business/print/information/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://jp.sharp/business/print/information/info_security_2024-05.html" + }, + { + "url": "https://www.toshibatec.com/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_02.html" + }, + { + "url": "https://www.toshibatec.co.jp/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.co.jp/information/20240531_02.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93051062/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU93051062/" + }, + { + "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html", + "refsource": "MISC", + "name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ] } diff --git a/2024/36xxx/CVE-2024-36254.json b/2024/36xxx/CVE-2024-36254.json index 56e7251a387..34d62a0955d 100644 --- a/2024/36xxx/CVE-2024-36254.json +++ b/2024/36xxx/CVE-2024-36254.json @@ -1,17 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-36254", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Sharp Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Sharp Corporation listed under [References]" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Toshiba Tec Corporation", + "product": { + "product_data": [ + { + "product_name": "Multiple MFPs (multifunction printers)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See the information provided by Toshiba Tec Corporation listed under [References]" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://global.sharp/products/copier/info/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://global.sharp/products/copier/info/info_security_2024-05.html" + }, + { + "url": "https://jp.sharp/business/print/information/info_security_2024-05.html", + "refsource": "MISC", + "name": "https://jp.sharp/business/print/information/info_security_2024-05.html" + }, + { + "url": "https://www.toshibatec.com/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.com/information/20240531_02.html" + }, + { + "url": "https://www.toshibatec.co.jp/information/20240531_02.html", + "refsource": "MISC", + "name": "https://www.toshibatec.co.jp/information/20240531_02.html" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU93051062/", + "refsource": "MISC", + "name": "https://jvn.jp/en/vu/JVNVU93051062/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ] } diff --git a/2024/47xxx/CVE-2024-47257.json b/2024/47xxx/CVE-2024-47257.json index f1937c070f6..3944fb9fb74 100644 --- a/2024/47xxx/CVE-2024-47257.json +++ b/2024/47xxx/CVE-2024-47257.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47257", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@axis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Florent Thi\u00e9ry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. \nAxis has released patched AXIS OS versions for the highlighted flaw for products that are still under AXIS OS software support. Please refer to the Axis security advisory for more information and solution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1284: Improper Validation of Specified Quantity in Input", + "cweId": "CWE-1284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Axis Communications AB", + "product": { + "product_data": [ + { + "product_name": "AXIS Q6128-E PTZ Network Camera", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.50" + } + ] + } + }, + { + "product_name": "AXIS P1428-E Network Camera", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.50" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.axis.com/dam/public/permalink/231088/cve-2024-47257pdf-en-US_InternalID-231088.pdf", + "refsource": "MISC", + "name": "https://www.axis.com/dam/public/permalink/231088/cve-2024-47257pdf-en-US_InternalID-231088.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/6xxx/CVE-2024-6476.json b/2024/6xxx/CVE-2024-6476.json index fc0b382e6fb..4e73ac418d0 100644 --- a/2024/6xxx/CVE-2024-6476.json +++ b/2024/6xxx/CVE-2024-6476.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6476", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@axis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart. \n Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276: Incorrect Default Permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Axis Communications AB", + "product": { + "product_data": [ + { + "product_name": "AXIS Camera Station Pro", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<6.4" + } + ] + } + }, + { + "product_name": "AXIS Camera Station", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<5.57.33556" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.axis.com/dam/public/e5/24/82/cve-2024-6476pdf-en-US-455104.pdf", + "refsource": "MISC", + "name": "https://www.axis.com/dam/public/e5/24/82/cve-2024-6476pdf-en-US-455104.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/6xxx/CVE-2024-6749.json b/2024/6xxx/CVE-2024-6749.json index 03af9368fd0..94c0720d586 100644 --- a/2024/6xxx/CVE-2024-6749.json +++ b/2024/6xxx/CVE-2024-6749.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6749", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@axis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply. \n\n Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522: Insufficiently Protected Credentials", + "cweId": "CWE-522" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Axis Communications AB", + "product": { + "product_data": [ + { + "product_name": "AXIS Camera Station Pro", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.0 - 6.3" + } + ] + } + }, + { + "product_name": "AXIS Camera Station", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.25 - 5.57.27610" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.axis.com/dam/public/e6/e8/1e/cve-2024-6749-en-US-455106.pdf", + "refsource": "MISC", + "name": "https://www.axis.com/dam/public/e6/e8/1e/cve-2024-6749-en-US-455106.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/6xxx/CVE-2024-6831.json b/2024/6xxx/CVE-2024-6831.json index f3182d0dd32..ef8fb5cabaf 100644 --- a/2024/6xxx/CVE-2024-6831.json +++ b/2024/6xxx/CVE-2024-6831.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6831", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@axis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. \nAxis has released patched versions for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-602: Client-Side Enforcement of Server-Side Security", + "cweId": "CWE-602" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Axis Communications AB", + "product": { + "product_data": [ + { + "product_name": "AXIS Camera Station Pro", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<6.4" + } + ] + } + }, + { + "product_name": "AXIS Camera Station", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<5.57.33556" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.axis.com/dam/public/a2/9a/41/cve-2024-6831-en-US-455107.pdf", + "refsource": "MISC", + "name": "https://www.axis.com/dam/public/a2/9a/41/cve-2024-6831-en-US-455107.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8160.json b/2024/8xxx/CVE-2024-8160.json index f9deae2113e..1b7d4257ece 100644 --- a/2024/8xxx/CVE-2024-8160.json +++ b/2024/8xxx/CVE-2024-8160.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8160", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@axis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1286: Improper Validation of Syntactic Correctness of Input", + "cweId": "CWE-1286" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Axis Communications AB", + "product": { + "product_data": [ + { + "product_name": "AXIS OS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.9 - 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.axis.com/dam/public/permalink/231071/cve-2024-8160pdf-en-US_InternalID-231071.pdf", + "refsource": "MISC", + "name": "https://www.axis.com/dam/public/permalink/231071/cve-2024-8160pdf-en-US_InternalID-231071.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 3.8, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8772.json b/2024/8xxx/CVE-2024-8772.json index b4dc391ae2e..794e5172bd8 100644 --- a/2024/8xxx/CVE-2024-8772.json +++ b/2024/8xxx/CVE-2024-8772.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8772", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@axis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1286: Improper Validation of Syntactic Correctness of Input", + "cweId": "CWE-1286" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Axis Communications AB", + "product": { + "product_data": [ + { + "product_name": "AXIS OS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.80 - 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.axis.com/dam/public/permalink/231072/cve-2024-8772pdf-en-US_InternalID-231072.pdf", + "refsource": "MISC", + "name": "https://www.axis.com/dam/public/permalink/231072/cve-2024-8772pdf-en-US_InternalID-231072.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/9xxx/CVE-2024-9504.json b/2024/9xxx/CVE-2024-9504.json index 524628bcb99..febcba11d32 100644 --- a/2024/9xxx/CVE-2024-9504.json +++ b/2024/9xxx/CVE-2024-9504.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9504", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpdevart", + "product": { + "product_data": [ + { + "product_name": "Booking calendar, Appointment Booking System", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.2.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1fb05281-205f-4d9c-aac9-2b37e069a6fb?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1fb05281-205f-4d9c-aac9-2b37e069a6fb?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3195800/booking-calendar", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3195800/booking-calendar" + }, + { + "url": "https://hacked.be/posts/CVE-2024-9504", + "refsource": "MISC", + "name": "https://hacked.be/posts/CVE-2024-9504" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Rein Daelman" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] }