admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-19 20:00:36 +00:00
parent d88b8ef3c1
commit a18a02096e
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
56 changed files with 2284 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
2023/0xxx/CVE-2023-0636.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in ABB Ltd. ASPECT\u00ae-Enterprise on ASPECT\u00ae-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT\u00ae-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1.\n\n"
"value": "Improper Input Validation vulnerability in ABB Ltd. ASPECT\u00ae-Enterprise on ASPECT\u00ae-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT\u00ae-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}

6
2023/28xxx/CVE-2023-28600.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client.\n\n"
"value": "Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
"value": "CWE-378: Creation of Temporary File With Insecure Permissions",
"cweId": "CWE-378"
}
]
}

4
2023/28xxx/CVE-2023-28601.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
"value": "CWE-358: Improperly Implemented Security Check for Standard",
"cweId": "CWE-358"
}
]
}

4
2023/28xxx/CVE-2023-28603.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
"value": "CWE-73: External Control of File Name or Path",
"cweId": "CWE-73"
}
]
}

5
2023/33xxx/CVE-2023-33850.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nIBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132.\n\n"
"value": "IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "208 Information Exposure Through Timing Discrepancy"
"value": "CWE-203 Observable Discrepancy",
"cweId": "CWE-203"
}
]
}

6
2023/34xxx/CVE-2023-34116.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access.\n"
"value": "Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}

6
2023/34xxx/CVE-2023-34118.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\n"
"value": "Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
"value": "CWE-250: Execution with Unnecessary Privileges",
"cweId": "CWE-250"
}
]
}

6
2023/34xxx/CVE-2023-34119.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": " Insecure temporary file in the installer for Zoom Rooms for Windows\u00a0before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n"
"value": "Insecure temporary file in the installer for Zoom Rooms for Windows\u00a0before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-377: Insecure Temporary File",
"cweId": "CWE-377"
"value": "CWE-426 Untrusted Search Path",
"cweId": "CWE-426"
}
]
}

6
2023/34xxx/CVE-2023-34120.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": " Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges."
"value": "Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
"value": "CWE-347 Improper Verification of Cryptographic Signature",
"cweId": "CWE-347"
}
]
}

6
2023/34xxx/CVE-2023-34121.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": " Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access."
"value": "Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}

4
2023/36xxx/CVE-2023-36533.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
"value": "CWE-772 Missing Release of Resource after Effective Lifetime",
"cweId": "CWE-772"
}
]
}

6
2023/36xxx/CVE-2023-36537.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": " Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\n"
"value": "Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
"value": "CWE-354 Improper Validation of Integrity Check Value",
"cweId": "CWE-354"
}
]
}

7
2023/46xxx/CVE-2023-46380.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP."
"value": "LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
}
]
}

7
2023/46xxx/CVE-2023-46381.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI."
"value": "LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
}
]
}

7
2023/46xxx/CVE-2023-46382.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login."
"value": "LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
}
]
}

13
2024/0xxx/CVE-2024-0220.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data",
"cweId": "CWE-311"
"value": "CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation",
"cweId": "CWE-1240"
}
]
},
@ -43,15 +43,6 @@
"cweId": "CWE-94"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-326 Inadequate Encryption Strength",
"cweId": "CWE-326"
}
]
}
]
},

6
2024/0xxx/CVE-2024-0335.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may \nbe used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)\n\nThis issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.\n\n"
"value": "ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may \nbe used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)\n\n\nThis issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-23 Relative Path Traversal",
"cweId": "CWE-23"
}
]
}

75
2024/33xxx/CVE-2024-33109.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33109",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-33109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://tiptel.com",
"refsource": "MISC",
"name": "http://tiptel.com"
},
{
"refsource": "MISC",
"name": "https://www.bdosecurity.de/en-gb/advisories/cve-2024-33109",
"url": "https://www.bdosecurity.de/en-gb/advisories/cve-2024-33109"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
}

101
2024/38xxx/CVE-2024-38016.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38016",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microsoft Office Visio Remote Code Execution Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Microsoft Office LTSC 2021",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.0.1",
"version_value": "https://aka.ms/OfficeSecurityReleases"
}
]
}
},
{
"product_name": "Microsoft 365 Apps for Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.0.1",
"version_value": "https://aka.ms/OfficeSecurityReleases"
}
]
}
},
{
"product_name": "Microsoft Office 2019",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "19.0.0",
"version_value": "https://aka.ms/OfficeSecurityReleases"
}
]
}
},
{
"product_name": "Microsoft Visio 2016",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.0.1",
"version_value": "16.0.5465.1001"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38016",
"refsource": "MISC",
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38016"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.8,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}

2
2024/38xxx/CVE-2024-38216.json
View File

@ -42,7 +42,7 @@
{
"version_affected": "<",
"version_name": "1.0.0",
"version_value": "1.2311.1.22."
"version_value": "1.2406.1.15"
}
]
}

2
2024/38xxx/CVE-2024-38220.json
View File

@ -42,7 +42,7 @@
{
"version_affected": "<",
"version_name": "1.0.0",
"version_value": "1.2311.1.22."
"version_value": "1.2406.1.15"
}
]
}

2
2024/3xxx/CVE-2024-3727.json
View File

@ -1012,7 +1012,7 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
"defaultStatus": "unaffected"
}
},
{

26
2024/45xxx/CVE-2024-45496.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 4.12",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v4.12.0-202409131137.p1.g0b1971a.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.13",
"version": {
@ -147,6 +168,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6691"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6705",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6705"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-45496",
"refsource": "MISC",

82
2024/45xxx/CVE-2024-45861.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45861",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kastle Systems",
"product": {
"product_data": [
{
"product_name": "Access Control System",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "May 01, 2024"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Kastle Systems have fixed the system configuration vulnerabilities internally. No user interaction is required.</p><br>\n\n<br>"
}
],
"value": "Kastle Systems have fixed the system configuration vulnerabilities internally. No user interaction is required."
}
],
"credits": [
{
"lang": "en",
"value": "evildaemond (Adam Foster) reported these vulnerabilities to CISA."
}
]
}

82
2024/45xxx/CVE-2024-45862.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45862",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312 Cleartext Storage of Sensitive Information",
"cweId": "CWE-312"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kastle Systems",
"product": {
"product_data": [
{
"product_name": "Access Control System",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "May 01, 2024"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Kastle Systems have fixed the system configuration vulnerabilities internally. No user interaction is required.</p><br>\n\n<br>"
}
],
"value": "Kastle Systems have fixed the system configuration vulnerabilities internally. No user interaction is required."
}
],
"credits": [
{
"lang": "en",
"value": "evildaemond (Adam Foster) reported these vulnerabilities to CISA."
}
]
}

16
2024/47xxx/CVE-2024-47059.json
View File

@ -94,22 +94,26 @@
{
"lang": "en",
"value": "Tomasz Kowalczyk"
},
{
"lang": "en",
"value": "Rafa\u0142 Kami\u0144ski"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]

83
2024/47xxx/CVE-2024-47159.json Normal file
View File

@ -0,0 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-47159",
"ASSIGNER": "security@jetbrains.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JetBrains",
"product": {
"product_data": [
{
"product_name": "YouTrack",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2024.3.44799"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
}
]
}
}

83
2024/47xxx/CVE-2024-47160.json Normal file
View File

@ -0,0 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-47160",
"ASSIGNER": "security@jetbrains.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JetBrains",
"product": {
"product_data": [
{
"product_name": "YouTrack",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2024.3.44799"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}
}

18
2024/47xxx/CVE-2024-47161.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47161",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

83
2024/47xxx/CVE-2024-47162.json Normal file
View File

@ -0,0 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-47162",
"ASSIGNER": "security@jetbrains.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JetBrains",
"product": {
"product_data": [
{
"product_name": "YouTrack",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2024.3.44799"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N"
}
]
}
}

10
2024/4xxx/CVE-2024-4554.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
@ -78,6 +78,12 @@
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Rajveersinh Parmar"
}
],
"impact": {
"cvss": [
{

18
2024/5xxx/CVE-2024-5971.json
View File

@ -35,6 +35,19 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat build of Apache Camel 3.20.7 for Spring Boot",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot",
"version": {
@ -336,6 +349,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6508"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6883",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6883"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-5971",
"refsource": "MISC",

26
2024/7xxx/CVE-2024-7387.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 4.12",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v4.12.0-202409121032.p1.g609473f.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.13",
"version": {
@ -147,6 +168,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6691"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6705",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6705"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-7387",
"refsource": "MISC",

89
2024/7xxx/CVE-2024-7736.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7736",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "3DS.Information-Security@3ds.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dassault Syst\u00e8mes",
"product": {
"product_data": [
{
"product_name": "ENOVIA Collaborative Industry Innovator",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "Release 3DEXPERIENCE R2022x Golden",
"version_value": "Release 3DEXPERIENCE R2022x.FP.CFA.2424"
},
{
"version_affected": "<=",
"version_name": "Release 3DEXPERIENCE R2023x Golden",
"version_value": "Release 3DEXPERIENCE R2023x.FP.CFA.2428"
},
{
"version_affected": "<=",
"version_name": "Release 3DEXPERIENCE R2024x Golden",
"version_value": "Release 3DEXPERIENCE R2024x.FP.CFA.2424"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.3ds.com/vulnerability/advisories",
"refsource": "MISC",
"name": "https://www.3ds.com/vulnerability/advisories"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseSeverity": "HIGH",
"baseScore": 8.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"
}
]
}

89
2024/7xxx/CVE-2024-7737.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7737",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "3DS.Information-Security@3ds.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dassault Syst\u00e8mes",
"product": {
"product_data": [
{
"product_name": "3DSwymer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "Release 3DEXPERIENCE R2022x Golden",
"version_value": "Release 3DEXPERIENCE R2022x.FP.CFA.2424"
},
{
"version_affected": "<=",
"version_name": "Release 3DEXPERIENCE R2023x Golden",
"version_value": "Release 3DEXPERIENCE R2023x.FP.CFA.2428"
},
{
"version_affected": "<=",
"version_name": "Release 3DEXPERIENCE R2024x Golden",
"version_value": "Release 3DEXPERIENCE R2024x.FP.CFA.2424"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.3ds.com/vulnerability/advisories",
"refsource": "MISC",
"name": "https://www.3ds.com/vulnerability/advisories"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseSeverity": "HIGH",
"baseScore": 8.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"
}
]
}

18
2024/7xxx/CVE-2024-7885.json
View File

@ -35,6 +35,19 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat build of Apache Camel 3.20.7 for Spring Boot",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat build of Apache Camel 4.4.2 for Spring Boot",
"version": {
@ -230,6 +243,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6508"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6883",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6883"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-7885",
"refsource": "MISC",

66
2024/8xxx/CVE-2024-8375.json
View File

@ -1,18 +1,76 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8375",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There exists a use after free vulnerability in Reverb.\u00a0Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance. Afterwards, Reverb copies the content in tensor_content\u00a0to the previously mentioned pre-allocated memory, which results in the bytes in tensor_content\u00a0overwriting the vtable pointers of all the objects which were previously allocated.\u00a0Reverb exposes 2 relevant gRPC endpoints: InsertStream and SampleStream. The attacker can insert this stream into the server\u2019s database, then when the client next calls SampleStream they will unpack the tensor into RAM, and when any method on that object is called (including its destructor) the attacker gains control of the Program Counter. We recommend upgrading past git commit\u00a0 https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google Deepmind",
"product": {
"product_data": [
{
"product_name": "Reverb",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/google-deepmind/reverb/issues/141",
"refsource": "MISC",
"name": "https://github.com/google-deepmind/reverb/issues/141"
},
{
"url": "https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25",
"refsource": "MISC",
"name": "https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

93
2024/8xxx/CVE-2024-8651.json
View File

@ -1,18 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-204: Observable Response Discrepancy",
"cweId": "CWE-204"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NetCat",
"product": {
"product_data": [
{
"product_name": "NetCat CMS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "6.4.0.24126.2"
},
{
"status": "unaffected",
"version": "6.4.0.24248"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md",
"refsource": "MISC",
"name": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply patch from vendor <a target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\">https://netcat.ru/</a>. Versions 6.4.0.24248 and on have the patch. <br>"
}
],
"value": "Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"credits": [
{
"lang": "en",
"value": "The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)"
}
]
}

93
2024/8xxx/CVE-2024-8652.json
View File

@ -1,18 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8652",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NetCat",
"product": {
"product_data": [
{
"product_name": "NetCat CMS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "6.4.0.24126.2"
},
{
"status": "unaffected",
"version": "6.4.0.24248"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-002.md",
"refsource": "MISC",
"name": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-002.md"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply patch from vendor <a target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\">https://netcat.ru/</a>. Versions 6.4.0.24248 and on have the patch. <br>"
}
],
"value": "Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"credits": [
{
"lang": "en",
"value": "The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)"
}
]
}

93
2024/8xxx/CVE-2024-8653.json
View File

@ -1,18 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8653",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NetCat",
"product": {
"product_data": [
{
"product_name": "NetCat CMS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "6.4.0.24126.2"
},
{
"status": "unaffected",
"version": "6.4.0.24248"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-003.md",
"refsource": "MISC",
"name": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-003.md"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply patch from vendor <a target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\">https://netcat.ru/</a>. Versions 6.4.0.24248 and on have the patch. <br>"
}
],
"value": "Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"credits": [
{
"lang": "en",
"value": "The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)"
}
]
}

373
2024/8xxx/CVE-2024-8698.json
View File

@ -1,17 +1,382 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8698",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Verification of Cryptographic Signature",
"cweId": "CWE-347"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Build of Keycloak",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat build of Keycloak 22",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "22.0.13-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "22-18",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "22-21",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat build of Keycloak 24",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "24.0.8-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "24-17",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "24-17",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7.6 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:18.0.18-1.redhat_00001.1.el7sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7.6 for RHEL 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:18.0.18-1.redhat_00001.1.el8sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7.6 for RHEL 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:18.0.18-1.redhat_00001.1.el9sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "RHEL-8 based Middleware Containers",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "7.6-54",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:6878",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6878"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6879",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6879"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6880",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6880"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6882",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6882"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6886",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6886"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6887",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6887"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6888",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6888"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6889",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6889"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6890",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6890"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-8698",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2024-8698"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311641",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2311641"
},
{
"url": "https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415",
"refsource": "MISC",
"name": "https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Tanner Emek for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
]
}

349
2024/8xxx/CVE-2024-8883.json
View File

@ -1,17 +1,358 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8883",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Build of Keycloak",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat build of Keycloak 22",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "22.0.13-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "22-18",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "22-21",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat build of Keycloak 24",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "24.0.8-1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "24-17",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "24-17",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7.6 for RHEL 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:18.0.18-1.redhat_00001.1.el7sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7.6 for RHEL 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:18.0.18-1.redhat_00001.1.el8sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7.6 for RHEL 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:18.0.18-1.redhat_00001.1.el9sso",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "RHEL-8 based Middleware Containers",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "7.6-54",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:6878",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6878"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6879",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6879"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6880",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6880"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6882",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6882"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6886",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6886"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6887",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6887"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6888",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6888"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6889",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6889"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6890",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6890"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-8883",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2024-8883"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511"
},
{
"url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java",
"refsource": "MISC",
"name": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java"
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Karsten Meyer zu Selhausen and Niklas Conrad for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

92
2024/8xxx/CVE-2024-8963.json
View File

@ -1,17 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8963",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "responsible.disclosure@ivanti.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ivanti",
"product": {
"product_data": [
{
"product_name": "CSA (Cloud Services Appliance)",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "4.6 Patch 519",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963",
"refsource": "MISC",
"name": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
]
}

18
2024/9xxx/CVE-2024-9005.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9006.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9006",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9007.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9007",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9008.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9008",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9009.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9009",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9010.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9010",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9011.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9011",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9012.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9012",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9013.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9013",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9014.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9015.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9015",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9016.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9016",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9017.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9017",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}