diff --git a/2023/0xxx/CVE-2023-0636.json b/2023/0xxx/CVE-2023-0636.json
index d61254fab2f..1a115b92490 100644
--- a/2023/0xxx/CVE-2023-0636.json
+++ b/2023/0xxx/CVE-2023-0636.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Improper Input Validation vulnerability in ABB Ltd. ASPECT\u00ae-Enterprise on ASPECT\u00ae-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT\u00ae-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1.\n\n"
+ "value": "Improper Input Validation vulnerability in ABB Ltd. ASPECT\u00ae-Enterprise on ASPECT\u00ae-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT\u00ae-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1."
}
]
},
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-20 Improper Input Validation",
- "cweId": "CWE-20"
+ "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
+ "cweId": "CWE-77"
}
]
}
diff --git a/2023/28xxx/CVE-2023-28600.json b/2023/28xxx/CVE-2023-28600.json
index 2553a77dc8b..4b5a83e9bb2 100644
--- a/2023/28xxx/CVE-2023-28600.json
+++ b/2023/28xxx/CVE-2023-28600.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client.\n\n"
+ "value": "Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client."
}
]
},
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-284: Improper Access Control",
- "cweId": "CWE-284"
+ "value": "CWE-378: Creation of Temporary File With Insecure Permissions",
+ "cweId": "CWE-378"
}
]
}
diff --git a/2023/28xxx/CVE-2023-28601.json b/2023/28xxx/CVE-2023-28601.json
index 3148bddea04..e332eb9e0c2 100644
--- a/2023/28xxx/CVE-2023-28601.json
+++ b/2023/28xxx/CVE-2023-28601.json
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
- "cweId": "CWE-119"
+ "value": "CWE-358: Improperly Implemented Security Check for Standard",
+ "cweId": "CWE-358"
}
]
}
diff --git a/2023/28xxx/CVE-2023-28603.json b/2023/28xxx/CVE-2023-28603.json
index 73b13f6e340..840c5140f1a 100644
--- a/2023/28xxx/CVE-2023-28603.json
+++ b/2023/28xxx/CVE-2023-28603.json
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-284: Improper Access Control",
- "cweId": "CWE-284"
+ "value": "CWE-73: External Control of File Name or Path",
+ "cweId": "CWE-73"
}
]
}
diff --git a/2023/33xxx/CVE-2023-33850.json b/2023/33xxx/CVE-2023-33850.json
index 770e7cc5458..9f1c858abab 100644
--- a/2023/33xxx/CVE-2023-33850.json
+++ b/2023/33xxx/CVE-2023-33850.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "\nIBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132.\n\n"
+ "value": "IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132."
}
]
},
@@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "208 Information Exposure Through Timing Discrepancy"
+ "value": "CWE-203 Observable Discrepancy",
+ "cweId": "CWE-203"
}
]
}
diff --git a/2023/34xxx/CVE-2023-34116.json b/2023/34xxx/CVE-2023-34116.json
index af23b271ad3..eb4235dc6c3 100644
--- a/2023/34xxx/CVE-2023-34116.json
+++ b/2023/34xxx/CVE-2023-34116.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access.\n"
+ "value": "Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access."
}
]
},
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-20 Improper Input Validation",
- "cweId": "CWE-20"
+ "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
+ "cweId": "CWE-78"
}
]
}
diff --git a/2023/34xxx/CVE-2023-34118.json b/2023/34xxx/CVE-2023-34118.json
index e2673ef271c..0fc6beefefe 100644
--- a/2023/34xxx/CVE-2023-34118.json
+++ b/2023/34xxx/CVE-2023-34118.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\n"
+ "value": "Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access."
}
]
},
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-269 Improper Privilege Management",
- "cweId": "CWE-269"
+ "value": "CWE-250: Execution with Unnecessary Privileges",
+ "cweId": "CWE-250"
}
]
}
diff --git a/2023/34xxx/CVE-2023-34119.json b/2023/34xxx/CVE-2023-34119.json
index e88d8461488..92f23a2968b 100644
--- a/2023/34xxx/CVE-2023-34119.json
+++ b/2023/34xxx/CVE-2023-34119.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": " Insecure temporary file in the installer for Zoom Rooms for Windows\u00a0before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n"
+ "value": "Insecure temporary file in the installer for Zoom Rooms for Windows\u00a0before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access."
}
]
},
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-377: Insecure Temporary File",
- "cweId": "CWE-377"
+ "value": "CWE-426 Untrusted Search Path",
+ "cweId": "CWE-426"
}
]
}
diff --git a/2023/34xxx/CVE-2023-34120.json b/2023/34xxx/CVE-2023-34120.json
index 4a6fb6298ad..cf6e059fcb9 100644
--- a/2023/34xxx/CVE-2023-34120.json
+++ b/2023/34xxx/CVE-2023-34120.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": " Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges."
+ "value": "Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges."
}
]
},
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-269 Improper Privilege Management",
- "cweId": "CWE-269"
+ "value": "CWE-347 Improper Verification of Cryptographic Signature",
+ "cweId": "CWE-347"
}
]
}
diff --git a/2023/34xxx/CVE-2023-34121.json b/2023/34xxx/CVE-2023-34121.json
index e02b235f838..a22e308bf32 100644
--- a/2023/34xxx/CVE-2023-34121.json
+++ b/2023/34xxx/CVE-2023-34121.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": " Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access."
+ "value": "Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access."
}
]
},
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-20 Improper Input Validation",
- "cweId": "CWE-20"
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "cweId": "CWE-79"
}
]
}
diff --git a/2023/36xxx/CVE-2023-36533.json b/2023/36xxx/CVE-2023-36533.json
index 27e61711cc1..dcb6a0ca6c8 100644
--- a/2023/36xxx/CVE-2023-36533.json
+++ b/2023/36xxx/CVE-2023-36533.json
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-400 Uncontrolled Resource Consumption",
- "cweId": "CWE-400"
+ "value": "CWE-772 Missing Release of Resource after Effective Lifetime",
+ "cweId": "CWE-772"
}
]
}
diff --git a/2023/36xxx/CVE-2023-36537.json b/2023/36xxx/CVE-2023-36537.json
index 588eb67453a..e06ef937ecb 100644
--- a/2023/36xxx/CVE-2023-36537.json
+++ b/2023/36xxx/CVE-2023-36537.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": " Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\n"
+ "value": "Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access."
}
]
},
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-269 Improper Privilege Management",
- "cweId": "CWE-269"
+ "value": "CWE-354 Improper Validation of Integrity Check Value",
+ "cweId": "CWE-354"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46380.json b/2023/46xxx/CVE-2023-46380.json
index 05b94f7d024..e9cb5641941 100644
--- a/2023/46xxx/CVE-2023-46380.json
+++ b/2023/46xxx/CVE-2023-46380.json
@@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
- "value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP."
+ "value": "LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP."
}
]
},
@@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01",
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46381.json b/2023/46xxx/CVE-2023-46381.json
index 53624f51ebd..fc84870cbd4 100644
--- a/2023/46xxx/CVE-2023-46381.json
+++ b/2023/46xxx/CVE-2023-46381.json
@@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
- "value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI."
+ "value": "LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI."
}
]
},
@@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01",
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
}
]
}
diff --git a/2023/46xxx/CVE-2023-46382.json b/2023/46xxx/CVE-2023-46382.json
index c27cee7de0b..23c455f1ea5 100644
--- a/2023/46xxx/CVE-2023-46382.json
+++ b/2023/46xxx/CVE-2023-46382.json
@@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
- "value": "LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login."
+ "value": "LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login."
}
]
},
@@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01",
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
}
]
}
diff --git a/2024/0xxx/CVE-2024-0220.json b/2024/0xxx/CVE-2024-0220.json
index 1f0067ed11f..89f8feed3b4 100644
--- a/2024/0xxx/CVE-2024-0220.json
+++ b/2024/0xxx/CVE-2024-0220.json
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-311 Missing Encryption of Sensitive Data",
- "cweId": "CWE-311"
+ "value": "CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation",
+ "cweId": "CWE-1240"
}
]
},
@@ -43,15 +43,6 @@
"cweId": "CWE-94"
}
]
- },
- {
- "description": [
- {
- "lang": "eng",
- "value": "CWE-326 Inadequate Encryption Strength",
- "cweId": "CWE-326"
- }
- ]
}
]
},
diff --git a/2024/0xxx/CVE-2024-0335.json b/2024/0xxx/CVE-2024-0335.json
index dcf8c917a11..0e6cc09748c 100644
--- a/2024/0xxx/CVE-2024-0335.json
+++ b/2024/0xxx/CVE-2024-0335.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "\nABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may \nbe used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)\n\nThis issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.\n\n"
+ "value": "ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may \nbe used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)\n\n\nThis issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2."
}
]
},
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-20 Improper Input Validation",
- "cweId": "CWE-20"
+ "value": "CWE-23 Relative Path Traversal",
+ "cweId": "CWE-23"
}
]
}
diff --git a/2024/33xxx/CVE-2024-33109.json b/2024/33xxx/CVE-2024-33109.json
index f9b102644af..8a2792f08cc 100644
--- a/2024/33xxx/CVE-2024-33109.json
+++ b/2024/33xxx/CVE-2024-33109.json
@@ -1,18 +1,81 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-33109",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-33109",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "http://tiptel.com",
+ "refsource": "MISC",
+ "name": "http://tiptel.com"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.bdosecurity.de/en-gb/advisories/cve-2024-33109",
+ "url": "https://www.bdosecurity.de/en-gb/advisories/cve-2024-33109"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:L/S:C/UI:N",
+ "version": "3.1"
+ }
}
}
\ No newline at end of file
diff --git a/2024/38xxx/CVE-2024-38016.json b/2024/38xxx/CVE-2024-38016.json
index 42d9b9a2656..a6f8339653b 100644
--- a/2024/38xxx/CVE-2024-38016.json
+++ b/2024/38xxx/CVE-2024-38016.json
@@ -1,17 +1,110 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38016",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secure@microsoft.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Microsoft Office Visio Remote Code Execution Vulnerability"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-284: Improper Access Control",
+ "cweId": "CWE-284"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Microsoft",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Microsoft Office LTSC 2021",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "16.0.1",
+ "version_value": "https://aka.ms/OfficeSecurityReleases"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Microsoft 365 Apps for Enterprise",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "16.0.1",
+ "version_value": "https://aka.ms/OfficeSecurityReleases"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Microsoft Office 2019",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "19.0.0",
+ "version_value": "https://aka.ms/OfficeSecurityReleases"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Microsoft Visio 2016",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "16.0.1",
+ "version_value": "16.0.5465.1001"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38016",
+ "refsource": "MISC",
+ "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38016"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseSeverity": "HIGH",
+ "baseScore": 7.8,
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
diff --git a/2024/38xxx/CVE-2024-38216.json b/2024/38xxx/CVE-2024-38216.json
index ea6a7df0356..3cf0c87a6ad 100644
--- a/2024/38xxx/CVE-2024-38216.json
+++ b/2024/38xxx/CVE-2024-38216.json
@@ -42,7 +42,7 @@
{
"version_affected": "<",
"version_name": "1.0.0",
- "version_value": "1.2311.1.22."
+ "version_value": "1.2406.1.15"
}
]
}
diff --git a/2024/38xxx/CVE-2024-38220.json b/2024/38xxx/CVE-2024-38220.json
index d41ef538047..96a32813cb7 100644
--- a/2024/38xxx/CVE-2024-38220.json
+++ b/2024/38xxx/CVE-2024-38220.json
@@ -42,7 +42,7 @@
{
"version_affected": "<",
"version_name": "1.0.0",
- "version_value": "1.2311.1.22."
+ "version_value": "1.2406.1.15"
}
]
}
diff --git a/2024/3xxx/CVE-2024-3727.json b/2024/3xxx/CVE-2024-3727.json
index 60b7aa7ee74..f5353eb638f 100644
--- a/2024/3xxx/CVE-2024-3727.json
+++ b/2024/3xxx/CVE-2024-3727.json
@@ -1012,7 +1012,7 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
- "defaultStatus": "affected"
+ "defaultStatus": "unaffected"
}
},
{
diff --git a/2024/45xxx/CVE-2024-45496.json b/2024/45xxx/CVE-2024-45496.json
index bc1bf08c09b..54ce7106017 100644
--- a/2024/45xxx/CVE-2024-45496.json
+++ b/2024/45xxx/CVE-2024-45496.json
@@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
+ {
+ "product_name": "Red Hat OpenShift Container Platform 4.12",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "v4.12.0-202409131137.p1.g0b1971a.assembly.stream.el8",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
{
"product_name": "Red Hat OpenShift Container Platform 4.13",
"version": {
@@ -147,6 +168,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6691"
},
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6705",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6705"
+ },
{
"url": "https://access.redhat.com/security/cve/CVE-2024-45496",
"refsource": "MISC",
diff --git a/2024/45xxx/CVE-2024-45861.json b/2024/45xxx/CVE-2024-45861.json
index acd18322549..b7b5ecb048e 100644
--- a/2024/45xxx/CVE-2024-45861.json
+++ b/2024/45xxx/CVE-2024-45861.json
@@ -1,18 +1,90 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45861",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-798 Use of Hard-coded Credentials",
+ "cweId": "CWE-798"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Kastle Systems",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Access Control System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "May 01, 2024"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Kastle Systems have fixed the system configuration vulnerabilities internally. No user interaction is required.
\n\n
"
+ }
+ ],
+ "value": "Kastle Systems have fixed the system configuration vulnerabilities internally. No user interaction is required."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "evildaemond (Adam Foster) reported these vulnerabilities to CISA."
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/45xxx/CVE-2024-45862.json b/2024/45xxx/CVE-2024-45862.json
index 942643b4d85..1908b1144b8 100644
--- a/2024/45xxx/CVE-2024-45862.json
+++ b/2024/45xxx/CVE-2024-45862.json
@@ -1,18 +1,90 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45862",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-312 Cleartext Storage of Sensitive Information",
+ "cweId": "CWE-312"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Kastle Systems",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Access Control System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "May 01, 2024"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Kastle Systems have fixed the system configuration vulnerabilities internally. No user interaction is required.
\n\n
"
+ }
+ ],
+ "value": "Kastle Systems have fixed the system configuration vulnerabilities internally. No user interaction is required."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "evildaemond (Adam Foster) reported these vulnerabilities to CISA."
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/47xxx/CVE-2024-47059.json b/2024/47xxx/CVE-2024-47059.json
index 4bc31366ea1..6b2cefb9946 100644
--- a/2024/47xxx/CVE-2024-47059.json
+++ b/2024/47xxx/CVE-2024-47059.json
@@ -94,22 +94,26 @@
{
"lang": "en",
"value": "Tomasz Kowalczyk"
+ },
+ {
+ "lang": "en",
+ "value": "Rafa\u0142 Kami\u0144ski"
}
],
"impact": {
"cvss": [
{
- "attackComplexity": "HIGH",
+ "attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
- "baseScore": 0,
- "baseSeverity": "NONE",
- "confidentialityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
"integrityImpact": "NONE",
- "privilegesRequired": "NONE",
+ "privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
diff --git a/2024/47xxx/CVE-2024-47159.json b/2024/47xxx/CVE-2024-47159.json
new file mode 100644
index 00000000000..7de25781dde
--- /dev/null
+++ b/2024/47xxx/CVE-2024-47159.json
@@ -0,0 +1,83 @@
+{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-47159",
+ "ASSIGNER": "security@jetbrains.com",
+ "STATE": "PUBLIC"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-863",
+ "cweId": "CWE-863"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "JetBrains",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "YouTrack",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "2024.3.44799"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
+ "refsource": "MISC",
+ "name": "https://www.jetbrains.com/privacy-security/issues-fixed/"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/47xxx/CVE-2024-47160.json b/2024/47xxx/CVE-2024-47160.json
new file mode 100644
index 00000000000..cb9b9a90f95
--- /dev/null
+++ b/2024/47xxx/CVE-2024-47160.json
@@ -0,0 +1,83 @@
+{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-47160",
+ "ASSIGNER": "security@jetbrains.com",
+ "STATE": "PUBLIC"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-863",
+ "cweId": "CWE-863"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "JetBrains",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "YouTrack",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "2024.3.44799"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
+ "refsource": "MISC",
+ "name": "https://www.jetbrains.com/privacy-security/issues-fixed/"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/47xxx/CVE-2024-47161.json b/2024/47xxx/CVE-2024-47161.json
new file mode 100644
index 00000000000..f2d4f3bc6eb
--- /dev/null
+++ b/2024/47xxx/CVE-2024-47161.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-47161",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/47xxx/CVE-2024-47162.json b/2024/47xxx/CVE-2024-47162.json
new file mode 100644
index 00000000000..c66174db993
--- /dev/null
+++ b/2024/47xxx/CVE-2024-47162.json
@@ -0,0 +1,83 @@
+{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-47162",
+ "ASSIGNER": "security@jetbrains.com",
+ "STATE": "PUBLIC"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-522",
+ "cweId": "CWE-522"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "JetBrains",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "YouTrack",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "2024.3.44799"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
+ "refsource": "MISC",
+ "name": "https://www.jetbrains.com/privacy-security/issues-fixed/"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.1,
+ "baseSeverity": "MEDIUM",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/4xxx/CVE-2024-4554.json b/2024/4xxx/CVE-2024-4554.json
index 0862d33229b..f8315241192 100644
--- a/2024/4xxx/CVE-2024-4554.json
+++ b/2024/4xxx/CVE-2024-4554.json
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-20 Improper Input Validation",
- "cweId": "CWE-20"
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "cweId": "CWE-79"
}
]
}
@@ -78,6 +78,12 @@
"source": {
"discovery": "UNKNOWN"
},
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Rajveersinh Parmar"
+ }
+ ],
"impact": {
"cvss": [
{
diff --git a/2024/5xxx/CVE-2024-5971.json b/2024/5xxx/CVE-2024-5971.json
index 52fb266b2b6..abae8288fd5 100644
--- a/2024/5xxx/CVE-2024-5971.json
+++ b/2024/5xxx/CVE-2024-5971.json
@@ -35,6 +35,19 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
+ {
+ "product_name": "Red Hat build of Apache Camel 3.20.7 for Spring Boot",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
{
"product_name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot",
"version": {
@@ -336,6 +349,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6508"
},
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6883",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6883"
+ },
{
"url": "https://access.redhat.com/security/cve/CVE-2024-5971",
"refsource": "MISC",
diff --git a/2024/7xxx/CVE-2024-7387.json b/2024/7xxx/CVE-2024-7387.json
index a6f7ed2f2df..d01aab06ed2 100644
--- a/2024/7xxx/CVE-2024-7387.json
+++ b/2024/7xxx/CVE-2024-7387.json
@@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
+ {
+ "product_name": "Red Hat OpenShift Container Platform 4.12",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "v4.12.0-202409121032.p1.g609473f.assembly.stream.el8",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
{
"product_name": "Red Hat OpenShift Container Platform 4.13",
"version": {
@@ -147,6 +168,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6691"
},
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6705",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6705"
+ },
{
"url": "https://access.redhat.com/security/cve/CVE-2024-7387",
"refsource": "MISC",
diff --git a/2024/7xxx/CVE-2024-7736.json b/2024/7xxx/CVE-2024-7736.json
index c78592959e0..a205e8d8a3d 100644
--- a/2024/7xxx/CVE-2024-7736.json
+++ b/2024/7xxx/CVE-2024-7736.json
@@ -1,17 +1,98 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7736",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "3DS.Information-Security@3ds.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Dassault Syst\u00e8mes",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ENOVIA Collaborative Industry Innovator",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "Release 3DEXPERIENCE R2022x Golden",
+ "version_value": "Release 3DEXPERIENCE R2022x.FP.CFA.2424"
+ },
+ {
+ "version_affected": "<=",
+ "version_name": "Release 3DEXPERIENCE R2023x Golden",
+ "version_value": "Release 3DEXPERIENCE R2023x.FP.CFA.2428"
+ },
+ {
+ "version_affected": "<=",
+ "version_name": "Release 3DEXPERIENCE R2024x Golden",
+ "version_value": "Release 3DEXPERIENCE R2024x.FP.CFA.2424"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.3ds.com/vulnerability/advisories",
+ "refsource": "MISC",
+ "name": "https://www.3ds.com/vulnerability/advisories"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseSeverity": "HIGH",
+ "baseScore": 8.7,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"
}
]
}
diff --git a/2024/7xxx/CVE-2024-7737.json b/2024/7xxx/CVE-2024-7737.json
index 998170411dc..0512e942989 100644
--- a/2024/7xxx/CVE-2024-7737.json
+++ b/2024/7xxx/CVE-2024-7737.json
@@ -1,17 +1,98 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7737",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "3DS.Information-Security@3ds.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Dassault Syst\u00e8mes",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "3DSwymer",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "Release 3DEXPERIENCE R2022x Golden",
+ "version_value": "Release 3DEXPERIENCE R2022x.FP.CFA.2424"
+ },
+ {
+ "version_affected": "<=",
+ "version_name": "Release 3DEXPERIENCE R2023x Golden",
+ "version_value": "Release 3DEXPERIENCE R2023x.FP.CFA.2428"
+ },
+ {
+ "version_affected": "<=",
+ "version_name": "Release 3DEXPERIENCE R2024x Golden",
+ "version_value": "Release 3DEXPERIENCE R2024x.FP.CFA.2424"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.3ds.com/vulnerability/advisories",
+ "refsource": "MISC",
+ "name": "https://www.3ds.com/vulnerability/advisories"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseSeverity": "HIGH",
+ "baseScore": 8.7,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"
}
]
}
diff --git a/2024/7xxx/CVE-2024-7885.json b/2024/7xxx/CVE-2024-7885.json
index 074fb8fdb26..2d82ace7759 100644
--- a/2024/7xxx/CVE-2024-7885.json
+++ b/2024/7xxx/CVE-2024-7885.json
@@ -35,6 +35,19 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
+ {
+ "product_name": "Red Hat build of Apache Camel 3.20.7 for Spring Boot",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
{
"product_name": "Red Hat build of Apache Camel 4.4.2 for Spring Boot",
"version": {
@@ -230,6 +243,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6508"
},
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6883",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6883"
+ },
{
"url": "https://access.redhat.com/security/cve/CVE-2024-7885",
"refsource": "MISC",
diff --git a/2024/8xxx/CVE-2024-8375.json b/2024/8xxx/CVE-2024-8375.json
index efac2c58b63..578d3bdfdf1 100644
--- a/2024/8xxx/CVE-2024-8375.json
+++ b/2024/8xxx/CVE-2024-8375.json
@@ -1,18 +1,76 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8375",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@google.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "There exists a use after free vulnerability in Reverb.\u00a0Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance. Afterwards, Reverb copies the content in tensor_content\u00a0to the previously mentioned pre-allocated memory, which results in the bytes in tensor_content\u00a0overwriting the vtable pointers of all the objects which were previously allocated.\u00a0Reverb exposes 2 relevant gRPC endpoints: InsertStream and SampleStream. The attacker can insert this stream into the server\u2019s database, then when the client next calls SampleStream they will unpack the tensor into RAM, and when any method on that object is called (including its destructor) the attacker gains control of the Program Counter. We recommend upgrading past git commit\u00a0 https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25"
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-502 Deserialization of Untrusted Data",
+ "cweId": "CWE-502"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Google Deepmind",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Reverb",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/google-deepmind/reverb/issues/141",
+ "refsource": "MISC",
+ "name": "https://github.com/google-deepmind/reverb/issues/141"
+ },
+ {
+ "url": "https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25",
+ "refsource": "MISC",
+ "name": "https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
}
}
\ No newline at end of file
diff --git a/2024/8xxx/CVE-2024-8651.json b/2024/8xxx/CVE-2024-8651.json
index 8216971ea29..5d16e108c1c 100644
--- a/2024/8xxx/CVE-2024-8651.json
+++ b/2024/8xxx/CVE-2024-8651.json
@@ -1,18 +1,101 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8651",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vulnerability@kaspersky.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-204: Observable Response Discrepancy",
+ "cweId": "CWE-204"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "NetCat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "NetCat CMS",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "6.4.0.24126.2"
+ },
+ {
+ "status": "unaffected",
+ "version": "6.4.0.24248"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md",
+ "refsource": "MISC",
+ "name": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Apply patch from vendor https://netcat.ru/. Versions 6.4.0.24248 and on have the patch.
"
+ }
+ ],
+ "value": "Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/8xxx/CVE-2024-8652.json b/2024/8xxx/CVE-2024-8652.json
index 4495e53c584..a33a2e38b13 100644
--- a/2024/8xxx/CVE-2024-8652.json
+++ b/2024/8xxx/CVE-2024-8652.json
@@ -1,18 +1,101 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8652",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vulnerability@kaspersky.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "NetCat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "NetCat CMS",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "6.4.0.24126.2"
+ },
+ {
+ "status": "unaffected",
+ "version": "6.4.0.24248"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-002.md",
+ "refsource": "MISC",
+ "name": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-002.md"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Apply patch from vendor https://netcat.ru/. Versions 6.4.0.24248 and on have the patch.
"
+ }
+ ],
+ "value": "Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/8xxx/CVE-2024-8653.json b/2024/8xxx/CVE-2024-8653.json
index 4f58a1ca49a..d2b5f7d0fb8 100644
--- a/2024/8xxx/CVE-2024-8653.json
+++ b/2024/8xxx/CVE-2024-8653.json
@@ -1,18 +1,101 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8653",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vulnerability@kaspersky.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "NetCat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "NetCat CMS",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "6.4.0.24126.2"
+ },
+ {
+ "status": "unaffected",
+ "version": "6.4.0.24248"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-003.md",
+ "refsource": "MISC",
+ "name": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-003.md"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Apply patch from vendor https://netcat.ru/. Versions 6.4.0.24248 and on have the patch.
"
+ }
+ ],
+ "value": "Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/8xxx/CVE-2024-8698.json b/2024/8xxx/CVE-2024-8698.json
index 8a7acddf78f..9889b741e64 100644
--- a/2024/8xxx/CVE-2024-8698.json
+++ b/2024/8xxx/CVE-2024-8698.json
@@ -1,17 +1,382 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8698",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secalert@redhat.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Improper Verification of Cryptographic Signature",
+ "cweId": "CWE-347"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Build of Keycloak",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "unaffected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "unaffected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat build of Keycloak 22",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "22.0.13-1",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "22-18",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "22-21",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat build of Keycloak 24",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "24.0.8-1",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "24-17",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "24-17",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Single Sign-On 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "unaffected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "0:18.0.18-1.redhat_00001.1.el7sso",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "0:18.0.18-1.redhat_00001.1.el8sso",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "0:18.0.18-1.redhat_00001.1.el9sso",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "RHEL-8 based Middleware Containers",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "7.6-54",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat JBoss Enterprise Application Platform 8",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6878",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6878"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6879",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6879"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6880",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6880"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6882",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6882"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6886",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6886"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6887",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6887"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6888",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6888"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6889",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6889"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6890",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6890"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2024-8698",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2024-8698"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311641",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2311641"
+ },
+ {
+ "url": "https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415",
+ "refsource": "MISC",
+ "name": "https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415"
+ }
+ ]
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Red Hat would like to thank Tanner Emek for reporting this issue."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.7,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2024/8xxx/CVE-2024-8883.json b/2024/8xxx/CVE-2024-8883.json
index d103888ca8c..140b346d1ae 100644
--- a/2024/8xxx/CVE-2024-8883.json
+++ b/2024/8xxx/CVE-2024-8883.json
@@ -1,17 +1,358 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8883",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secalert@redhat.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "URL Redirection to Untrusted Site ('Open Redirect')",
+ "cweId": "CWE-601"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Red Hat Build of Keycloak",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "unaffected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat build of Keycloak 22",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "22.0.13-1",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "22-18",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "22-21",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat build of Keycloak 24",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "24.0.8-1",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "24-17",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "24-17",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Single Sign-On 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "0:18.0.18-1.redhat_00001.1.el7sso",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "0:18.0.18-1.redhat_00001.1.el8sso",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "0:18.0.18-1.redhat_00001.1.el9sso",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "RHEL-8 based Middleware Containers",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "7.6-54",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Red Hat JBoss Enterprise Application Platform 8",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6878",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6878"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6879",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6879"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6880",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6880"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6882",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6882"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6886",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6886"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6887",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6887"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6888",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6888"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6889",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6889"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:6890",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/errata/RHSA-2024:6890"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2024-8883",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2024-8883"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511"
+ },
+ {
+ "url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java",
+ "refsource": "MISC",
+ "name": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Red Hat would like to thank Karsten Meyer zu Selhausen and Niklas Conrad for reporting this issue."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/8xxx/CVE-2024-8963.json b/2024/8xxx/CVE-2024-8963.json
index 2ca7fda6b82..383f487a66a 100644
--- a/2024/8xxx/CVE-2024-8963.json
+++ b/2024/8xxx/CVE-2024-8963.json
@@ -1,17 +1,101 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8963",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "responsible.disclosure@ivanti.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
+ "cweId": "CWE-22"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Ivanti",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CSA (Cloud Services Appliance)",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "unaffected",
+ "version": "4.6 Patch 519",
+ "versionType": "custom"
+ },
+ {
+ "status": "unaffected",
+ "version": "5.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963",
+ "refsource": "MISC",
+ "name": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 9.4,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2024/9xxx/CVE-2024-9005.json b/2024/9xxx/CVE-2024-9005.json
new file mode 100644
index 00000000000..0db8015327f
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9005.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9005",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9006.json b/2024/9xxx/CVE-2024-9006.json
new file mode 100644
index 00000000000..406115edb0e
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9006.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9006",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9007.json b/2024/9xxx/CVE-2024-9007.json
new file mode 100644
index 00000000000..4db96f5880d
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9007.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9007",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9008.json b/2024/9xxx/CVE-2024-9008.json
new file mode 100644
index 00000000000..5c15402d743
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9008.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9008",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9009.json b/2024/9xxx/CVE-2024-9009.json
new file mode 100644
index 00000000000..799bacb936f
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9009.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9009",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9010.json b/2024/9xxx/CVE-2024-9010.json
new file mode 100644
index 00000000000..6c44dfb4718
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9010.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9010",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9011.json b/2024/9xxx/CVE-2024-9011.json
new file mode 100644
index 00000000000..3f98338fa77
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9011.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9011",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9012.json b/2024/9xxx/CVE-2024-9012.json
new file mode 100644
index 00000000000..1d7c4921e84
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9012.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9012",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9013.json b/2024/9xxx/CVE-2024-9013.json
new file mode 100644
index 00000000000..c292d3a8cc4
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9013.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9013",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9014.json b/2024/9xxx/CVE-2024-9014.json
new file mode 100644
index 00000000000..f03719d123c
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9014.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9014",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9015.json b/2024/9xxx/CVE-2024-9015.json
new file mode 100644
index 00000000000..3f5471b3692
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9015.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9015",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9016.json b/2024/9xxx/CVE-2024-9016.json
new file mode 100644
index 00000000000..3fc11bb6236
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9016.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9016",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9017.json b/2024/9xxx/CVE-2024-9017.json
new file mode 100644
index 00000000000..81685866b4b
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9017.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9017",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file