diff --git a/2017/13xxx/CVE-2017-13310.json b/2017/13xxx/CVE-2017-13310.json index 9651610259d..790b2a4a9c2 100644 --- a/2017/13xxx/CVE-2017-13310.json +++ b/2017/13xxx/CVE-2017-13310.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-13310", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-13310", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.0." + }, + { + "version_affected": "=", + "version_value": "6.0.1" + }, + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + }, + { + "version_affected": "=", + "version_value": "nyc-mr1-dev" + }, + { + "version_affected": "=", + "version_value": "nyc-mr2-dev" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-05-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-05-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13311.json b/2017/13xxx/CVE-2017-13311.json index 37b6fcea89d..532c8f43dff 100644 --- a/2017/13xxx/CVE-2017-13311.json +++ b/2017/13xxx/CVE-2017-13311.json @@ -1,18 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-13311", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-13311", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + }, + { + "version_affected": "=", + "version_value": "nyc-mr1-dev" + }, + { + "version_affected": "=", + "version_value": "nyc-mr2-dev" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-05-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-05-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13312.json b/2017/13xxx/CVE-2017-13312.json index ff43ad53db9..43772fa51c7 100644 --- a/2017/13xxx/CVE-2017-13312.json +++ b/2017/13xxx/CVE-2017-13312.json @@ -1,18 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-13312", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-13312", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-05-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-05-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13314.json b/2017/13xxx/CVE-2017-13314.json index 2ff1dc2e488..444f79c0cd9 100644 --- a/2017/13xxx/CVE-2017-13314.json +++ b/2017/13xxx/CVE-2017-13314.json @@ -1,18 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-13314", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-13314", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + }, + { + "version_affected": "=", + "version_value": "nyc-mr1-dev" + }, + { + "version_affected": "=", + "version_value": "nyc-mr2-dev" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-05-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-05-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11290.json b/2024/11xxx/CVE-2024-11290.json new file mode 100644 index 00000000000..4d782031238 --- /dev/null +++ b/2024/11xxx/CVE-2024-11290.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11290", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11291.json b/2024/11xxx/CVE-2024-11291.json new file mode 100644 index 00000000000..a74560d8029 --- /dev/null +++ b/2024/11xxx/CVE-2024-11291.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11291", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/38xxx/CVE-2024-38370.json b/2024/38xxx/CVE-2024-38370.json index 8ac14bb2f55..5ce57dc06e3 100644 --- a/2024/38xxx/CVE-2024-38370.json +++ b/2024/38xxx/CVE-2024-38370.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38370", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "glpi-project", + "product": { + "product_data": [ + { + "product_name": "glpi", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 9.2.0, < 10.0.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-xrm2-m72w-w4x4", + "refsource": "MISC", + "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-xrm2-m72w-w4x4" + } + ] + }, + "source": { + "advisory": "GHSA-xrm2-m72w-w4x4", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42680.json b/2024/42xxx/CVE-2024-42680.json index abb09f2edd5..7d698b0c0c6 100644 --- a/2024/42xxx/CVE-2024-42680.json +++ b/2024/42xxx/CVE-2024-42680.json @@ -56,6 +56,11 @@ "url": "https://github.com/WarmBrew/web_vul/blob/main/CYGLXT/CYinfo.md", "refsource": "MISC", "name": "https://github.com/WarmBrew/web_vul/blob/main/CYGLXT/CYinfo.md" + }, + { + "refsource": "MISC", + "name": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-42680.md", + "url": "https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-42680.md" } ] } diff --git a/2024/49xxx/CVE-2024-49592.json b/2024/49xxx/CVE-2024-49592.json index c730fa8cce0..e22c7f3421e 100644 --- a/2024/49xxx/CVE-2024-49592.json +++ b/2024/49xxx/CVE-2024-49592.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-49592", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-49592", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads to Local Escalation of Privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mcafee.com/support/s/article/000002516?language=en_US", + "url": "https://www.mcafee.com/support/s/article/000002516?language=en_US" } ] } diff --git a/2024/51xxx/CVE-2024-51764.json b/2024/51xxx/CVE-2024-51764.json index d3600a89129..b229ff8035a 100644 --- a/2024/51xxx/CVE-2024-51764.json +++ b/2024/51xxx/CVE-2024-51764.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51764", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "SGI CXFS", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0", + "status": "affected", + "lessThan": "patch11804, patch11805, patch11806, patch11807", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04747en_us&docLocale=en_US", + "refsource": "MISC", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04747en_us&docLocale=en_US" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.15" } } \ No newline at end of file diff --git a/2024/51xxx/CVE-2024-51765.json b/2024/51xxx/CVE-2024-51765.json index f9143c57b7c..338fe3c1524 100644 --- a/2024/51xxx/CVE-2024-51765.json +++ b/2024/51xxx/CVE-2024-51765.json @@ -1,18 +1,76 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-51765", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Cray System Management Software", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0", + "status": "affected", + "lessThan": "COS-2.5.146, COS 23.11.1, CLE 7.0.UP04.PS19", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04748en_us&docLocale=en_US", + "refsource": "MISC", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbcr04748en_us&docLocale=en_US" + } + ] + }, + "generator": { + "engine": "cveClient/1.0.15" } } \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7991.json b/2024/7xxx/CVE-2024-7991.json index b3cd13767f2..ea28559ddf4 100644 --- a/2024/7xxx/CVE-2024-7991.json +++ b/2024/7xxx/CVE-2024-7991.json @@ -40,16 +40,180 @@ "version": { "version_data": [ { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "status": "affected", - "version": "2025" - } - ], - "defaultStatus": "affected" - } + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD LT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "DWG TrueView", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Infrastructure Parts Editor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Inventor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Navisworks Manage", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Navisworks Simulate", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Revit", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Vault Basic Client", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + } + ] + } + }, + { + "vendor_name": "AutoCAD", + "product": { + "product_data": [ + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" } ] } diff --git a/2024/7xxx/CVE-2024-7992.json b/2024/7xxx/CVE-2024-7992.json index d05af533875..ac2ec3c2f8d 100644 --- a/2024/7xxx/CVE-2024-7992.json +++ b/2024/7xxx/CVE-2024-7992.json @@ -40,16 +40,180 @@ "version": { "version_data": [ { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "status": "affected", - "version": "2025" - } - ], - "defaultStatus": "affected" - } + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD LT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "DWG TrueView", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Infrastructure Parts Editor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Inventor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Navisworks Manage", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Navisworks Simulate", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Revit", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Vault Basic Client", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + } + ] + } + }, + { + "vendor_name": "AutoCAD", + "product": { + "product_data": [ + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" } ] } diff --git a/2024/8xxx/CVE-2024-8896.json b/2024/8xxx/CVE-2024-8896.json index 346477617b5..4395b39afc6 100644 --- a/2024/8xxx/CVE-2024-8896.json +++ b/2024/8xxx/CVE-2024-8896.json @@ -41,7 +41,179 @@ "version_data": [ { "version_affected": "=", - "version_value": "2025.1" + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD LT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "DWG TrueView", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Infrastructure Parts Editor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Inventor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Navisworks Manage", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Navisworks Simulate", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Revit", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Vault Basic Client", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + } + ] + } + }, + { + "vendor_name": "AutoCAD", + "product": { + "product_data": [ + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" } ] } diff --git a/2024/9xxx/CVE-2024-9489.json b/2024/9xxx/CVE-2024-9489.json index ef967740039..ed966087033 100644 --- a/2024/9xxx/CVE-2024-9489.json +++ b/2024/9xxx/CVE-2024-9489.json @@ -41,7 +41,179 @@ "version_data": [ { "version_affected": "=", - "version_value": "2025.1" + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD LT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "DWG TrueView", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Infrastructure Parts Editor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Inventor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Navisworks Manage", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Navisworks Simulate", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Revit", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Vault Basic Client", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + } + ] + } + }, + { + "vendor_name": "AutoCAD", + "product": { + "product_data": [ + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" } ] } diff --git a/2024/9xxx/CVE-2024-9500.json b/2024/9xxx/CVE-2024-9500.json index 481d0477881..c6998647eeb 100644 --- a/2024/9xxx/CVE-2024-9500.json +++ b/2024/9xxx/CVE-2024-9500.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9500", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Autodesk", + "product": { + "product_data": [ + { + "product_name": "Installer", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.10.0.17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0023", + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0023" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/9xxx/CVE-2024-9996.json b/2024/9xxx/CVE-2024-9996.json index 6f6fd73f949..91f1da8a71c 100644 --- a/2024/9xxx/CVE-2024-9996.json +++ b/2024/9xxx/CVE-2024-9996.json @@ -41,7 +41,179 @@ "version_data": [ { "version_affected": "=", - "version_value": "2025.1" + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD LT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "DWG TrueView", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Infrastructure Parts Editor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Inventor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Navisworks Manage", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Navisworks Simulate", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Revit", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Vault Basic Client", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + } + ] + } + }, + { + "vendor_name": "AutoCAD", + "product": { + "product_data": [ + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" } ] } diff --git a/2024/9xxx/CVE-2024-9997.json b/2024/9xxx/CVE-2024-9997.json index 168e0ec01b6..ca4ed2a2d64 100644 --- a/2024/9xxx/CVE-2024-9997.json +++ b/2024/9xxx/CVE-2024-9997.json @@ -41,7 +41,179 @@ "version_data": [ { "version_affected": "=", - "version_value": "2025.1" + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD LT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Architecture", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Electrical", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Mechanical", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD MEP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "AutoCAD Plant 3D", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Advance Steel", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "DWG TrueView", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Infrastructure Parts Editor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Inventor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Navisworks Manage", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Navisworks Simulate", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Revit", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + }, + { + "product_name": "Vault Basic Client", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" + } + ] + } + } + ] + } + }, + { + "vendor_name": "AutoCAD", + "product": { + "product_data": [ + { + "product_name": "Civil 3D", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025" } ] }