From a2a4a84bafd323969ac661edfeecb7ccd313972e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 21 Nov 2024 15:01:03 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/21xxx/CVE-2024-21786.json | 78 ++++++++++++++++++++++++++++++++-- 2024/21xxx/CVE-2024-21855.json | 78 ++++++++++++++++++++++++++++++++-- 2024/28xxx/CVE-2024-28025.json | 78 ++++++++++++++++++++++++++++++++-- 2024/28xxx/CVE-2024-28026.json | 78 ++++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9542.json | 76 +++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9600.json | 72 ++++++++++++++++++++++++++++--- 2024/9xxx/CVE-2024-9768.json | 72 ++++++++++++++++++++++++++++--- 2024/9xxx/CVE-2024-9828.json | 72 ++++++++++++++++++++++++++++--- 2024/9xxx/CVE-2024-9851.json | 76 +++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9972.json | 10 +++++ 10 files changed, 651 insertions(+), 39 deletions(-) diff --git a/2024/21xxx/CVE-2024-21786.json b/2024/21xxx/CVE-2024-21786.json index acc48e16bf6..a1dc4fd54c0 100644 --- a/2024/21xxx/CVE-2024-21786.json +++ b/2024/21xxx/CVE-2024-21786.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21786", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MC Technologies", + "product": { + "product_data": [ + { + "product_name": "MC LR Router", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.10.5 (QEMU)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1954", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1954" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Matt Wiseman of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2024/21xxx/CVE-2024-21855.json b/2024/21xxx/CVE-2024-21855.json index 706ea26bb6c..b2235ca4d8d 100644 --- a/2024/21xxx/CVE-2024-21855.json +++ b/2024/21xxx/CVE-2024-21855.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21855", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GoCast", + "product": { + "product_data": [ + { + "product_name": "GoCast", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1962", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1962" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Edwin Molenaar and Matt Street of Cisco Meraki." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/28xxx/CVE-2024-28025.json b/2024/28xxx/CVE-2024-28025.json index b55521d374f..f8df5f4617e 100644 --- a/2024/28xxx/CVE-2024-28025.json +++ b/2024/28xxx/CVE-2024-28025.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28025", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `btn1` parameter, at offset `0x8eb0`." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MC Technologies", + "product": { + "product_data": [ + { + "product_name": "MC LR Router", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.10.5 (QEMU)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Matt Wiseman of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2024/28xxx/CVE-2024-28026.json b/2024/28xxx/CVE-2024-28026.json index b5d6f4eab99..334b33cc968 100644 --- a/2024/28xxx/CVE-2024-28026.json +++ b/2024/28xxx/CVE-2024-28026.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28026", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `out1` parameter, at offset `0x8efc`.\r\n\r\n \r\n int out_ret = sscanf(current_param->key, \"out%u\", &io_idx);\r\n if (out_ret == 1 && io_idx == 1)\r\n {\r\n // [4] Similar to `3`, but `out1` instead of `btn1`\r\n if (asprintf(&command, \"/usr/sbin/vout %s %u vo_manual\", current_param->value, 1) > 0)\r\n {\r\n system(command);\r\n return -1;\r\n }\r\n }" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MC Technologies", + "product": { + "product_data": [ + { + "product_name": "MC LR Router", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.10.5 (QEMU)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Matt Wiseman of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2024/9xxx/CVE-2024-9542.json b/2024/9xxx/CVE-2024-9542.json index 0ec7c3b4d65..c7552ec0409 100644 --- a/2024/9xxx/CVE-2024-9542.json +++ b/2024/9xxx/CVE-2024-9542.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9542", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules/content-switcher/widgets/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "techfyd", + "product": { + "product_data": [ + { + "product_name": "Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a0d9356-8083-4154-aa04-9008627dd3f5?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a0d9356-8083-4154-aa04-9008627dd3f5?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3189030/sky-elementor-addons", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3189030/sky-elementor-addons" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Nir KUM" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/9xxx/CVE-2024-9600.json b/2024/9xxx/CVE-2024-9600.json index 7d53a3ef425..3226f31f8be 100644 --- a/2024/9xxx/CVE-2024-9600.json +++ b/2024/9xxx/CVE-2024-9600.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Ditty", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.1.47" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/d1c78389-29eb-4dce-848c-e0eab85ff5cd/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/d1c78389-29eb-4dce-848c-e0eab85ff5cd/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9768.json b/2024/9xxx/CVE-2024-9768.json index 47e4caac07f..cb6a697f400 100644 --- a/2024/9xxx/CVE-2024-9768.json +++ b/2024/9xxx/CVE-2024-9768.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9768", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Formidable Forms", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "6.14.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/3c4ff11b-4a06-433d-8f0e-4069865721c0/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/3c4ff11b-4a06-433d-8f0e-4069865721c0/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Krugov Artyom" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9828.json b/2024/9xxx/CVE-2024-9828.json index 95ba9500a92..c1d68d289cb 100644 --- a/2024/9xxx/CVE-2024-9828.json +++ b/2024/9xxx/CVE-2024-9828.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9828", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Taskbuilder", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/eb2d0932-fd47-4aef-9d08-4377c742bb6e/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/eb2d0932-fd47-4aef-9d08-4377c742bb6e/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Ryoma Yamada" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9851.json b/2024/9xxx/CVE-2024-9851.json index f905ef9814e..fc88083fcc2 100644 --- a/2024/9xxx/CVE-2024-9851.json +++ b/2024/9xxx/CVE-2024-9851.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The LSX Tour Operator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "feedmymedia", + "product": { + "product_data": [ + { + "product_name": "LSX Tour Operator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.4.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08ef71da-50f2-4f7e-8a23-23adbabee09d?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08ef71da-50f2-4f7e-8a23-23adbabee09d?source=cve" + }, + { + "url": "https://wordpress.org/plugins/tour-operator/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/tour-operator/#developers" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Francesco Carlucci" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/9xxx/CVE-2024-9972.json b/2024/9xxx/CVE-2024-9972.json index 28e2dd79dce..6ee94392e4e 100644 --- a/2024/9xxx/CVE-2024-9972.json +++ b/2024/9xxx/CVE-2024-9972.json @@ -63,6 +63,16 @@ "url": "https://www.twcert.org.tw/en/cp-139-8141-9b045-2.html", "refsource": "MISC", "name": "https://www.twcert.org.tw/en/cp-139-8141-9b045-2.html" + }, + { + "url": "https://www.chtsecurity.com/news/8585c924-4a27-4337-bb44-684adc206432", + "refsource": "MISC", + "name": "https://www.chtsecurity.com/news/8585c924-4a27-4337-bb44-684adc206432" + }, + { + "url": "https://www.chtsecurity.com/news/4552fc54-18af-4c18-972d-394a68e44a39", + "refsource": "MISC", + "name": "https://www.chtsecurity.com/news/4552fc54-18af-4c18-972d-394a68e44a39" } ] },