From a3ad5539eec976a008530557b924858b971b0bcf Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 10 Jun 2024 15:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/45xxx/CVE-2022-45168.json | 56 ++++++++++++++++++++--- 2022/45xxx/CVE-2022-45176.json | 56 ++++++++++++++++++++--- 2024/35xxx/CVE-2024-35304.json | 82 +++++++++++++++++++++++++++++++--- 2024/35xxx/CVE-2024-35305.json | 82 +++++++++++++++++++++++++++++++--- 2024/35xxx/CVE-2024-35306.json | 82 +++++++++++++++++++++++++++++++--- 2024/35xxx/CVE-2024-35307.json | 82 +++++++++++++++++++++++++++++++--- 2024/36xxx/CVE-2024-36531.json | 56 ++++++++++++++++++++--- 2024/36xxx/CVE-2024-36972.json | 81 +++++++++++++++++++++++++++++++-- 2024/4xxx/CVE-2024-4403.json | 77 +++++++++++++++++++++++++++++-- 2024/5xxx/CVE-2024-5794.json | 18 ++++++++ 10 files changed, 626 insertions(+), 46 deletions(-) create mode 100644 2024/5xxx/CVE-2024-5794.json diff --git a/2022/45xxx/CVE-2022-45168.json b/2022/45xxx/CVE-2022-45168.json index 6d3a7e11403..731369ae839 100644 --- a/2022/45xxx/CVE-2022-45168.json +++ b/2022/45xxx/CVE-2022-45168.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45168", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45168", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.gruppotim.it/it/footer/red-team.html", + "url": "https://www.gruppotim.it/it/footer/red-team.html" } ] } diff --git a/2022/45xxx/CVE-2022-45176.json b/2022/45xxx/CVE-2022-45176.json index 32b845b71bf..3d7d629d078 100644 --- a/2022/45xxx/CVE-2022-45176.json +++ b/2022/45xxx/CVE-2022-45176.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-45176", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-45176", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent in HTTP requests as input, before saving them on the server. In addition, crafted JavaScript content can then be reflected back to the end user and executed by the web browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.gruppotim.it/it/footer/red-team.html", + "url": "https://www.gruppotim.it/it/footer/red-team.html" } ] } diff --git a/2024/35xxx/CVE-2024-35304.json b/2024/35xxx/CVE-2024-35304.json index c572c2c06ea..46680c3ecba 100644 --- a/2024/35xxx/CVE-2024-35304.json +++ b/2024/35xxx/CVE-2024-35304.json @@ -1,18 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35304", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@pandorafms.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "System command injection through Netflow function\u00a0due to improper input validation, allowing attackers to execute arbitrary system commands.\u00a0This issue affects Pandora FMS: from 700 through <777." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pandora FMS", + "product": { + "product_data": [ + { + "product_name": "Pandora FMS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "700", + "version_value": "777" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", + "refsource": "MISC", + "name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Fixed v777" + } + ], + "value": "Fixed v777" + } + ], + "credits": [ + { + "lang": "en", + "value": "u32i@proton.me" + } + ] } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35305.json b/2024/35xxx/CVE-2024-35305.json index 5a427e4fab1..5ee260b3b18 100644 --- a/2024/35xxx/CVE-2024-35305.json +++ b/2024/35xxx/CVE-2024-35305.json @@ -1,18 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35305", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@pandorafms.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header.\u00a0This issue affects Pandora FMS: from 700 through <777." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pandora FMS", + "product": { + "product_data": [ + { + "product_name": "Pandora FMS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "700", + "version_value": "777" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", + "refsource": "MISC", + "name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Fixed in v777" + } + ], + "value": "Fixed in v777" + } + ], + "credits": [ + { + "lang": "en", + "value": "Aleksey Solovev (Positive Technologies)" + } + ] } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35306.json b/2024/35xxx/CVE-2024-35306.json index 7b241b5a9b1..dac822dcf67 100644 --- a/2024/35xxx/CVE-2024-35306.json +++ b/2024/35xxx/CVE-2024-35306.json @@ -1,18 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35306", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@pandorafms.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables.\u00a0This issue affects Pandora FMS: from 700 through <777." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pandora FMS", + "product": { + "product_data": [ + { + "product_name": "Pandora FMS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "700", + "version_value": "777" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", + "refsource": "MISC", + "name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Fixed v777" + } + ], + "value": "Fixed v777" + } + ], + "credits": [ + { + "lang": "en", + "value": "Aleksey Solovev (Positive Technologies)" + } + ] } \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35307.json b/2024/35xxx/CVE-2024-35307.json index 289cc5905d3..55bfcbd7e94 100644 --- a/2024/35xxx/CVE-2024-35307.json +++ b/2024/35xxx/CVE-2024-35307.json @@ -1,18 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-35307", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@pandorafms.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Argument Injection Leading to Remote Code Execution in Realtime Graph Extension,\u00a0allowing unauthenticated attackers to execute arbitrary code on the server.\u00a0This issue affects Pandora FMS: from 700 through <777." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", + "cweId": "CWE-88" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pandora FMS", + "product": { + "product_data": [ + { + "product_name": "Pandora FMS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "700", + "version_value": "777" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", + "refsource": "MISC", + "name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Fixed v777" + } + ], + "value": "Fixed v777" + } + ], + "credits": [ + { + "lang": "en", + "value": "u32i@proton.me" + } + ] } \ No newline at end of file diff --git a/2024/36xxx/CVE-2024-36531.json b/2024/36xxx/CVE-2024-36531.json index 1a96e116ecd..c3c0106b193 100644 --- a/2024/36xxx/CVE-2024-36531.json +++ b/2024/36xxx/CVE-2024-36531.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36531", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36531", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://mat4mee.notion.site/Module-upload-in-nukeViet-leads-to-RCE-01ff3ff4c80d402d8c7c8a2b15a24c33", + "url": "https://mat4mee.notion.site/Module-upload-in-nukeViet-leads-to-RCE-01ff3ff4c80d402d8c7c8a2b15a24c33" } ] } diff --git a/2024/36xxx/CVE-2024-36972.json b/2024/36xxx/CVE-2024-36972.json index c14b2df7295..e5bdd3d82c5 100644 --- a/2024/36xxx/CVE-2024-36972.json +++ b/2024/36xxx/CVE-2024-36972.json @@ -1,18 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-36972", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.\n\nBilly Jheng Bing-Jhong reported a race between __unix_gc() and\nqueue_oob().\n\n__unix_gc() tries to garbage-collect close()d inflight sockets,\nand then if the socket has MSG_OOB in unix_sk(sk)->oob_skb, GC\nwill drop the reference and set NULL to it locklessly.\n\nHowever, the peer socket still can send MSG_OOB message and\nqueue_oob() can update unix_sk(sk)->oob_skb concurrently, leading\nNULL pointer dereference. [0]\n\nTo fix the issue, let's update unix_sk(sk)->oob_skb under the\nsk_receive_queue's lock and take it everywhere we touch oob_skb.\n\nNote that we defer kfree_skb() in manage_oob() to silence lockdep\nfalse-positive (See [1]).\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 8000000009f5e067 P4D 8000000009f5e067 PUD 9f5d067 PMD 0\nOops: 0002 [#1] PREEMPT SMP PTI\nCPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc5-00191-gd091e579b864 #110\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: events delayed_fput\nRIP: 0010:skb_dequeue (./include/linux/skbuff.h:2386 ./include/linux/skbuff.h:2402 net/core/skbuff.c:3847)\nCode: 39 e3 74 3e 8b 43 10 48 89 ef 83 e8 01 89 43 10 49 8b 44 24 08 49 c7 44 24 08 00 00 00 00 49 8b 14 24 49 c7 04 24 00 00 00 00 <48> 89 42 08 48 89 10 e8 e7 c5 42 00 4c 89 e0 5b 5d 41 5c c3 cc cc\nRSP: 0018:ffffc900001bfd48 EFLAGS: 00000002\nRAX: 0000000000000000 RBX: ffff8880088f5ae8 RCX: 00000000361289f9\nRDX: 0000000000000000 RSI: 0000000000000206 RDI: ffff8880088f5b00\nRBP: ffff8880088f5b00 R08: 0000000000080000 R09: 0000000000000001\nR10: 0000000000000003 R11: 0000000000000001 R12: ffff8880056b6a00\nR13: ffff8880088f5280 R14: 0000000000000001 R15: ffff8880088f5a80\nFS: 0000000000000000(0000) GS:ffff88807dd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000006314000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \n unix_release_sock (net/unix/af_unix.c:654)\n unix_release (net/unix/af_unix.c:1050)\n __sock_release (net/socket.c:660)\n sock_close (net/socket.c:1423)\n __fput (fs/file_table.c:423)\n delayed_fput (fs/file_table.c:444 (discriminator 3))\n process_one_work (kernel/workqueue.c:3259)\n worker_thread (kernel/workqueue.c:3329 kernel/workqueue.c:3416)\n kthread (kernel/kthread.c:388)\n ret_from_fork (arch/x86/kernel/process.c:153)\n ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\n \nModules linked in:\nCR2: 0000000000000008" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1279f9d9dec2", + "version_value": "9841991a446c" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.8", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.8", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.10-rc1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/9841991a446c87f90f66f4b9fee6fe934c1336a2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9841991a446c87f90f66f4b9fee6fe934c1336a2" + } + ] + }, + "generator": { + "engine": "bippy-a5840b7849dd" } } \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4403.json b/2024/4xxx/CVE-2024-4403.json index 52f6f333ba3..097324c9450 100644 --- a/2024/4xxx/CVE-2024-4403.json +++ b/2024/4xxx/CVE-2024-4403.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4403", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@huntr.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "parisneo", + "product": { + "product_data": [ + { + "product_name": "parisneo/lollms-webui", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "latest" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.com/bounties/c9dd6d2f-d83a-488b-9443-d4200c010851", + "refsource": "MISC", + "name": "https://huntr.com/bounties/c9dd6d2f-d83a-488b-9443-d4200c010851" + } + ] + }, + "source": { + "advisory": "c9dd6d2f-d83a-488b-9443-d4200c010851", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/5xxx/CVE-2024-5794.json b/2024/5xxx/CVE-2024-5794.json new file mode 100644 index 00000000000..76730465e64 --- /dev/null +++ b/2024/5xxx/CVE-2024-5794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file