From a454f3f66b4fc76238cf58d77e11c1669638317e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 30 Apr 2024 17:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/1xxx/CVE-2024-1394.json | 46 +++++++++--------- 2024/23xxx/CVE-2024-23463.json | 85 ++++++++++++++++++++++++++++++++-- 2024/4xxx/CVE-2024-4353.json | 18 +++++++ 3 files changed, 122 insertions(+), 27 deletions(-) create mode 100644 2024/4xxx/CVE-2024-4353.json diff --git a/2024/1xxx/CVE-2024-1394.json b/2024/1xxx/CVE-2024-1394.json index dea47f72c4a..90a9cbeb333 100644 --- a/2024/1xxx/CVE-2024-1394.json +++ b/2024/1xxx/CVE-2024-1394.json @@ -475,7 +475,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el9", + "version": "0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -489,7 +489,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "3:4.2.0-7.2.rhaos4.12.el9", + "version": "3:4.4.1-2.1.rhaos4.12.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -580,7 +580,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.26.0-4.1.el8", + "version": "0:1.26.0-4.2.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -608,7 +608,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el8", + "version": "0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -622,7 +622,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "3:4.4.1-6.2.rhaos4.13.el9", + "version": "3:4.4.1-5.2.rhaos4.13.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -650,7 +650,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "2:1.11.2-2.2.rhaos4.13.el8", + "version": "2:1.11.2-2.2.rhaos4.13.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -699,7 +699,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el9", + "version": "0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -741,7 +741,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el8", + "version": "0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -755,7 +755,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el8", + "version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -783,7 +783,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "2:1.11.2-10.3.rhaos4.14.el8", + "version": "2:1.11.2-10.3.rhaos4.14.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -797,7 +797,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "1:1.29.1-10.4.rhaos4.14.el9", + "version": "1:1.29.1-10.4.rhaos4.14.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -825,7 +825,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "3:2.1.7-3.4.rhaos4.14.el8", + "version": "3:2.1.7-3.4.rhaos4.14.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -853,7 +853,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el9", + "version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -923,7 +923,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el9", + "version": "0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -937,7 +937,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8", + "version": "0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -993,7 +993,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "3:4.4.1-11.4.rhaos4.14.el8", + "version": "3:4.4.1-11.4.rhaos4.14.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1007,7 +1007,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "4:1.1.12-1.2.rhaos4.14.el9", + "version": "4:1.1.12-1.2.rhaos4.14.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1021,7 +1021,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "2:1.11.2-10.4.rhaos4.14.el9", + "version": "2:1.11.2-10.4.rhaos4.14.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1098,7 +1098,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.28.4-8.rhaos4.15.git24f50b9.el8", + "version": "0:1.28.4-8.rhaos4.15.git24f50b9.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1112,7 +1112,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.28.0-3.1.el8", + "version": "0:1.28.0-3.1.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1140,7 +1140,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el8", + "version": "0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1168,7 +1168,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "3:4.4.1-21.1.rhaos4.15.el9", + "version": "3:4.4.1-21.1.rhaos4.15.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1182,7 +1182,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "4:1.1.12-1.1.rhaos4.15.el8", + "version": "4:1.1.12-1.1.rhaos4.15.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" diff --git a/2024/23xxx/CVE-2024-23463.json b/2024/23xxx/CVE-2024-23463.json index 276b9b22073..50ca0de7397 100644 --- a/2024/23xxx/CVE-2024-23463.json +++ b/2024/23xxx/CVE-2024-23463.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23463", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@zscaler.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to 4.2.1\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", + "cweId": "CWE-367" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zscaler", + "product": { + "product_data": [ + { + "product_name": "Client Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023", + "refsource": "MISC", + "name": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Randstad N.V. Red Team" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/4xxx/CVE-2024-4353.json b/2024/4xxx/CVE-2024-4353.json new file mode 100644 index 00000000000..06336f7c39f --- /dev/null +++ b/2024/4xxx/CVE-2024-4353.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4353", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file