diff --git a/2023/6xxx/CVE-2023-6597.json b/2023/6xxx/CVE-2023-6597.json index e0f22e72f9e..48dec549819 100644 --- a/2023/6xxx/CVE-2023-6597.json +++ b/2023/6xxx/CVE-2023-6597.json @@ -39,29 +39,34 @@ "version": { "version_data": [ { - "version_affected": "<=", + "version_affected": "<", + "version_name": "0", + "version_value": "3.8.19" + }, + { + "version_affected": "<", + "version_name": "3.9.0", + "version_value": "3.9.19" + }, + { + "version_affected": "<", + "version_name": "3.10.0", + "version_value": "3.10.14" + }, + { + "version_affected": "<", + "version_name": "3.11.0", + "version_value": "3.11.8" + }, + { + "version_affected": "<", "version_name": "3.12.0", "version_value": "3.12.1" }, { - "version_affected": "<=", - "version_name": "3.11.0", - "version_value": "3.11.7" - }, - { - "version_affected": "<=", - "version_name": "3.10.0", - "version_value": "3.10.13" - }, - { - "version_affected": "<=", - "version_name": "3.9.0", - "version_value": "3.9.18" - }, - { - "version_affected": "<=", - "version_name": "0", - "version_value": "3.8.18" + "version_affected": "<", + "version_name": "3.13.0a1", + "version_value": "3.13.0a3" } ] } diff --git a/2024/0xxx/CVE-2024-0450.json b/2024/0xxx/CVE-2024-0450.json index bfd1a33b7b3..69bb48f1826 100644 --- a/2024/0xxx/CVE-2024-0450.json +++ b/2024/0xxx/CVE-2024-0450.json @@ -40,29 +40,34 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "3.12.0", - "version_value": "3.12.1" - }, - { - "version_affected": "<=", - "version_name": "3.11.0", - "version_value": "3.11.7" - }, - { - "version_affected": "<=", - "version_name": "3.10.0", - "version_value": "3.10.13" - }, - { - "version_affected": "<=", - "version_name": "3.9.0", - "version_value": "3.9.18" - }, - { - "version_affected": "<=", + "version_affected": "<", "version_name": "0", - "version_value": "3.8.18" + "version_value": "3.8.19" + }, + { + "version_affected": "<", + "version_name": "3.9.0", + "version_value": "3.9.19" + }, + { + "version_affected": "<", + "version_name": "3.10.0", + "version_value": "3.10.14" + }, + { + "version_affected": "<", + "version_name": "3.11.0", + "version_value": "3.11.8" + }, + { + "version_affected": "<", + "version_name": "3.12.0", + "version_value": "3.12.2" + }, + { + "version_affected": "<", + "version_name": "3.13.0a1", + "version_value": "3.13.0a3" } ] } diff --git a/2024/30xxx/CVE-2024-30057.json b/2024/30xxx/CVE-2024-30057.json index 5f3b8ee1bf8..842e991ce10 100644 --- a/2024/30xxx/CVE-2024-30057.json +++ b/2024/30xxx/CVE-2024-30057.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30057", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Edge for iOS Spoofing Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge for iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0.0", + "version_value": "126.0.2592.56" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30057", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30057" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2024/30xxx/CVE-2024-30058.json b/2024/30xxx/CVE-2024-30058.json index 389c8b89b9a..712c875bacb 100644 --- a/2024/30xxx/CVE-2024-30058.json +++ b/2024/30xxx/CVE-2024-30058.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30058", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge (Chromium-based)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "126.0.2592.56" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30058", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30058" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2024/36xxx/CVE-2024-36586.json b/2024/36xxx/CVE-2024-36586.json index 5a43393b203..b6ec2289b61 100644 --- a/2024/36xxx/CVE-2024-36586.json +++ b/2024/36xxx/CVE-2024-36586.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36586", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36586", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36586.md", + "url": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36586.md" } ] } diff --git a/2024/36xxx/CVE-2024-36587.json b/2024/36xxx/CVE-2024-36587.json index 560d0098a8e..130d6609a91 100644 --- a/2024/36xxx/CVE-2024-36587.json +++ b/2024/36xxx/CVE-2024-36587.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36587", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36587", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36587.md", + "url": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36587.md" } ] } diff --git a/2024/36xxx/CVE-2024-36588.json b/2024/36xxx/CVE-2024-36588.json index 65c37ecc2e6..4719b2befa0 100644 --- a/2024/36xxx/CVE-2024-36588.json +++ b/2024/36xxx/CVE-2024-36588.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36588", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36588", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36588.md", + "url": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36588.md" } ] } diff --git a/2024/36xxx/CVE-2024-36589.json b/2024/36xxx/CVE-2024-36589.json index 67e32342b84..13157f45543 100644 --- a/2024/36xxx/CVE-2024-36589.json +++ b/2024/36xxx/CVE-2024-36589.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-36589", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-36589", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and DecentralizeJustice/anonBackend commit 57837 to cd815 was discovered to store credentials in plaintext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36589.md", + "url": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36589.md" } ] } diff --git a/2024/38xxx/CVE-2024-38083.json b/2024/38xxx/CVE-2024-38083.json index 67f299a73ea..1c41f6e2faf 100644 --- a/2024/38xxx/CVE-2024-38083.json +++ b/2024/38xxx/CVE-2024-38083.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38083", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge for iOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0.0", + "version_value": "126.0.2592.56" + } + ] + } + }, + { + "product_name": "Microsoft Edge for Android", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "126.0.2592.56" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2024/4xxx/CVE-2024-4030.json b/2024/4xxx/CVE-2024-4030.json index 3888b821bc1..4af55fabd80 100644 --- a/2024/4xxx/CVE-2024-4030.json +++ b/2024/4xxx/CVE-2024-4030.json @@ -79,6 +79,56 @@ "url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d", "refsource": "MISC", "name": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d" + }, + { + "url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a" + }, + { + "url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd" + }, + { + "url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee" + }, + { + "url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e" + }, + { + "url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee" + }, + { + "url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca" + }, + { + "url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d" + }, + { + "url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84" + }, + { + "url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763" + }, + { + "url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46", + "refsource": "MISC", + "name": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46" } ] }, diff --git a/2024/5xxx/CVE-2024-5924.json b/2024/5xxx/CVE-2024-5924.json index bf27e58b542..ba507ccd8d2 100644 --- a/2024/5xxx/CVE-2024-5924.json +++ b/2024/5xxx/CVE-2024-5924.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5924", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of shared folders. When syncing files from a shared folder belonging to an untrusted account, the Dropbox desktop application does not apply the Mark-of-the-Web to the local files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23991." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693: Protection Mechanism Failure", + "cweId": "CWE-693" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dropbox", + "product": { + "product_data": [ + { + "product_name": "Dropbox Desktop", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "198.4.7615" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-677/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-677/" + } + ] + }, + "source": { + "lang": "en", + "value": "Peter Girnus (@gothburz)" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/5xxx/CVE-2024-5947.json b/2024/5xxx/CVE-2024-5947.json index 9cdd836ba65..1986f5397c2 100644 --- a/2024/5xxx/CVE-2024-5947.json +++ b/2024/5xxx/CVE-2024-5947.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5947", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Deep Sea Electronics", + "product": { + "product_data": [ + { + "product_name": "DSE855", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-671/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-671/" + } + ] + }, + "source": { + "lang": "en", + "value": "Gjoko Krstic, Zero Science Lab" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/5xxx/CVE-2024-5948.json b/2024/5xxx/CVE-2024-5948.json index 9309db6e16e..555f9ab752e 100644 --- a/2024/5xxx/CVE-2024-5948.json +++ b/2024/5xxx/CVE-2024-5948.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5948", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of multipart boundaries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23170." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Deep Sea Electronics", + "product": { + "product_data": [ + { + "product_name": "DSE855", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-672/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-672/" + } + ] + }, + "source": { + "lang": "en", + "value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/5xxx/CVE-2024-5949.json b/2024/5xxx/CVE-2024-5949.json index 6f2428e6841..e8121518139 100644 --- a/2024/5xxx/CVE-2024-5949.json +++ b/2024/5xxx/CVE-2024-5949.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5949", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of multipart boundaries. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23171." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", + "cweId": "CWE-835" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Deep Sea Electronics", + "product": { + "product_data": [ + { + "product_name": "DSE855", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-673/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-673/" + } + ] + }, + "source": { + "lang": "en", + "value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/5xxx/CVE-2024-5950.json b/2024/5xxx/CVE-2024-5950.json index 8f82c05adcb..8497707c564 100644 --- a/2024/5xxx/CVE-2024-5950.json +++ b/2024/5xxx/CVE-2024-5950.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5950", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of multipart form variables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23172." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Deep Sea Electronics", + "product": { + "product_data": [ + { + "product_name": "DSE855", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-674/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-674/" + } + ] + }, + "source": { + "lang": "en", + "value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/5xxx/CVE-2024-5951.json b/2024/5xxx/CVE-2024-5951.json index e41323b0a2f..d007a55353d 100644 --- a/2024/5xxx/CVE-2024-5951.json +++ b/2024/5xxx/CVE-2024-5951.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5951", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23173." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Deep Sea Electronics", + "product": { + "product_data": [ + { + "product_name": "DSE855", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-675/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-675/" + } + ] + }, + "source": { + "lang": "en", + "value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH" } ] } diff --git a/2024/5xxx/CVE-2024-5952.json b/2024/5xxx/CVE-2024-5952.json index 824c76e061e..eb9d819c3e0 100644 --- a/2024/5xxx/CVE-2024-5952.json +++ b/2024/5xxx/CVE-2024-5952.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5952", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23174." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Deep Sea Electronics", + "product": { + "product_data": [ + { + "product_name": "DSE855", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-676/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-24-676/" + } + ] + }, + "source": { + "lang": "en", + "value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/5xxx/CVE-2024-5987.json b/2024/5xxx/CVE-2024-5987.json new file mode 100644 index 00000000000..933e1907fa9 --- /dev/null +++ b/2024/5xxx/CVE-2024-5987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file