diff --git a/2023/38xxx/CVE-2023-38562.json b/2023/38xxx/CVE-2023-38562.json index d8d5ca539a1..3746c302b69 100644 --- a/2023/38xxx/CVE-2023-38562.json +++ b/2023/38xxx/CVE-2023-38562.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38562", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-415: Double Free", + "cweId": "CWE-415" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Weston Embedded", + "product": { + "product_data": [ + { + "product_name": "uC-TCP-IP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v3.06.01" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Kelly Patterson of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.7, + "baseSeverity": "HIGH" } ] } diff --git a/2023/39xxx/CVE-2023-39540.json b/2023/39xxx/CVE-2023-39540.json index eb51a18e1a4..833c60b5be3 100644 --- a/2023/39xxx/CVE-2023-39540.json +++ b/2023/39xxx/CVE-2023-39540.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39540", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv4 ICMP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-126: Buffer Over-read", + "cweId": "CWE-126" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Silicon Labs", + "product": { + "product_data": [ + { + "product_name": "Gecko Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.3.1.0" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Weston Embedded", + "product": { + "product_data": [ + { + "product_name": "uC-TCP-IP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v3.06.01" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1828", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1828" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Francesco Benvenuto and Kelly Patterson of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/39xxx/CVE-2023-39541.json b/2023/39xxx/CVE-2023-39541.json index bad83fc5ab0..c8ac82b10a6 100644 --- a/2023/39xxx/CVE-2023-39541.json +++ b/2023/39xxx/CVE-2023-39541.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv6 ICMPv6 packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-126: Buffer Over-read", + "cweId": "CWE-126" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Silicon Labs", + "product": { + "product_data": [ + { + "product_name": "Gecko Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.3.1.0" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Weston Embedded", + "product": { + "product_data": [ + { + "product_name": "uC-TCP-IP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v3.06.01" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1828", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1828" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Francesco Benvenuto and Kelly Patterson of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/45xxx/CVE-2023-45318.json b/2023/45xxx/CVE-2023-45318.json index e3396f52cef..fb857218860 100644 --- a/2023/45xxx/CVE-2023-45318.json +++ b/2023/45xxx/CVE-2023-45318.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45318", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Silicon Labs", + "product": { + "product_data": [ + { + "product_name": "Gecko Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Silicon Labs Gecko Platform 4.3.2.0" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Weston Embedded", + "product": { + "product_data": [ + { + "product_name": "uC-HTTP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "git commit 80d4004" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1843", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1843" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Kelly Patterson of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/6xxx/CVE-2023-6356.json b/2023/6xxx/CVE-2023-6356.json index 173726278b2..2371dcb8207 100644 --- a/2023/6xxx/CVE-2023-6356.json +++ b/2023/6xxx/CVE-2023-6356.json @@ -55,6 +55,41 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-513.18.1.rt7.320.el8_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-513.18.1.el8_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "version": { @@ -164,19 +199,6 @@ ] } }, - { - "product_name": "Red Hat Enterprise Linux 8", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -239,6 +261,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0725" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0881", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0881" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0897", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0897" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6356", "refsource": "MISC", diff --git a/2023/6xxx/CVE-2023-6535.json b/2023/6xxx/CVE-2023-6535.json index 0c7230d1981..bd8700f3417 100644 --- a/2023/6xxx/CVE-2023-6535.json +++ b/2023/6xxx/CVE-2023-6535.json @@ -55,6 +55,41 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-513.18.1.rt7.320.el8_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-513.18.1.el8_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "version": { @@ -164,19 +199,6 @@ ] } }, - { - "product_name": "Red Hat Enterprise Linux 8", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -239,6 +261,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0725" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0881", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0881" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0897", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0897" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6535", "refsource": "MISC", diff --git a/2023/6xxx/CVE-2023-6536.json b/2023/6xxx/CVE-2023-6536.json index bdc6ab2fb1e..8c297bb810b 100644 --- a/2023/6xxx/CVE-2023-6536.json +++ b/2023/6xxx/CVE-2023-6536.json @@ -55,6 +55,41 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-513.18.1.rt7.320.el8_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-513.18.1.el8_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "version": { @@ -164,19 +199,6 @@ ] } }, - { - "product_name": "Red Hat Enterprise Linux 8", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -239,6 +261,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0725" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0881", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0881" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0897", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0897" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6536", "refsource": "MISC", diff --git a/2023/6xxx/CVE-2023-6606.json b/2023/6xxx/CVE-2023-6606.json index 7180315436d..3cbb8ecce76 100644 --- a/2023/6xxx/CVE-2023-6606.json +++ b/2023/6xxx/CVE-2023-6606.json @@ -55,6 +55,41 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-513.18.1.rt7.320.el8_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-513.18.1.el8_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "version": { @@ -122,25 +157,6 @@ ] } }, - { - "product_name": "Red Hat Enterprise Linux 8", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -198,6 +214,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0725" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0881", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0881" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0897", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0897" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6606", "refsource": "MISC", diff --git a/2023/6xxx/CVE-2023-6610.json b/2023/6xxx/CVE-2023-6610.json index 9f66cc76a6c..46cbbbf8623 100644 --- a/2023/6xxx/CVE-2023-6610.json +++ b/2023/6xxx/CVE-2023-6610.json @@ -55,6 +55,41 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-513.18.1.rt7.320.el8_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-513.18.1.el8_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "version": { @@ -164,19 +199,6 @@ ] } }, - { - "product_name": "Red Hat Enterprise Linux 8", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -239,6 +261,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0725" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0881", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0881" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0897", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0897" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6610", "refsource": "MISC", diff --git a/2024/0xxx/CVE-2024-0646.json b/2024/0xxx/CVE-2024-0646.json index cd4ac40ee63..5666c76b9c4 100644 --- a/2024/0xxx/CVE-2024-0646.json +++ b/2024/0xxx/CVE-2024-0646.json @@ -69,6 +69,20 @@ "product_name": "Red Hat Enterprise Linux 8", "version": { "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-513.18.1.rt7.320.el8_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, { "version_value": "not down converted", "x_cve_json_5_version_data": { @@ -78,6 +92,14 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.18.0-513.18.1.el8_9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } @@ -282,6 +304,16 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0876" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0881", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0881" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0897", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0897" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0646", "refsource": "MISC", diff --git a/2024/1xxx/CVE-2024-1155.json b/2024/1xxx/CVE-2024-1155.json index 8fbceb59197..86c4b96c7c5 100644 --- a/2024/1xxx/CVE-2024-1155.json +++ b/2024/1xxx/CVE-2024-1155.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1155", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@ni.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. \n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276 Incorrect Default Permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NI", + "product": { + "product_data": [ + { + "product_name": "SystemLink Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2023 Q3" + } + ] + } + }, + { + "product_name": "FlexLogger", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2022 Q3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html", + "refsource": "MISC", + "name": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1156.json b/2024/1xxx/CVE-2024-1156.json index 661e920a41d..c05fc975e66 100644 --- a/2024/1xxx/CVE-2024-1156.json +++ b/2024/1xxx/CVE-2024-1156.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1156", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@ni.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276 Incorrect Default Permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NI", + "product": { + "product_data": [ + { + "product_name": "SystemLink Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2023 Q3" + } + ] + } + }, + { + "product_name": "FlexLogger", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2022 Q3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html", + "refsource": "MISC", + "name": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1663.json b/2024/1xxx/CVE-2024-1663.json new file mode 100644 index 00000000000..e524b976fdb --- /dev/null +++ b/2024/1xxx/CVE-2024-1663.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1663", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1664.json b/2024/1xxx/CVE-2024-1664.json new file mode 100644 index 00000000000..758ef6935ba --- /dev/null +++ b/2024/1xxx/CVE-2024-1664.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1664", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1665.json b/2024/1xxx/CVE-2024-1665.json new file mode 100644 index 00000000000..71950b2985b --- /dev/null +++ b/2024/1xxx/CVE-2024-1665.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1665", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1666.json b/2024/1xxx/CVE-2024-1666.json new file mode 100644 index 00000000000..9910effbb36 --- /dev/null +++ b/2024/1xxx/CVE-2024-1666.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1666", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/22xxx/CVE-2024-22369.json b/2024/22xxx/CVE-2024-22369.json index 6fa66ad0388..a7d2d691235 100644 --- a/2024/22xxx/CVE-2024-22369.json +++ b/2024/22xxx/CVE-2024-22369.json @@ -1,18 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22369", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.\n\nUsers are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1\n\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Camel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.0.0", + "version_value": "3.21.4" + }, + { + "version_affected": "<", + "version_name": "3.22.0", + "version_value": "3.22.1" + }, + { + "version_affected": "<", + "version_name": "4.0.0", + "version_value": "4.0.4" + }, + { + "version_affected": "<", + "version_name": "4.1.0", + "version_value": "4.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "https://camel.apache.org/security/CVE-2024-22369.html", + "defect": [ + "CAMEL-20303" + ], + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Ziyang Chen from HuaWei Open Source Management Center" + }, + { + "lang": "en", + "value": "Pingtao Wei from HuaWei Open Source Management Center" + }, + { + "lang": "en", + "value": "Haoran Zhi from HuaWei Open Source Management Center" + } + ] } \ No newline at end of file diff --git a/2024/22xxx/CVE-2024-22824.json b/2024/22xxx/CVE-2024-22824.json index f796fbcf7f5..ae893cdf84c 100644 --- a/2024/22xxx/CVE-2024-22824.json +++ b/2024/22xxx/CVE-2024-22824.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-22824", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-22824", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/auntvt/Timo/issues/6", + "refsource": "MISC", + "name": "https://github.com/auntvt/Timo/issues/6" } ] } diff --git a/2024/23xxx/CVE-2024-23114.json b/2024/23xxx/CVE-2024-23114.json index b7a427906b3..53c82c40cb2 100644 --- a/2024/23xxx/CVE-2024-23114.json +++ b/2024/23xxx/CVE-2024-23114.json @@ -1,18 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23114", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.\n\nUsers are recommended to upgrade to version 4.4.0, which fixes the issue.\u00a0If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1\n\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Camel", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.0.0", + "version_value": "3.21.4" + }, + { + "version_affected": "<", + "version_name": "3.22.0", + "version_value": "3.22.1" + }, + { + "version_affected": "<", + "version_name": "4.0.0", + "version_value": "4.0.4" + }, + { + "version_affected": "<", + "version_name": "4.1.0", + "version_value": "4.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://camel.apache.org/security/CVE-2024-23114.html", + "refsource": "MISC", + "name": "https://camel.apache.org/security/CVE-2024-23114.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "CAMEL-20306" + ], + "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Federico Mariani From Apache Software Foundation" + }, + { + "lang": "en", + "value": "Andrea Cosentino from Apache Software Foundation" + } + ] } \ No newline at end of file