admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-02-20 15:00:32 +00:00
parent 6ac15c1de7
commit c44d90435c
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
19 changed files with 1080 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
2023/38xxx/CVE-2023-38562.json
View File

@ -1,17 +1,87 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-38562", "ID": "CVE-2023-38562",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "talos-cna@cisco.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415: Double Free",
"cweId": "CWE-415"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Weston Embedded",
"product": {
"product_data": [
{
"product_name": "uC-TCP-IP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v3.06.01"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1829"
}
]
},
"credits": [
{
"lang": "en",
"value": "Discovered by Kelly Patterson of Cisco Talos."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH"
} }
] ]
} }

96
2023/39xxx/CVE-2023-39540.json
View File

@ -1,17 +1,105 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-39540", "ID": "CVE-2023-39540",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "talos-cna@cisco.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv4 ICMP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read",
"cweId": "CWE-126"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Silicon Labs",
"product": {
"product_data": [
{
"product_name": "Gecko Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.3.1.0"
}
]
}
}
]
}
},
{
"vendor_name": "Weston Embedded",
"product": {
"product_data": [
{
"product_name": "uC-TCP-IP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v3.06.01"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1828",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1828"
}
]
},
"credits": [
{
"lang": "en",
"value": "Discovered by Francesco Benvenuto and Kelly Patterson of Cisco Talos."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
} }
] ]
} }

96
2023/39xxx/CVE-2023-39541.json
View File

@ -1,17 +1,105 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-39541", "ID": "CVE-2023-39541",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "talos-cna@cisco.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A denial of service vulnerability exists in the ICMP and ICMPv6 parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted network packet can lead to an out-of-bounds read. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability concerns a denial of service within the parsing an IPv6 ICMPv6 packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read",
"cweId": "CWE-126"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Silicon Labs",
"product": {
"product_data": [
{
"product_name": "Gecko Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.3.1.0"
}
]
}
}
]
}
},
{
"vendor_name": "Weston Embedded",
"product": {
"product_data": [
{
"product_name": "uC-TCP-IP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v3.06.01"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1828",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1828"
}
]
},
"credits": [
{
"lang": "en",
"value": "Discovered by Francesco Benvenuto and Kelly Patterson of Cisco Talos."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
} }
] ]
} }

96
2023/45xxx/CVE-2023-45318.json
View File

@ -1,17 +1,105 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-45318", "ID": "CVE-2023-45318",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "talos-cna@cisco.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Silicon Labs",
"product": {
"product_data": [
{
"product_name": "Gecko Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Silicon Labs Gecko Platform 4.3.2.0"
}
]
}
}
]
}
},
{
"vendor_name": "Weston Embedded",
"product": {
"product_data": [
{
"product_name": "uC-HTTP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "git commit 80d4004"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1843",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1843"
}
]
},
"credits": [
{
"lang": "en",
"value": "Discovered by Kelly Patterson of Cisco Talos."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL"
} }
] ]
} }

58
2023/6xxx/CVE-2023-6356.json
View File

@ -55,6 +55,41 @@
"vendor_name": "Red Hat", "vendor_name": "Red Hat",
"product": { "product": {
"product_data": [ "product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-513.18.1.rt7.320.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-513.18.1.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"version": { "version": {
@ -164,19 +199,6 @@
] ]
} }
}, },
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat Enterprise Linux 9", "product_name": "Red Hat Enterprise Linux 9",
"version": { "version": {
@ -239,6 +261,16 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0725" "name": "https://access.redhat.com/errata/RHSA-2024:0725"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2024:0881",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0897",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2023-6356", "url": "https://access.redhat.com/security/cve/CVE-2023-6356",
"refsource": "MISC", "refsource": "MISC",

58
2023/6xxx/CVE-2023-6535.json
View File

@ -55,6 +55,41 @@
"vendor_name": "Red Hat", "vendor_name": "Red Hat",
"product": { "product": {
"product_data": [ "product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-513.18.1.rt7.320.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-513.18.1.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"version": { "version": {
@ -164,19 +199,6 @@
] ]
} }
}, },
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat Enterprise Linux 9", "product_name": "Red Hat Enterprise Linux 9",
"version": { "version": {
@ -239,6 +261,16 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0725" "name": "https://access.redhat.com/errata/RHSA-2024:0725"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2024:0881",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0897",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2023-6535", "url": "https://access.redhat.com/security/cve/CVE-2023-6535",
"refsource": "MISC", "refsource": "MISC",

58
2023/6xxx/CVE-2023-6536.json
View File

@ -55,6 +55,41 @@
"vendor_name": "Red Hat", "vendor_name": "Red Hat",
"product": { "product": {
"product_data": [ "product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-513.18.1.rt7.320.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-513.18.1.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"version": { "version": {
@ -164,19 +199,6 @@
] ]
} }
}, },
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat Enterprise Linux 9", "product_name": "Red Hat Enterprise Linux 9",
"version": { "version": {
@ -239,6 +261,16 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0725" "name": "https://access.redhat.com/errata/RHSA-2024:0725"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2024:0881",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0897",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2023-6536", "url": "https://access.redhat.com/security/cve/CVE-2023-6536",
"refsource": "MISC", "refsource": "MISC",

64
2023/6xxx/CVE-2023-6606.json
View File

@ -55,6 +55,41 @@
"vendor_name": "Red Hat", "vendor_name": "Red Hat",
"product": { "product": {
"product_data": [ "product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-513.18.1.rt7.320.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-513.18.1.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"version": { "version": {
@ -122,25 +157,6 @@
] ]
} }
}, },
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat Enterprise Linux 9", "product_name": "Red Hat Enterprise Linux 9",
"version": { "version": {
@ -198,6 +214,16 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0725" "name": "https://access.redhat.com/errata/RHSA-2024:0725"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2024:0881",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0897",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2023-6606", "url": "https://access.redhat.com/security/cve/CVE-2023-6606",
"refsource": "MISC", "refsource": "MISC",

58
2023/6xxx/CVE-2023-6610.json
View File

@ -55,6 +55,41 @@
"vendor_name": "Red Hat", "vendor_name": "Red Hat",
"product": { "product": {
"product_data": [ "product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-513.18.1.rt7.320.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-513.18.1.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"version": { "version": {
@ -164,19 +199,6 @@
] ]
} }
}, },
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat Enterprise Linux 9", "product_name": "Red Hat Enterprise Linux 9",
"version": { "version": {
@ -239,6 +261,16 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0725" "name": "https://access.redhat.com/errata/RHSA-2024:0725"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2024:0881",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0897",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2023-6610", "url": "https://access.redhat.com/security/cve/CVE-2023-6610",
"refsource": "MISC", "refsource": "MISC",

32
2024/0xxx/CVE-2024-0646.json
View File

@ -69,6 +69,20 @@
"product_name": "Red Hat Enterprise Linux 8", "product_name": "Red Hat Enterprise Linux 8",
"version": { "version": {
"version_data": [ "version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-513.18.1.rt7.320.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{ {
"version_value": "not down converted", "version_value": "not down converted",
"x_cve_json_5_version_data": { "x_cve_json_5_version_data": {
@ -78,6 +92,14 @@
{ {
"version_value": "not down converted", "version_value": "not down converted",
"x_cve_json_5_version_data": { "x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-513.18.1.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected" "defaultStatus": "affected"
} }
} }
@ -282,6 +304,16 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0876" "name": "https://access.redhat.com/errata/RHSA-2024:0876"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2024:0881",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0897",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2024-0646", "url": "https://access.redhat.com/security/cve/CVE-2024-0646",
"refsource": "MISC", "refsource": "MISC",

91
2024/1xxx/CVE-2024-1155.json
View File

@ -1,17 +1,100 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-1155", "ID": "CVE-2024-1155",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@ni.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. \n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NI",
"product": {
"product_data": [
{
"product_name": "SystemLink Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2023 Q3"
}
]
}
},
{
"product_name": "FlexLogger",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2022 Q3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html",
"refsource": "MISC",
"name": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

91
2024/1xxx/CVE-2024-1156.json
View File

@ -1,17 +1,100 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-1156", "ID": "CVE-2024-1156",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@ni.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NI",
"product": {
"product_data": [
{
"product_name": "SystemLink Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2023 Q3"
}
]
}
},
{
"product_name": "FlexLogger",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2022 Q3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html",
"refsource": "MISC",
"name": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

18
2024/1xxx/CVE-2024-1663.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/1xxx/CVE-2024-1664.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1664",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/1xxx/CVE-2024-1665.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1665",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/1xxx/CVE-2024-1666.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1666",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

96
2024/22xxx/CVE-2024-22369.json
View File

@ -1,18 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-22369", "ID": "CVE-2024-22369",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@apache.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.\n\nUsers are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1\n\n"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Camel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.21.4"
},
{
"version_affected": "<",
"version_name": "3.22.0",
"version_value": "3.22.1"
},
{
"version_affected": "<",
"version_name": "4.0.0",
"version_value": "4.0.4"
},
{
"version_affected": "<",
"version_name": "4.1.0",
"version_value": "4.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "https://camel.apache.org/security/CVE-2024-22369.html",
"defect": [
"CAMEL-20303"
],
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Ziyang Chen from HuaWei Open Source Management Center"
},
{
"lang": "en",
"value": "Pingtao Wei from HuaWei Open Source Management Center"
},
{
"lang": "en",
"value": "Haoran Zhi from HuaWei Open Source Management Center"
}
]
} }

56
2024/22xxx/CVE-2024-22824.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-22824",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-22824",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/auntvt/Timo/issues/6",
"refsource": "MISC",
"name": "https://github.com/auntvt/Timo/issues/6"
} }
] ]
} }

91
2024/23xxx/CVE-2024-23114.json
View File

@ -1,18 +1,99 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-23114", "ID": "CVE-2024-23114",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@apache.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.\n\nUsers are recommended to upgrade to version 4.4.0, which fixes the issue.\u00a0If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1\n\n"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Camel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.21.4"
},
{
"version_affected": "<",
"version_name": "3.22.0",
"version_value": "3.22.1"
},
{
"version_affected": "<",
"version_name": "4.0.0",
"version_value": "4.0.4"
},
{
"version_affected": "<",
"version_name": "4.1.0",
"version_value": "4.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://camel.apache.org/security/CVE-2024-23114.html",
"refsource": "MISC",
"name": "https://camel.apache.org/security/CVE-2024-23114.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"CAMEL-20306"
],
"discovery": "INTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Federico Mariani From Apache Software Foundation"
},
{
"lang": "en",
"value": "Andrea Cosentino from Apache Software Foundation"
}
]
} }