From c6b5d9247003d6ec3d9d3232afca4c8ae4b4de8e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 17 Sep 2024 18:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/38xxx/CVE-2024-38380.json | 98 ++++++++++++++++++++++++- 2024/38xxx/CVE-2024-38812.json | 99 ++++++++++++++++++++++++- 2024/38xxx/CVE-2024-38813.json | 108 ++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42501.json | 130 ++++++++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42502.json | 130 ++++++++++++++++++++++++++++++++- 2024/42xxx/CVE-2024-42503.json | 130 ++++++++++++++++++++++++++++++++- 2024/45xxx/CVE-2024-45682.json | 98 ++++++++++++++++++++++++- 2024/47xxx/CVE-2024-47060.json | 18 +++++ 2024/47xxx/CVE-2024-47061.json | 18 +++++ 2024/47xxx/CVE-2024-47062.json | 18 +++++ 2024/47xxx/CVE-2024-47063.json | 18 +++++ 2024/47xxx/CVE-2024-47064.json | 18 +++++ 2024/47xxx/CVE-2024-47065.json | 18 +++++ 2024/47xxx/CVE-2024-47066.json | 18 +++++ 2024/47xxx/CVE-2024-47067.json | 18 +++++ 2024/47xxx/CVE-2024-47068.json | 18 +++++ 2024/47xxx/CVE-2024-47069.json | 18 +++++ 2024/47xxx/CVE-2024-47070.json | 18 +++++ 2024/47xxx/CVE-2024-47071.json | 18 +++++ 2024/47xxx/CVE-2024-47072.json | 18 +++++ 2024/47xxx/CVE-2024-47073.json | 18 +++++ 2024/47xxx/CVE-2024-47074.json | 18 +++++ 2024/47xxx/CVE-2024-47075.json | 18 +++++ 2024/47xxx/CVE-2024-47076.json | 18 +++++ 2024/47xxx/CVE-2024-47077.json | 18 +++++ 2024/47xxx/CVE-2024-47078.json | 18 +++++ 2024/47xxx/CVE-2024-47079.json | 18 +++++ 2024/47xxx/CVE-2024-47080.json | 18 +++++ 2024/47xxx/CVE-2024-47081.json | 18 +++++ 2024/47xxx/CVE-2024-47082.json | 18 +++++ 2024/47xxx/CVE-2024-47083.json | 18 +++++ 2024/47xxx/CVE-2024-47084.json | 18 +++++ 2024/8xxx/CVE-2024-8796.json | 115 ++++++++++++++++++++++++++++- 2024/8xxx/CVE-2024-8953.json | 18 +++++ 2024/8xxx/CVE-2024-8954.json | 18 +++++ 35 files changed, 1362 insertions(+), 32 deletions(-) create mode 100644 2024/47xxx/CVE-2024-47060.json create mode 100644 2024/47xxx/CVE-2024-47061.json create mode 100644 2024/47xxx/CVE-2024-47062.json create mode 100644 2024/47xxx/CVE-2024-47063.json create mode 100644 2024/47xxx/CVE-2024-47064.json create mode 100644 2024/47xxx/CVE-2024-47065.json create mode 100644 2024/47xxx/CVE-2024-47066.json create mode 100644 2024/47xxx/CVE-2024-47067.json create mode 100644 2024/47xxx/CVE-2024-47068.json create mode 100644 2024/47xxx/CVE-2024-47069.json create mode 100644 2024/47xxx/CVE-2024-47070.json create mode 100644 2024/47xxx/CVE-2024-47071.json create mode 100644 2024/47xxx/CVE-2024-47072.json create mode 100644 2024/47xxx/CVE-2024-47073.json create mode 100644 2024/47xxx/CVE-2024-47074.json create mode 100644 2024/47xxx/CVE-2024-47075.json create mode 100644 2024/47xxx/CVE-2024-47076.json create mode 100644 2024/47xxx/CVE-2024-47077.json create mode 100644 2024/47xxx/CVE-2024-47078.json create mode 100644 2024/47xxx/CVE-2024-47079.json create mode 100644 2024/47xxx/CVE-2024-47080.json create mode 100644 2024/47xxx/CVE-2024-47081.json create mode 100644 2024/47xxx/CVE-2024-47082.json create mode 100644 2024/47xxx/CVE-2024-47083.json create mode 100644 2024/47xxx/CVE-2024-47084.json create mode 100644 2024/8xxx/CVE-2024-8953.json create mode 100644 2024/8xxx/CVE-2024-8954.json diff --git a/2024/38xxx/CVE-2024-38380.json b/2024/38xxx/CVE-2024-38380.json index 04ca561adce..d3efb8d71ce 100644 --- a/2024/38xxx/CVE-2024-38380.json +++ b/2024/38xxx/CVE-2024-38380.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38380", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Millbeck Communications", + "product": { + "product_data": [ + { + "product_name": "Proroute H685t-w", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.334" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-24-261-02", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Millbeck Communications recommends that users download the firmware patch v3.2.335 or higher.\n\n
" + } + ], + "value": "Millbeck Communications recommends that users download the firmware patch v3.2.335 or higher https://proroute.co.uk/current-firmware/ ." + } + ], + "credits": [ + { + "lang": "en", + "value": "Joe Lovett from Pen Test Partners reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/38xxx/CVE-2024-38812.json b/2024/38xxx/CVE-2024-38812.json index 9d47547746d..c32efb9b80e 100644 --- a/2024/38xxx/CVE-2024-38812.json +++ b/2024/38xxx/CVE-2024-38812.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38812", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The\u00a0vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vCenter Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.0", + "version_value": "8.0 U3b" + }, + { + "version_affected": "<", + "version_name": "7.0", + "version_value": "7.0 U3s" + } + ] + } + }, + { + "product_name": "VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.x" + }, + { + "version_affected": "=", + "version_value": "4.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968", + "refsource": "MISC", + "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/38xxx/CVE-2024-38813.json b/2024/38xxx/CVE-2024-38813.json index d5747235b94..602e4352e0b 100644 --- a/2024/38xxx/CVE-2024-38813.json +++ b/2024/38xxx/CVE-2024-38813.json @@ -1,17 +1,117 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38813", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The vCenter Server contains a privilege escalation vulnerability.\u00a0A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-273 Improper Check for Dropped Privileges", + "cweId": "CWE-273" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-250", + "cweId": "CWE-250" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vCenter Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.0", + "version_value": "8.0 U3b" + }, + { + "version_affected": "<", + "version_name": "7.0", + "version_value": "7.0 U3s" + } + ] + } + }, + { + "product_name": "VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.x" + }, + { + "version_affected": "=", + "version_value": "4.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968", + "refsource": "MISC", + "name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42501.json b/2024/42xxx/CVE-2024-42501.json index 17c847a3c0d..a0816184fe1 100644 --- a/2024/42xxx/CVE-2024-42501.json +++ b/2024/42xxx/CVE-2024-42501.json @@ -1,17 +1,139 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42501", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba OS", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "<=10.6.0.2", + "status": "affected", + "version": "Version 10.6.0.0: 10.6.0.2 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=8.10.0.13", + "status": "affected", + "version": "Version 8.10.0.0: 8.10.0.13 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=10.6.0.0", + "status": "affected", + "version": "Version 10.5.0.0: 10.6.0.0 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=10.4.0.0", + "status": "affected", + "version": "Version 10.3.0.0: 10.4.0.0 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=8.12.0.0", + "status": "affected", + "version": "Version 8.11.0.0: 8.12.0.0 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=8.12.0.1", + "status": "affected", + "version": "Version 8.12.0.0: 8.12.0.1 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=8.9.0.0", + "status": "affected", + "version": "Version 6.5.4.0: 8.9.0.0 and below", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US", + "refsource": "MISC", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "HPESBNW04709", + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "erikdejong" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42502.json b/2024/42xxx/CVE-2024-42502.json index 6526a62a9c9..bc4490ea79c 100644 --- a/2024/42xxx/CVE-2024-42502.json +++ b/2024/42xxx/CVE-2024-42502.json @@ -1,17 +1,139 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42502", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba OS", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "<=10.6.0.2", + "status": "affected", + "version": "Version 10.6.0.0: 10.6.0.2 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=8.10.0.13", + "status": "affected", + "version": "Version 8.10.0.0: 8.10.0.13 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=10.6.0.0", + "status": "affected", + "version": "Version 10.5.0.0: 10.6.0.0 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=10.4.0.0", + "status": "affected", + "version": "Version 10.3.0.0: 10.4.0.0 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=8.12.0.0", + "status": "affected", + "version": "Version 8.11.0.0: 8.12.0.0 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=8.12.0.1", + "status": "affected", + "version": "Version 8.12.0.0: 8.12.0.1 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=8.9.0.0", + "status": "affected", + "version": "Version 6.5.4.0: 8.9.0.0 and below", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US", + "refsource": "MISC", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "HPESBNW04709", + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "erikdejong" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42503.json b/2024/42xxx/CVE-2024-42503.json index 3cd1ff5659d..47aa33380cf 100644 --- a/2024/42xxx/CVE-2024-42503.json +++ b/2024/42xxx/CVE-2024-42503.json @@ -1,17 +1,139 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42503", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba OS", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "<=10.6.0.2", + "status": "affected", + "version": "Version 10.6.0.0: 10.6.0.2 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=8.10.0.13", + "status": "affected", + "version": "Version 8.10.0.0: 8.10.0.13 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=10.6.0.0", + "status": "affected", + "version": "Version 10.5.0.0: 10.6.0.0 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=10.4.0.0", + "status": "affected", + "version": "Version 10.3.0.0: 10.4.0.0 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=8.12.0.0", + "status": "affected", + "version": "Version 8.11.0.0: 8.12.0.0 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=8.12.0.1", + "status": "affected", + "version": "Version 8.12.0.0: 8.12.0.1 and below", + "versionType": "semver" + }, + { + "lessThanOrEqual": "<=8.9.0.0", + "status": "affected", + "version": "Version 6.5.4.0: 8.9.0.0 and below", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US", + "refsource": "MISC", + "name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "HPESBNW04709", + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "erikdejong" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/45xxx/CVE-2024-45682.json b/2024/45xxx/CVE-2024-45682.json index d732bb12f02..f67eb0f15fb 100644 --- a/2024/45xxx/CVE-2024-45682.json +++ b/2024/45xxx/CVE-2024-45682.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45682", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Millbeck Communications", + "product": { + "product_data": [ + { + "product_name": "Proroute H685t-w", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.2.334" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-261-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-24-261-02", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Millbeck Communications recommends that users download the firmware patch v3.2.335 or higher.\n\n
" + } + ], + "value": "Millbeck Communications recommends that users download the firmware patch v3.2.335 or higher https://proroute.co.uk/current-firmware/ ." + } + ], + "credits": [ + { + "lang": "en", + "value": "Joe Lovett from Pen Test Partners reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/47xxx/CVE-2024-47060.json b/2024/47xxx/CVE-2024-47060.json new file mode 100644 index 00000000000..1af29f06d9e --- /dev/null +++ b/2024/47xxx/CVE-2024-47060.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47060", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47061.json b/2024/47xxx/CVE-2024-47061.json new file mode 100644 index 00000000000..f1a44882381 --- /dev/null +++ b/2024/47xxx/CVE-2024-47061.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47061", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47062.json b/2024/47xxx/CVE-2024-47062.json new file mode 100644 index 00000000000..5048c0e5c0e --- /dev/null +++ b/2024/47xxx/CVE-2024-47062.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47062", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47063.json b/2024/47xxx/CVE-2024-47063.json new file mode 100644 index 00000000000..0499a3383ce --- /dev/null +++ b/2024/47xxx/CVE-2024-47063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47064.json b/2024/47xxx/CVE-2024-47064.json new file mode 100644 index 00000000000..eb889f3a025 --- /dev/null +++ b/2024/47xxx/CVE-2024-47064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47065.json b/2024/47xxx/CVE-2024-47065.json new file mode 100644 index 00000000000..d455470cbcf --- /dev/null +++ b/2024/47xxx/CVE-2024-47065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47066.json b/2024/47xxx/CVE-2024-47066.json new file mode 100644 index 00000000000..2ec262fe439 --- /dev/null +++ b/2024/47xxx/CVE-2024-47066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47067.json b/2024/47xxx/CVE-2024-47067.json new file mode 100644 index 00000000000..52bfa8c89a3 --- /dev/null +++ b/2024/47xxx/CVE-2024-47067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47068.json b/2024/47xxx/CVE-2024-47068.json new file mode 100644 index 00000000000..5b6d8a5c3e0 --- /dev/null +++ b/2024/47xxx/CVE-2024-47068.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47068", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47069.json b/2024/47xxx/CVE-2024-47069.json new file mode 100644 index 00000000000..dbf2454b03f --- /dev/null +++ b/2024/47xxx/CVE-2024-47069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47070.json b/2024/47xxx/CVE-2024-47070.json new file mode 100644 index 00000000000..a766d85022d --- /dev/null +++ b/2024/47xxx/CVE-2024-47070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47071.json b/2024/47xxx/CVE-2024-47071.json new file mode 100644 index 00000000000..76105b7c52e --- /dev/null +++ b/2024/47xxx/CVE-2024-47071.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47071", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47072.json b/2024/47xxx/CVE-2024-47072.json new file mode 100644 index 00000000000..0f1e28214c6 --- /dev/null +++ b/2024/47xxx/CVE-2024-47072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47073.json b/2024/47xxx/CVE-2024-47073.json new file mode 100644 index 00000000000..4b58309cb25 --- /dev/null +++ b/2024/47xxx/CVE-2024-47073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47074.json b/2024/47xxx/CVE-2024-47074.json new file mode 100644 index 00000000000..c81eef26627 --- /dev/null +++ b/2024/47xxx/CVE-2024-47074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47075.json b/2024/47xxx/CVE-2024-47075.json new file mode 100644 index 00000000000..1e4682c92ab --- /dev/null +++ b/2024/47xxx/CVE-2024-47075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47076.json b/2024/47xxx/CVE-2024-47076.json new file mode 100644 index 00000000000..1daea798086 --- /dev/null +++ b/2024/47xxx/CVE-2024-47076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47077.json b/2024/47xxx/CVE-2024-47077.json new file mode 100644 index 00000000000..6cd460d8716 --- /dev/null +++ b/2024/47xxx/CVE-2024-47077.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47077", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47078.json b/2024/47xxx/CVE-2024-47078.json new file mode 100644 index 00000000000..1585d8ced14 --- /dev/null +++ b/2024/47xxx/CVE-2024-47078.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47078", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47079.json b/2024/47xxx/CVE-2024-47079.json new file mode 100644 index 00000000000..668b4c4b526 --- /dev/null +++ b/2024/47xxx/CVE-2024-47079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47080.json b/2024/47xxx/CVE-2024-47080.json new file mode 100644 index 00000000000..de498850188 --- /dev/null +++ b/2024/47xxx/CVE-2024-47080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47081.json b/2024/47xxx/CVE-2024-47081.json new file mode 100644 index 00000000000..785912c2bbf --- /dev/null +++ b/2024/47xxx/CVE-2024-47081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47082.json b/2024/47xxx/CVE-2024-47082.json new file mode 100644 index 00000000000..a85cbd5696a --- /dev/null +++ b/2024/47xxx/CVE-2024-47082.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47082", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47083.json b/2024/47xxx/CVE-2024-47083.json new file mode 100644 index 00000000000..f9a5220b5d3 --- /dev/null +++ b/2024/47xxx/CVE-2024-47083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47084.json b/2024/47xxx/CVE-2024-47084.json new file mode 100644 index 00000000000..e684250214c --- /dev/null +++ b/2024/47xxx/CVE-2024-47084.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47084", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8796.json b/2024/8xxx/CVE-2024-8796.json index 214890e3544..075c1a67fbd 100644 --- a/2024/8xxx/CVE-2024-8796.json +++ b/2024/8xxx/CVE-2024-8796.json @@ -1,17 +1,124 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8796", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclosure@synopsys.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an attacker to guess the shared secret and generate valid TOTP codes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-331 Insufficient Entropy", + "cweId": "CWE-331" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "devise-two-factor", + "product": { + "product_data": [ + { + "product_name": "devise-two-factor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.2.0", + "version_value": "6.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-qjxf-mc72-wjr2", + "refsource": "MISC", + "name": "https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-qjxf-mc72-wjr2" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "USER" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "If upgrading is not possible, you can override the default otp_secret_length attribute in the model when configuring two_factor_authenticable and set it to a value of at least 26 to ensure newly generated shared secrets are at least 128-bits long.
" + } + ], + "value": "If upgrading is not possible, you can override the default otp_secret_length attribute in the model when configuring two_factor_authenticable and set it to a value of at least 26 to ensure newly generated shared secrets are at least 128-bits long." + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Devise-Two-Factor should be upgraded to version v6.0.0 as soon as possible. After upgrading, the length of shared secrets and TOTP URLs generated by the library will increase since the new shared secrets will be longer.

After upgrading or implementing the workaround, applications using Devise-Two-Factor may wish to migrate users to the new OTP length to provide increased protection for those accounts. Turning off OTP for users by setting otp_required_for_login to false is not recommended since it would leave accounts unprotected. However, you may wish to implement application logic that checks the length of a user's shared secret and prompts users to re-enroll in OTP.


" + } + ], + "value": "Devise-Two-Factor should be upgraded to version v6.0.0 as soon as possible. After upgrading, the length of shared secrets and TOTP URLs generated by the library will increase since the new shared secrets will be longer.\n\nAfter upgrading or implementing the workaround, applications using Devise-Two-Factor may wish to migrate users to the new OTP length to provide increased protection for those accounts. Turning off OTP for users by setting otp_required_for_login to false is not recommended since it would leave accounts unprotected. However, you may wish to implement application logic that checks the length of a user's shared secret and prompts users to re-enroll in OTP." + } + ], + "credits": [ + { + "lang": "en", + "value": "Mark Adams" + }, + { + "lang": "en", + "value": "Garrett Rappaport" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8953.json b/2024/8xxx/CVE-2024-8953.json new file mode 100644 index 00000000000..41bb8373b58 --- /dev/null +++ b/2024/8xxx/CVE-2024-8953.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8953", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8954.json b/2024/8xxx/CVE-2024-8954.json new file mode 100644 index 00000000000..47c5b1ebbfb --- /dev/null +++ b/2024/8xxx/CVE-2024-8954.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8954", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file