admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-22 12:00:31 +00:00
parent 4b169a5283
commit cdc63c9c01
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
4 changed files with 196 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
2024/41xxx/CVE-2024-41781.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41781",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60,\u00a0FW1050.00 through\u00a0FW1050.20, and FW1060.00 through FW1060.10\u00a0functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-497 Exposure of System Data to an Unauthorized Control Sphere",
"cweId": "CWE-497"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "PowerVM Hypervisor",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "FW950.00",
"version_value": "FW950.90"
},
{
"version_affected": "<=",
"version_name": "FW1030.00",
"version_value": "FW1030.60"
},
{
"version_affected": "<=",
"version_name": "FW1050.00",
"version_value": "FW1050.20"
},
{
"version_affected": "<=",
"version_name": "FW1060.00",
"version_value": "FW1060.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7172698",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7172698"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

2
2024/51xxx/CVE-2024-51556.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability exists in the Wave 2.0 due to weak encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter \u201cuser_id\u201d through API request URLs leading to unauthorized access to sensitive information belonging to other users."
"value": "This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to sensitive information belonging to other users."
}
]
},

2
2024/51xxx/CVE-2024-51559.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "This vulnerability exists in the Wave 2.0\u00a0due\u00a0to missing authorization check on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter \u201cuser_id\u201d through API request URLs which could lead to unauthorized creation, modification and deletion of alerts belonging to other user accounts."
"value": "This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts."
}
]
},

108
2024/51xxx/CVE-2024-51766.json
View File

@ -1,17 +1,117 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-51766",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versions of L-series and J-series."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions",
"cweId": "CWE-755"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hewlett Packard Enterprise",
"product": {
"product_data": [
{
"product_name": "HPE NonStop DISK UTIL",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "L Series T9208L01^ACL",
"status": "affected",
"version": "T9208L01",
"versionType": "T9208L01"
},
{
"lessThan": "J Series T9208H01^ACK",
"status": "affected",
"version": "T9208H01",
"versionType": "T9208H01"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04759en_us&docLocale=en_US",
"refsource": "MISC",
"name": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04759en_us&docLocale=en_US"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "HPESBNS04759",
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please see security bulletin&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04759en_us&amp;docLocale=en_US\">https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04759en_us&amp;docLocale=en_US</a>"
}
],
"value": "Please see security bulletin\u00a0 https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbns04759en_us&docLocale=en_US"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
]
}