admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-22 21:00:34 +00:00
parent cbd89c43bb
commit d094febf64
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
16 changed files with 903 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
2023/27xxx/CVE-2023-27859.json
View File

@ -1,17 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27859",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Db2 for Linux, UNIX and Windows",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.5, 11.1 ,11.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7105503",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7105503"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249205",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249205"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

47
2023/39xxx/CVE-2023-39417.json
View File

@ -593,36 +593,76 @@
}
},
{
"product_name": "Red Hat Advanced Cluster Security 4",
"product_name": "RHACS-4.1-RHEL-8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
@ -771,6 +811,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0304"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0332",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0332"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-39417",
"refsource": "MISC",

5
2023/46xxx/CVE-2023-46846.json
View File

@ -448,6 +448,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00008.html"
}
]
},

83
2023/47xxx/CVE-2023-47141.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47141",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Db2 for Linux, UNIX and Windows",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7105497",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7105497"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270264",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270264"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

82
2023/47xxx/CVE-2023-47152.json
View File

@ -1,17 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47152",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Db2 for Linux, UNIX and Windows",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7105605",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7105605"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270730",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270730"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

83
2023/47xxx/CVE-2023-47158.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47158",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Db2 for Linux, UNIX and Windows",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.5, 11.1 ,11.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7105496",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7105496"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270750",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270750"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

57
2023/5xxx/CVE-2023-5868.json
View File

@ -597,36 +597,76 @@
}
},
{
"product_name": "Red Hat Advanced Cluster Security 4",
"product_name": "RHACS-4.1-RHEL-8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
@ -825,6 +865,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0304"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0332",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0332"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5868",
"refsource": "MISC",
@ -835,6 +880,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240119-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240119-0003/"
},
{
"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/",
"refsource": "MISC",
@ -844,11 +894,6 @@
"url": "https://www.postgresql.org/support/security/CVE-2023-5868/",
"refsource": "MISC",
"name": "https://www.postgresql.org/support/security/CVE-2023-5868/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240119-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240119-0003/"
}
]
},

57
2023/5xxx/CVE-2023-5869.json
View File

@ -773,36 +773,76 @@
}
},
{
"product_name": "Red Hat Advanced Cluster Security 4",
"product_name": "RHACS-4.1-RHEL-8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
@ -1015,6 +1055,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0304"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0332",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0332"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5869",
"refsource": "MISC",
@ -1025,6 +1070,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2247169"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240119-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240119-0003/"
},
{
"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/",
"refsource": "MISC",
@ -1034,11 +1084,6 @@
"url": "https://www.postgresql.org/support/security/CVE-2023-5869/",
"refsource": "MISC",
"name": "https://www.postgresql.org/support/security/CVE-2023-5869/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240119-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240119-0003/"
}
]
},

57
2023/5xxx/CVE-2023-5870.json
View File

@ -597,36 +597,76 @@
}
},
{
"product_name": "Red Hat Advanced Cluster Security 4",
"product_name": "RHACS-4.1-RHEL-8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.1.6-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
@ -825,6 +865,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0304"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0332",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0332"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5870",
"refsource": "MISC",
@ -835,6 +880,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2247170"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240119-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240119-0003/"
},
{
"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/",
"refsource": "MISC",
@ -844,11 +894,6 @@
"url": "https://www.postgresql.org/support/security/CVE-2023-5870/",
"refsource": "MISC",
"name": "https://www.postgresql.org/support/security/CVE-2023-5870/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240119-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240119-0003/"
}
]
},

18
2024/0xxx/CVE-2024-0790.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0790",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/0xxx/CVE-2024-0791.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0791",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/0xxx/CVE-2024-0792.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0792",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

91
2024/23xxx/CVE-2024-23675.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23675",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.8"
},
{
"version_affected": "<",
"version_name": "9.1",
"version_value": "9.1.3"
}
]
}
},
{
"product_name": "Splunk Cloud",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "9.1.2312.100"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-0105",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2024-0105"
}
]
},
"source": {
"advisory": "SVD-2024-0105"
},
"credits": [
{
"lang": "en",
"value": "Julian Kaufmann"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

91
2024/23xxx/CVE-2024-23676.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23676",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Splunk versions below 9.0.8 and 9.1.3, the \u201cmrollup\u201d SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.8"
},
{
"version_affected": "<",
"version_name": "9.1",
"version_value": "9.1.3"
}
]
}
},
{
"product_name": "Splunk Cloud",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "9.1.2308.200"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-0106",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2024-0106"
}
]
},
"source": {
"advisory": "SVD-2024-0106"
},
"credits": [
{
"lang": "en",
"value": "Anton (therceman)"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
}
]
}

86
2024/23xxx/CVE-2024-23677.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23677",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.8"
}
]
}
},
{
"product_name": "Splunk Cloud",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "9.0.2208"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-0107",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2024-0107"
}
]
},
"source": {
"advisory": "SVD-2024-0107"
},
"credits": [
{
"lang": "en",
"value": "Vikram Ashtaputre, Splunk"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

79
2024/23xxx/CVE-2024-23678.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23678",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@splunk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.8"
},
{
"version_affected": "<",
"version_name": "9.1",
"version_value": "9.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-0108",
"refsource": "MISC",
"name": "https://advisory.splunk.com/advisories/SVD-2024-0108"
}
]
},
"source": {
"advisory": "SVD-2024-0108"
},
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"impact": {
"cvss": [
{
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}