diff --git a/2023/27xxx/CVE-2023-27859.json b/2023/27xxx/CVE-2023-27859.json index a6ff33c5a46..f3d2c86a2d7 100644 --- a/2023/27xxx/CVE-2023-27859.json +++ b/2023/27xxx/CVE-2023-27859.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-27859", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Db2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.5, 11.1 ,11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7105503", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7105503" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249205", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249205" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/39xxx/CVE-2023-39417.json b/2023/39xxx/CVE-2023-39417.json index d959538ab36..e6e636cebf2 100644 --- a/2023/39xxx/CVE-2023-39417.json +++ b/2023/39xxx/CVE-2023-39417.json @@ -593,36 +593,76 @@ } }, { - "product_name": "Red Hat Advanced Cluster Security 4", + "product_name": "RHACS-4.1-RHEL-8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } @@ -771,6 +811,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0304" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0332", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0332" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-39417", "refsource": "MISC", diff --git a/2023/46xxx/CVE-2023-46846.json b/2023/46xxx/CVE-2023-46846.json index d7f6cfd3b14..0919c1278f6 100644 --- a/2023/46xxx/CVE-2023-46846.json +++ b/2023/46xxx/CVE-2023-46846.json @@ -448,6 +448,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00008.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00008.html" } ] }, diff --git a/2023/47xxx/CVE-2023-47141.json b/2023/47xxx/CVE-2023-47141.json index fee0e4d877c..db3be3ec8a9 100644 --- a/2023/47xxx/CVE-2023-47141.json +++ b/2023/47xxx/CVE-2023-47141.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47141", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Db2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7105497", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7105497" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270264", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270264" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47152.json b/2023/47xxx/CVE-2023-47152.json index aa4601c107f..3f4e67bae0c 100644 --- a/2023/47xxx/CVE-2023-47152.json +++ b/2023/47xxx/CVE-2023-47152.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47152", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Db2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7105605", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7105605" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270730", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270730" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47158.json b/2023/47xxx/CVE-2023-47158.json index f7efa1d62f8..57c5c7fffc3 100644 --- a/2023/47xxx/CVE-2023-47158.json +++ b/2023/47xxx/CVE-2023-47158.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47158", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Db2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.5, 11.1 ,11.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7105496", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7105496" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270750", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270750" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5868.json b/2023/5xxx/CVE-2023-5868.json index 04b5a8e4fd1..8c3b0f20f74 100644 --- a/2023/5xxx/CVE-2023-5868.json +++ b/2023/5xxx/CVE-2023-5868.json @@ -597,36 +597,76 @@ } }, { - "product_name": "Red Hat Advanced Cluster Security 4", + "product_name": "RHACS-4.1-RHEL-8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } @@ -825,6 +865,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0304" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0332", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0332" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5868", "refsource": "MISC", @@ -835,6 +880,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168" }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0003/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240119-0003/" + }, { "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", "refsource": "MISC", @@ -844,11 +894,6 @@ "url": "https://www.postgresql.org/support/security/CVE-2023-5868/", "refsource": "MISC", "name": "https://www.postgresql.org/support/security/CVE-2023-5868/" - }, - { - "url": "https://security.netapp.com/advisory/ntap-20240119-0003/", - "refsource": "MISC", - "name": "https://security.netapp.com/advisory/ntap-20240119-0003/" } ] }, diff --git a/2023/5xxx/CVE-2023-5869.json b/2023/5xxx/CVE-2023-5869.json index c2b2a12c334..8a20cca5c98 100644 --- a/2023/5xxx/CVE-2023-5869.json +++ b/2023/5xxx/CVE-2023-5869.json @@ -773,36 +773,76 @@ } }, { - "product_name": "Red Hat Advanced Cluster Security 4", + "product_name": "RHACS-4.1-RHEL-8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } @@ -1015,6 +1055,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0304" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0332", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0332" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5869", "refsource": "MISC", @@ -1025,6 +1070,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2247169" }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0003/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240119-0003/" + }, { "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", "refsource": "MISC", @@ -1034,11 +1084,6 @@ "url": "https://www.postgresql.org/support/security/CVE-2023-5869/", "refsource": "MISC", "name": "https://www.postgresql.org/support/security/CVE-2023-5869/" - }, - { - "url": "https://security.netapp.com/advisory/ntap-20240119-0003/", - "refsource": "MISC", - "name": "https://security.netapp.com/advisory/ntap-20240119-0003/" } ] }, diff --git a/2023/5xxx/CVE-2023-5870.json b/2023/5xxx/CVE-2023-5870.json index d0176d045c5..0c2cc1f28c3 100644 --- a/2023/5xxx/CVE-2023-5870.json +++ b/2023/5xxx/CVE-2023-5870.json @@ -597,36 +597,76 @@ } }, { - "product_name": "Red Hat Advanced Cluster Security 4", + "product_name": "RHACS-4.1-RHEL-8", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } }, { "version_value": "not down converted", "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.1.6-6", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], "defaultStatus": "affected" } } @@ -825,6 +865,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0304" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0332", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0332" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5870", "refsource": "MISC", @@ -835,6 +880,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2247170" }, + { + "url": "https://security.netapp.com/advisory/ntap-20240119-0003/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20240119-0003/" + }, { "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", "refsource": "MISC", @@ -844,11 +894,6 @@ "url": "https://www.postgresql.org/support/security/CVE-2023-5870/", "refsource": "MISC", "name": "https://www.postgresql.org/support/security/CVE-2023-5870/" - }, - { - "url": "https://security.netapp.com/advisory/ntap-20240119-0003/", - "refsource": "MISC", - "name": "https://security.netapp.com/advisory/ntap-20240119-0003/" } ] }, diff --git a/2024/0xxx/CVE-2024-0790.json b/2024/0xxx/CVE-2024-0790.json new file mode 100644 index 00000000000..02f397b3a28 --- /dev/null +++ b/2024/0xxx/CVE-2024-0790.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0790", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/0xxx/CVE-2024-0791.json b/2024/0xxx/CVE-2024-0791.json new file mode 100644 index 00000000000..3474734508f --- /dev/null +++ b/2024/0xxx/CVE-2024-0791.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0791", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/0xxx/CVE-2024-0792.json b/2024/0xxx/CVE-2024-0792.json new file mode 100644 index 00000000000..9291ff2f72d --- /dev/null +++ b/2024/0xxx/CVE-2024-0792.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0792", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/23xxx/CVE-2024-23675.json b/2024/23xxx/CVE-2024-23675.json index 16ef757d5b7..1593d8021ac 100644 --- a/2024/23xxx/CVE-2024-23675.json +++ b/2024/23xxx/CVE-2024-23675.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23675", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@splunk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Splunk", + "product": { + "product_data": [ + { + "product_name": "Splunk Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.0", + "version_value": "9.0.8" + }, + { + "version_affected": "<", + "version_name": "9.1", + "version_value": "9.1.3" + } + ] + } + }, + { + "product_name": "Splunk Cloud", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "9.1.2312.100" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://advisory.splunk.com/advisories/SVD-2024-0105", + "refsource": "MISC", + "name": "https://advisory.splunk.com/advisories/SVD-2024-0105" + } + ] + }, + "source": { + "advisory": "SVD-2024-0105" + }, + "credits": [ + { + "lang": "en", + "value": "Julian Kaufmann" + } + ], + "impact": { + "cvss": [ + { + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/23xxx/CVE-2024-23676.json b/2024/23xxx/CVE-2024-23676.json index 740f6543b77..135a060469a 100644 --- a/2024/23xxx/CVE-2024-23676.json +++ b/2024/23xxx/CVE-2024-23676.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23676", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@splunk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Splunk versions below 9.0.8 and 9.1.3, the \u201cmrollup\u201d SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Splunk", + "product": { + "product_data": [ + { + "product_name": "Splunk Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.0", + "version_value": "9.0.8" + }, + { + "version_affected": "<", + "version_name": "9.1", + "version_value": "9.1.3" + } + ] + } + }, + { + "product_name": "Splunk Cloud", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "9.1.2308.200" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://advisory.splunk.com/advisories/SVD-2024-0106", + "refsource": "MISC", + "name": "https://advisory.splunk.com/advisories/SVD-2024-0106" + } + ] + }, + "source": { + "advisory": "SVD-2024-0106" + }, + "credits": [ + { + "lang": "en", + "value": "Anton (therceman)" + } + ], + "impact": { + "cvss": [ + { + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/23xxx/CVE-2024-23677.json b/2024/23xxx/CVE-2024-23677.json index fdee2433cf7..bc93781ee56 100644 --- a/2024/23xxx/CVE-2024-23677.json +++ b/2024/23xxx/CVE-2024-23677.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23677", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@splunk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Splunk", + "product": { + "product_data": [ + { + "product_name": "Splunk Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.0", + "version_value": "9.0.8" + } + ] + } + }, + { + "product_name": "Splunk Cloud", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "9.0.2208" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://advisory.splunk.com/advisories/SVD-2024-0107", + "refsource": "MISC", + "name": "https://advisory.splunk.com/advisories/SVD-2024-0107" + } + ] + }, + "source": { + "advisory": "SVD-2024-0107" + }, + "credits": [ + { + "lang": "en", + "value": "Vikram Ashtaputre, Splunk" + } + ], + "impact": { + "cvss": [ + { + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/23xxx/CVE-2024-23678.json b/2024/23xxx/CVE-2024-23678.json index 61150884b41..f8d403d9574 100644 --- a/2024/23xxx/CVE-2024-23678.json +++ b/2024/23xxx/CVE-2024-23678.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23678", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@splunk.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Splunk", + "product": { + "product_data": [ + { + "product_name": "Splunk Enterprise", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.0", + "version_value": "9.0.8" + }, + { + "version_affected": "<", + "version_name": "9.1", + "version_value": "9.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://advisory.splunk.com/advisories/SVD-2024-0108", + "refsource": "MISC", + "name": "https://advisory.splunk.com/advisories/SVD-2024-0108" + } + ] + }, + "source": { + "advisory": "SVD-2024-0108" + }, + "credits": [ + { + "lang": "en", + "value": "Danylo Dmytriiev (DDV_UA)" + } + ], + "impact": { + "cvss": [ + { + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] }