diff --git a/2019/17xxx/CVE-2019-17082.json b/2019/17xxx/CVE-2019-17082.json
index 90b568a7dfe..a8c2ea566ba 100644
--- a/2019/17xxx/CVE-2019-17082.json
+++ b/2019/17xxx/CVE-2019-17082.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Missing Authentication for Critical Function vulnerability in OpenText\u2122 AccuRev for LDAP Integration allows Authentication Bypass. The vulnerability could allow\u00a0\n\na valid AccuRev username to gain access to AccuRev source control without knowing the user\u2019s password.\n\nThis issue affects AccuRev for LDAP Integration: 2017.1."
+ "value": "Insufficiently Protected Credentials vulnerability in OpenText\u2122 AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system\n\nthe vulnerability could allow\u00a0anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user\u2019s password.\n\nThis issue affects AccuRev: 2017.1."
}
]
},
@@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
- "value": "CWE-306 Missing Authentication for Critical Function",
- "cweId": "CWE-306"
+ "value": "CWE-522 Insufficiently Protected Credentials",
+ "cweId": "CWE-522"
}
]
}
@@ -36,7 +36,7 @@
"product": {
"product_data": [
{
- "product_name": "AccuRev for LDAP Integration",
+ "product_name": "AccuRev",
"version": {
"version_data": [
{
@@ -74,10 +74,10 @@
{
"base64": false,
"type": "text/html",
- "value": "https://support.microfocus.com/kb/kmdoc.php?id=KM03544106
"
+ "value": "KM03544106 - AccuRev for LDAP Integration, version 2017.1, access may be granted without a password - CVE-2019-17082\n\n
"
}
],
- "value": "https://support.microfocus.com/kb/kmdoc.php?id=KM03544106"
+ "value": "KM03544106 - AccuRev for LDAP Integration, version 2017.1, access may be granted without a password - CVE-2019-17082 https://support.microfocus.com/kb/kmdoc.php"
}
]
}
\ No newline at end of file
diff --git a/2024/10xxx/CVE-2024-10476.json b/2024/10xxx/CVE-2024-10476.json
index 530b0cf138c..c93ab92c34a 100644
--- a/2024/10xxx/CVE-2024-10476.json
+++ b/2024/10xxx/CVE-2024-10476.json
@@ -1,17 +1,202 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10476",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cybersecurity@bd.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys\u2122 Informatics\nSolution is only in scope of\nthis vulnerability when\ninstalled on a NUC server. BD Synapsys\u2122\nInformatics Solution installed\non a customer-provided virtual machine or on the BD Kiestra\u2122 SCU hardware is\nnot in scope."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-1392 USE OF DEFAULT CREDENTIALS",
+ "cweId": "CWE-1392"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Becton Dickinson & Co",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "BD BACTEC\u2122 Blood Culture System",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "7.20",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "BD COR\u2122 System",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "8.90",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "BD EpiCenter\u2122 Microbiology Data Management System",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "7.45",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "BD MAX\u2122 System",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "6.10",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "BD Phoenix\u2122 M50 Automated Microbiology System",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "2.70",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "BD Synapsys\u2122 Informatics Solution",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "6.10",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-cybersecurity-vulnerability-bulletin-diagnostic-solutions-products",
+ "refsource": "MISC",
+ "name": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-cybersecurity-vulnerability-bulletin-diagnostic-solutions-products"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/11xxx/CVE-2024-11422.json b/2024/11xxx/CVE-2024-11422.json
index 471b1f554ac..21b2c2e37b2 100644
--- a/2024/11xxx/CVE-2024-11422.json
+++ b/2024/11xxx/CVE-2024-11422.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11422",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Navisworks Freedom",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Simulate",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Manage",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027",
+ "refsource": "MISC",
+ "name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12178.json b/2024/12xxx/CVE-2024-12178.json
index bebd398fd25..d08ab7042cc 100644
--- a/2024/12xxx/CVE-2024-12178.json
+++ b/2024/12xxx/CVE-2024-12178.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12178",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
+ "cweId": "CWE-120"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Navisworks Freedom",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Simulate",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Manage",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027",
+ "refsource": "MISC",
+ "name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12179.json b/2024/12xxx/CVE-2024-12179.json
index d7e7e1f5219..8682ceb6786 100644
--- a/2024/12xxx/CVE-2024-12179.json
+++ b/2024/12xxx/CVE-2024-12179.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12179",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage\u00a0this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-122 Heap-based Buffer Overflow",
+ "cweId": "CWE-122"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Navisworks Freedom",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Simulate",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Manage",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027",
+ "refsource": "MISC",
+ "name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12191.json b/2024/12xxx/CVE-2024-12191.json
index b79e25f15dc..d8d60a3b95e 100644
--- a/2024/12xxx/CVE-2024-12191.json
+++ b/2024/12xxx/CVE-2024-12191.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12191",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Navisworks Freedom",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Simulate",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Manage",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027",
+ "refsource": "MISC",
+ "name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12192.json b/2024/12xxx/CVE-2024-12192.json
index 20db3ac035d..23612476e87 100644
--- a/2024/12xxx/CVE-2024-12192.json
+++ b/2024/12xxx/CVE-2024-12192.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12192",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Navisworks Freedom",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Simulate",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Manage",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027",
+ "refsource": "MISC",
+ "name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12193.json b/2024/12xxx/CVE-2024-12193.json
index 8724c39fdd8..07efe5438ed 100644
--- a/2024/12xxx/CVE-2024-12193.json
+++ b/2024/12xxx/CVE-2024-12193.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12193",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Navisworks Freedom",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Simulate",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Manage",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027",
+ "refsource": "MISC",
+ "name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12194.json b/2024/12xxx/CVE-2024-12194.json
index 79b2fc249a7..0850ba74161 100644
--- a/2024/12xxx/CVE-2024-12194.json
+++ b/2024/12xxx/CVE-2024-12194.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12194",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
+ "cweId": "CWE-120"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Navisworks Freedom",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Simulate",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Manage",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027",
+ "refsource": "MISC",
+ "name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12197.json b/2024/12xxx/CVE-2024-12197.json
index 6dfe2ffc67e..1c6110a0389 100644
--- a/2024/12xxx/CVE-2024-12197.json
+++ b/2024/12xxx/CVE-2024-12197.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12197",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Navisworks Freedom",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Simulate",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Manage",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027",
+ "refsource": "MISC",
+ "name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12198.json b/2024/12xxx/CVE-2024-12198.json
index bab5bc47e76..76f7222a9e4 100644
--- a/2024/12xxx/CVE-2024-12198.json
+++ b/2024/12xxx/CVE-2024-12198.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12198",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Navisworks Freedom",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Simulate",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Manage",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027",
+ "refsource": "MISC",
+ "name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12199.json b/2024/12xxx/CVE-2024-12199.json
index b26eb2c60de..65c472961dc 100644
--- a/2024/12xxx/CVE-2024-12199.json
+++ b/2024/12xxx/CVE-2024-12199.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12199",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Navisworks Freedom",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Simulate",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Manage",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027",
+ "refsource": "MISC",
+ "name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12200.json b/2024/12xxx/CVE-2024-12200.json
index e5a04745723..23b1a1b591f 100644
--- a/2024/12xxx/CVE-2024-12200.json
+++ b/2024/12xxx/CVE-2024-12200.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12200",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Navisworks Freedom",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Simulate",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Manage",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027",
+ "refsource": "MISC",
+ "name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12669.json b/2024/12xxx/CVE-2024-12669.json
index 1a17ced4c0e..8296f77bfa9 100644
--- a/2024/12xxx/CVE-2024-12669.json
+++ b/2024/12xxx/CVE-2024-12669.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12669",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-122 Heap-based Buffer Overflow",
+ "cweId": "CWE-122"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Navisworks Freedom",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Simulate",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Manage",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027",
+ "refsource": "MISC",
+ "name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12670.json b/2024/12xxx/CVE-2024-12670.json
index 2225fb6701c..5eee68dd463 100644
--- a/2024/12xxx/CVE-2024-12670.json
+++ b/2024/12xxx/CVE-2024-12670.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12670",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-122 Heap-based Buffer Overflow",
+ "cweId": "CWE-122"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Navisworks Freedom",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Simulate",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Manage",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027",
+ "refsource": "MISC",
+ "name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12671.json b/2024/12xxx/CVE-2024-12671.json
index ec2871a0728..23f1b27eff2 100644
--- a/2024/12xxx/CVE-2024-12671.json
+++ b/2024/12xxx/CVE-2024-12671.json
@@ -1,17 +1,109 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12671",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@autodesk.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Autodesk",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Navisworks Freedom",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Simulate",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Navisworks Manage",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2025"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027",
+ "refsource": "MISC",
+ "name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/12xxx/CVE-2024-12707.json b/2024/12xxx/CVE-2024-12707.json
new file mode 100644
index 00000000000..dbd4e910143
--- /dev/null
+++ b/2024/12xxx/CVE-2024-12707.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-12707",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/1xxx/CVE-2024-1394.json b/2024/1xxx/CVE-2024-1394.json
index 7c02f935db0..33cf6b4540c 100644
--- a/2024/1xxx/CVE-2024-1394.json
+++ b/2024/1xxx/CVE-2024-1394.json
@@ -545,7 +545,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "1:1.23.4-5.2.rhaos4.12.el8",
+ "version": "1:1.23.4-5.2.rhaos4.12.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -601,7 +601,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "0:1.25.0-2.2.el9",
+ "version": "0:1.25.0-2.2.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -615,7 +615,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "0:2.14.0-5.2.rhaos4.12.el9",
+ "version": "0:2.14.0-7.1.rhaos4.12.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -643,7 +643,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "3:4.4.1-2.1.rhaos4.12.el8",
+ "version": "3:4.2.0-7.2.rhaos4.12.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -671,7 +671,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "2:1.9.4-3.2.rhaos4.12.el9",
+ "version": "2:1.9.4-3.2.rhaos4.12.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -692,7 +692,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "1:1.29.1-2.2.rhaos4.13.el8",
+ "version": "1:1.29.1-2.2.rhaos4.13.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -734,7 +734,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "0:1.26.0-4.1.el8",
+ "version": "0:1.26.0-4.2.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -867,7 +867,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "0:1.27.0-3.1.el8",
+ "version": "0:1.27.0-3.1.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -909,7 +909,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el9",
+ "version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -923,7 +923,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "3:4.4.1-11.3.rhaos4.14.el9",
+ "version": "3:4.4.1-11.3.rhaos4.14.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -979,7 +979,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "3:2.1.7-3.4.rhaos4.14.el8",
+ "version": "3:2.1.7-3.4.rhaos4.14.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -1007,7 +1007,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el9",
+ "version": "0:1.27.4-7.2.rhaos4.14.git082c52f.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -1077,7 +1077,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el8",
+ "version": "0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -1133,7 +1133,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "3:4.4.1-11.4.rhaos4.14.el9",
+ "version": "3:4.4.1-11.4.rhaos4.14.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -1147,7 +1147,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "4:1.1.12-1.2.rhaos4.14.el9",
+ "version": "4:1.1.12-1.2.rhaos4.14.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -1252,7 +1252,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "0:1.28.4-8.rhaos4.15.git24f50b9.el8",
+ "version": "0:1.28.4-8.rhaos4.15.git24f50b9.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -1266,7 +1266,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "0:1.28.0-3.1.el9",
+ "version": "0:1.28.0-3.1.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -1294,7 +1294,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el9",
+ "version": "0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@@ -1336,7 +1336,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
- "version": "4:1.1.12-1.1.rhaos4.15.el8",
+ "version": "4:1.1.12-1.1.rhaos4.15.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
diff --git a/2024/36xxx/CVE-2024-36831.json b/2024/36xxx/CVE-2024-36831.json
index 2c5c0e40f36..e795ad7fdde 100644
--- a/2024/36xxx/CVE-2024-36831.json
+++ b/2024/36xxx/CVE-2024-36831.json
@@ -1,17 +1,76 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-36831",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-36831",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.dlink.com/en/security-bulletin/",
+ "refsource": "MISC",
+ "name": "https://www.dlink.com/en/security-bulletin/"
+ },
+ {
+ "url": "https://www.dlink.com/en",
+ "refsource": "MISC",
+ "name": "https://www.dlink.com/en"
+ },
+ {
+ "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10395",
+ "refsource": "MISC",
+ "name": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10395"
+ },
+ {
+ "url": "https://docs.google.com/document/d/15CVb7XHIgtfeW1W1pLZJWvlBMYN1rtr75vqZqf1v3Eo/edit?usp=sharing",
+ "refsource": "MISC",
+ "name": "https://docs.google.com/document/d/15CVb7XHIgtfeW1W1pLZJWvlBMYN1rtr75vqZqf1v3Eo/edit?usp=sharing"
}
]
}
diff --git a/2024/53xxx/CVE-2024-53144.json b/2024/53xxx/CVE-2024-53144.json
index 4bd34e6f4ac..fb8873c1faa 100644
--- a/2024/53xxx/CVE-2024-53144.json
+++ b/2024/53xxx/CVE-2024-53144.json
@@ -1,18 +1,135 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53144",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE\n\nThis aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4\n(\"Bluetooth: Always request for user confirmation for Just Works\")\nalways request user confirmation with confirm_hint set since the\nlikes of bluetoothd have dedicated policy around JUST_WORKS method\n(e.g. main.conf:JustWorksRepairing).\n\nCVE: CVE-2024-8805"
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "ba15a58b179e",
+ "version_value": "d17c631ba04e"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "3.16",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "3.16",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.1.113",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.6.55",
+ "lessThanOrEqual": "6.6.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.10.14",
+ "lessThanOrEqual": "6.10.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.11.3",
+ "lessThanOrEqual": "6.11.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.12",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/d17c631ba04e960eb6f8728b10d585de20ac4f71",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/d17c631ba04e960eb6f8728b10d585de20ac4f71"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/830c03e58beb70b99349760f822e505ecb4eeb7e",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/830c03e58beb70b99349760f822e505ecb4eeb7e"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/ad7adfb95f64a761e4784381e47bee1a362eb30d",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/ad7adfb95f64a761e4784381e47bee1a362eb30d"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/5291ff856d2c5177b4fe9c18828312be30213193",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/5291ff856d2c5177b4fe9c18828312be30213193"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/b25e11f978b63cb7857890edb3a698599cddb10e",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/b25e11f978b63cb7857890edb3a698599cddb10e"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-8e903de6a542"
}
}
\ No newline at end of file