From d8aeb42dde0d19131b6f83b4616d3abda402705a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Jan 2025 15:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11322.json | 79 +++++++++++++++++- 2024/12xxx/CVE-2024-12084.json | 148 ++++++++++++++++++++++++++++++++- 2024/45xxx/CVE-2024-45061.json | 78 ++++++++++++++++- 2024/47xxx/CVE-2024-47002.json | 78 ++++++++++++++++- 2024/47xxx/CVE-2024-47140.json | 78 ++++++++++++++++- 2025/23xxx/CVE-2025-23396.json | 18 ++++ 2025/23xxx/CVE-2025-23397.json | 18 ++++ 2025/23xxx/CVE-2025-23398.json | 18 ++++ 2025/23xxx/CVE-2025-23399.json | 18 ++++ 2025/23xxx/CVE-2025-23400.json | 18 ++++ 2025/23xxx/CVE-2025-23401.json | 18 ++++ 2025/23xxx/CVE-2025-23402.json | 18 ++++ 12 files changed, 567 insertions(+), 20 deletions(-) create mode 100644 2025/23xxx/CVE-2025-23396.json create mode 100644 2025/23xxx/CVE-2025-23397.json create mode 100644 2025/23xxx/CVE-2025-23398.json create mode 100644 2025/23xxx/CVE-2025-23399.json create mode 100644 2025/23xxx/CVE-2025-23400.json create mode 100644 2025/23xxx/CVE-2025-23401.json create mode 100644 2025/23xxx/CVE-2025-23402.json diff --git a/2024/11xxx/CVE-2024-11322.json b/2024/11xxx/CVE-2024-11322.json index 0abaf7c4f2a..b7ddafb2624 100644 --- a/2024/11xxx/CVE-2024-11322.json +++ b/2024/11xxx/CVE-2024-11322.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11322", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial-of-service vulnerability exists in CyberPower PowerPanel Business (PPB) 4.11.0. \nAn unauthenticated remote attacker can restart the ppbd.exe process via the PowerPanel Business Service Watchdog service listening on TCP port 2003. The attacker can repeatedly restart ppbd.exe to render it unavailable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "C4.yberPower", + "product": { + "product_data": [ + { + "product_name": "PowerPanel Business", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "4.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2025-01", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2025-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/12xxx/CVE-2024-12084.json b/2024/12xxx/CVE-2024-12084.json index 3d343ff8cf0..7ff2d25bac6 100644 --- a/2024/12xxx/CVE-2024-12084.json +++ b/2024/12xxx/CVE-2024-12084.json @@ -1,17 +1,157 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12084", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-12084", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2024-12084" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330527", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2330527" + }, + { + "url": "https://kb.cert.org/vuls/id/952657", + "refsource": "MISC", + "name": "https://kb.cert.org/vuls/id/952657" + } + ] + }, + "work_around": [ + { + "lang": "en", + "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible." + } + ], + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/45xxx/CVE-2024-45061.json b/2024/45xxx/CVE-2024-45061.json index 7b7bf5e09be..2ae0270b989 100644 --- a/2024/45xxx/CVE-2024-45061.json +++ b/2024/45xxx/CVE-2024-45061.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45061", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Observium", + "product": { + "product_data": [ + { + "product_name": "Observium", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "CE 24.4.13528" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2092", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2092" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Marcin 'Icewall' Noga of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH" } ] } diff --git a/2024/47xxx/CVE-2024-47002.json b/2024/47xxx/CVE-2024-47002.json index a0853488eef..48d5202e8f9 100644 --- a/2024/47xxx/CVE-2024-47002.json +++ b/2024/47xxx/CVE-2024-47002.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Observium", + "product": { + "product_data": [ + { + "product_name": "Observium", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "CE 24.4.13528" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2091", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2091" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Marcin 'Icewall' Noga of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH" } ] } diff --git a/2024/47xxx/CVE-2024-47140.json b/2024/47xxx/CVE-2024-47140.json index ded89126f3a..fd118feb99c 100644 --- a/2024/47xxx/CVE-2024-47140.json +++ b/2024/47xxx/CVE-2024-47140.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47140", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Observium", + "product": { + "product_data": [ + { + "product_name": "Observium", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "CE 24.4.13528" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2090", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2090" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Discovered by Marcin 'Icewall' Noga of Cisco Talos." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH" } ] } diff --git a/2025/23xxx/CVE-2025-23396.json b/2025/23xxx/CVE-2025-23396.json new file mode 100644 index 00000000000..7bd420667d7 --- /dev/null +++ b/2025/23xxx/CVE-2025-23396.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23396", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23397.json b/2025/23xxx/CVE-2025-23397.json new file mode 100644 index 00000000000..08134c034db --- /dev/null +++ b/2025/23xxx/CVE-2025-23397.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23397", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23398.json b/2025/23xxx/CVE-2025-23398.json new file mode 100644 index 00000000000..2759bb7d671 --- /dev/null +++ b/2025/23xxx/CVE-2025-23398.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23398", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23399.json b/2025/23xxx/CVE-2025-23399.json new file mode 100644 index 00000000000..9f33cb27d82 --- /dev/null +++ b/2025/23xxx/CVE-2025-23399.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23399", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23400.json b/2025/23xxx/CVE-2025-23400.json new file mode 100644 index 00000000000..52b9944e8fb --- /dev/null +++ b/2025/23xxx/CVE-2025-23400.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23400", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23401.json b/2025/23xxx/CVE-2025-23401.json new file mode 100644 index 00000000000..ff534e6c0c5 --- /dev/null +++ b/2025/23xxx/CVE-2025-23401.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23401", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23402.json b/2025/23xxx/CVE-2025-23402.json new file mode 100644 index 00000000000..7ee494e7a7c --- /dev/null +++ b/2025/23xxx/CVE-2025-23402.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-23402", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file