admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-26 18:06:28 +00:00
parent da6c8636cb
commit dcdad8884e
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
99 changed files with 19989 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
2022/4xxx/CVE-2022-4541.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4541",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the nm_vistior page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nitinmaurya12",
"product": {
"product_data": [
{
"product_name": "WordPress Visitors",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa15c0a4-c99d-40c9-a654-f3a910460502?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa15c0a4-c99d-40c9-a654-f3a910460502?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/nm-visitors/trunk/nm-visitors.php#L105",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/nm-visitors/trunk/nm-visitors.php#L105"
},
{
"url": "https://plugins.trac.wordpress.org/browser/nm-visitors/trunk/nm-visitors.php#L63",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/nm-visitors/trunk/nm-visitors.php#L63"
}
]
},
"credits": [
{
"lang": "en",
"value": "Mohammadreza Rashidi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
]
}

76
2023/25xxx/CVE-2023-25189.json
View File

@ -1,18 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25189",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-25189",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care service personnel via SSH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25189/",
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25189/"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:L/I:L/PR:L/S:U/UI:R",
"version": "3.1"
}
}
}

2
2023/29xxx/CVE-2023-29485.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module."
"value": "** DISPUTED ** An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. NOTE: Heimdal disputes the validity of this issue arguing that their DNS Security for Endpoint filters DNS traffic on the endpoint by intercepting system-generated DNS requests. The product was not designed to intercept DNS requests from third-party solutions."
}
]
},

6
2023/2xxx/CVE-2023-2683.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nA memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.\n\n"
"value": "A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
"value": "CWE-401 Missing Release of Memory after Effective Lifetime",
"cweId": "CWE-401"
}
]
}

11
2023/3xxx/CVE-2023-3487.json
View File

@ -11,21 +11,12 @@
"description_data": [
{
"lang": "eng",
"value": "\nAn integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.\n\n"
"value": "An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
},
{
"description": [
{

6
2023/41xxx/CVE-2023-41095.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.\nThis issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.\n\n"
"value": "Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.\nThis issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data",
"cweId": "CWE-311"
"value": "CWE-312 Cleartext Storage of Sensitive Information",
"cweId": "CWE-312"
}
]
}

6
2023/41xxx/CVE-2023-41096.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules)\n allows potential modification or extraction of network credentials stored in flash.\n\n\nThis issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.\n\n"
"value": "Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules)\n allows potential modification or extraction of network credentials stored in flash.\n\n\nThis issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data",
"cweId": "CWE-311"
"value": "CWE-312 Cleartext Storage of Sensitive Information",
"cweId": "CWE-312"
}
]
}

6
2023/41xxx/CVE-2023-41097.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.\n\n"
"value": "An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0."
}
]
},
@ -30,8 +30,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-385 Covert Timing Channel",
"cweId": "CWE-385"
"value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"cweId": "CWE-327"
}
]
}

6
2023/4xxx/CVE-2023-4041.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects \"Standalone\" and \"Application\" versions of Gecko Bootloader.\n\n"
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects \"Standalone\" and \"Application\" versions of Gecko Bootloader."
}
]
},
@ -39,8 +39,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check",
"cweId": "CWE-494"
"value": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"cweId": "CWE-913"
}
]
}

62
2023/51xxx/CVE-2023-51157.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-51157",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-51157",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://infosecwriteups.com/xss-store-in-zkteco-welcome-to-wdms-3d5c8e1113f0",
"url": "https://infosecwriteups.com/xss-store-in-zkteco-welcome-to-wdms-3d5c8e1113f0"
}
]
}

11
2023/51xxx/CVE-2023-51393.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nDue to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network."
"value": "Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network."
}
]
},
@ -25,15 +25,6 @@
"cweId": "CWE-770"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},

10
2023/51xxx/CVE-2023-51395.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nThe vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.\n\n"
"value": "The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
},
@ -30,8 +30,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}

425
2024/20xxx/CVE-2024-20350.json
View File

@ -1,17 +1,434 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20350",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance.\r\n\r\nThis vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections, which could allow the attacker to intercept traffic between SSH clients and a Cisco Catalyst Center appliance. A successful exploit could allow the attacker to impersonate the affected appliance, inject commands into the terminal session, and steal valid user credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Digital Network Architecture Center (DNA Center)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4.0.0"
},
{
"version_affected": "=",
"version_value": "2.1.1.0"
},
{
"version_affected": "=",
"version_value": "2.1.1.3"
},
{
"version_affected": "=",
"version_value": "2.1.2.0"
},
{
"version_affected": "=",
"version_value": "2.1.2.3"
},
{
"version_affected": "=",
"version_value": "2.1.2.4"
},
{
"version_affected": "=",
"version_value": "2.1.2.5"
},
{
"version_affected": "=",
"version_value": "2.2.1.0"
},
{
"version_affected": "=",
"version_value": "2.1.2.6"
},
{
"version_affected": "=",
"version_value": "2.2.2.0"
},
{
"version_affected": "=",
"version_value": "2.2.2.1"
},
{
"version_affected": "=",
"version_value": "2.2.2.3"
},
{
"version_affected": "=",
"version_value": "2.1.2.7"
},
{
"version_affected": "=",
"version_value": "2.2.1.3"
},
{
"version_affected": "=",
"version_value": "2.2.3.0"
},
{
"version_affected": "=",
"version_value": "2.2.2.4"
},
{
"version_affected": "=",
"version_value": "2.2.2.5"
},
{
"version_affected": "=",
"version_value": "2.2.3.3"
},
{
"version_affected": "=",
"version_value": "2.2.2.7"
},
{
"version_affected": "=",
"version_value": "2.2.2.6"
},
{
"version_affected": "=",
"version_value": "2.2.2.8"
},
{
"version_affected": "=",
"version_value": "2.2.3.4"
},
{
"version_affected": "=",
"version_value": "2.1.2.8"
},
{
"version_affected": "=",
"version_value": "2.3.2.1"
},
{
"version_affected": "=",
"version_value": "2.3.2.1-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.2.1-AIRGAP-CA"
},
{
"version_affected": "=",
"version_value": "2.2.3.5"
},
{
"version_affected": "=",
"version_value": "2.3.3.0"
},
{
"version_affected": "=",
"version_value": "2.3.3.3"
},
{
"version_affected": "=",
"version_value": "2.3.3.1-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.3.1"
},
{
"version_affected": "=",
"version_value": "2.3.2.3"
},
{
"version_affected": "=",
"version_value": "2.3.3.3-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.2.3.6"
},
{
"version_affected": "=",
"version_value": "2.2.2.9"
},
{
"version_affected": "=",
"version_value": "2.3.3.0-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.3.3-AIRGAP-CA"
},
{
"version_affected": "=",
"version_value": "2.3.3.4"
},
{
"version_affected": "=",
"version_value": "2.3.3.4-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.3.4-AIRGAP-MDNAC"
},
{
"version_affected": "=",
"version_value": "2.3.3.4-HF1"
},
{
"version_affected": "=",
"version_value": "2.3.4.0"
},
{
"version_affected": "=",
"version_value": "2.3.3.5"
},
{
"version_affected": "=",
"version_value": "2.3.3.5-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.4.0-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.4.3"
},
{
"version_affected": "=",
"version_value": "2.3.4.3-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.3.6"
},
{
"version_affected": "=",
"version_value": "2.3.5.0"
},
{
"version_affected": "=",
"version_value": "2.3.3.6-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.5.0-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.3.6-AIRGAP-MDNAC"
},
{
"version_affected": "=",
"version_value": "2.3.5.0-AIRGAP-MDNAC"
},
{
"version_affected": "=",
"version_value": "2.3.3.7"
},
{
"version_affected": "=",
"version_value": "2.3.3.7-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.3.7-AIRGAP-MDNAC"
},
{
"version_affected": "=",
"version_value": "2.3.6.0"
},
{
"version_affected": "=",
"version_value": "2.3.3.6-70045-HF1"
},
{
"version_affected": "=",
"version_value": "2.3.3.7-72328-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.3.7-72323"
},
{
"version_affected": "=",
"version_value": "2.3.3.7-72328-MDNAC"
},
{
"version_affected": "=",
"version_value": "2.3.5.3"
},
{
"version_affected": "=",
"version_value": "2.3.5.3-AIRGAP-MDNAC"
},
{
"version_affected": "=",
"version_value": "2.3.5.3-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.6.0-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.7.0"
},
{
"version_affected": "=",
"version_value": "2.3.7.0-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.7.0-AIRGAP-MDNAC"
},
{
"version_affected": "=",
"version_value": "2.3.7.0-VA"
},
{
"version_affected": "=",
"version_value": "2.3.5.4"
},
{
"version_affected": "=",
"version_value": "2.3.5.4-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.5.4-AIRGAP-MDNAC"
},
{
"version_affected": "=",
"version_value": "2.3.7.3"
},
{
"version_affected": "=",
"version_value": "2.3.7.3-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.7.3-AIRGAP-MDNAC"
},
{
"version_affected": "=",
"version_value": "2.3.5.5-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.5.5"
},
{
"version_affected": "=",
"version_value": "2.3.5.5-AIRGAP-MDNAC"
},
{
"version_affected": "=",
"version_value": "2.3.7.4"
},
{
"version_affected": "=",
"version_value": "2.3.7.4-AIRGAP"
},
{
"version_affected": "=",
"version_value": "2.3.7.4-AIRGAP-MDNAC"
},
{
"version_affected": "=",
"version_value": "1.0.0.0"
},
{
"version_affected": "=",
"version_value": "2.3.5.5-70026-HF70"
},
{
"version_affected": "=",
"version_value": "2.3.5.5-70026-HF51"
},
{
"version_affected": "=",
"version_value": "2.3.5.5-70026-HF52"
},
{
"version_affected": "=",
"version_value": "2.3.5.5-70026-HF53"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ssh-e4uOdASj",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ssh-e4uOdASj"
}
]
},
"source": {
"advisory": "cisco-sa-dnac-ssh-e4uOdASj",
"discovery": "INTERNAL",
"defects": [
"CSCwi40467"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

34
2024/20xxx/CVE-2024-20381.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management interfaces of Cisco Crosswork Network Services Orchestrator (NSO), Cisco Optical Site Manager, and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.\r\n\r\nThis vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system."
"value": "A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.&nbsp;\r\n\r\nThis vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system."
}
]
},
@ -1022,42 +1022,10 @@
"version_affected": "=",
"version_value": "5.7.15.1"
},
{
"version_affected": "=",
"version_value": "6.1.8.1"
},
{
"version_affected": "=",
"version_value": "6.0.13"
},
{
"version_affected": "=",
"version_value": "6.1.9"
},
{
"version_affected": "=",
"version_value": "5.5.10.1"
},
{
"version_affected": "=",
"version_value": "5.6.14.3"
},
{
"version_affected": "=",
"version_value": "5.8.13.1"
},
{
"version_affected": "=",
"version_value": "6.1.10"
},
{
"version_affected": "=",
"version_value": "6.0.14"
},
{
"version_affected": "=",
"version_value": "5.7.16"
},
{
"version_affected": "=",
"version_value": "6.1.11"

1933
2024/20xxx/CVE-2024-20414.json
View File

File diff suppressed because it is too large Load Diff

9824
2024/20xxx/CVE-2024-20433.json
View File

File diff suppressed because it is too large Load Diff

445
2024/20xxx/CVE-2024-20434.json
View File

@ -1,17 +1,454 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20434",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device.\r\n\r This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "16.6.1"
},
{
"version_affected": "=",
"version_value": "16.6.2"
},
{
"version_affected": "=",
"version_value": "16.6.3"
},
{
"version_affected": "=",
"version_value": "16.6.4"
},
{
"version_affected": "=",
"version_value": "16.6.5"
},
{
"version_affected": "=",
"version_value": "16.6.4a"
},
{
"version_affected": "=",
"version_value": "16.6.6"
},
{
"version_affected": "=",
"version_value": "16.6.7"
},
{
"version_affected": "=",
"version_value": "16.6.8"
},
{
"version_affected": "=",
"version_value": "16.6.9"
},
{
"version_affected": "=",
"version_value": "16.6.10"
},
{
"version_affected": "=",
"version_value": "16.7.1"
},
{
"version_affected": "=",
"version_value": "16.8.1"
},
{
"version_affected": "=",
"version_value": "16.8.1a"
},
{
"version_affected": "=",
"version_value": "16.8.1s"
},
{
"version_affected": "=",
"version_value": "16.9.1"
},
{
"version_affected": "=",
"version_value": "16.9.2"
},
{
"version_affected": "=",
"version_value": "16.9.1s"
},
{
"version_affected": "=",
"version_value": "16.9.3"
},
{
"version_affected": "=",
"version_value": "16.9.4"
},
{
"version_affected": "=",
"version_value": "16.9.5"
},
{
"version_affected": "=",
"version_value": "16.9.6"
},
{
"version_affected": "=",
"version_value": "16.9.7"
},
{
"version_affected": "=",
"version_value": "16.9.8"
},
{
"version_affected": "=",
"version_value": "16.10.1"
},
{
"version_affected": "=",
"version_value": "16.10.1s"
},
{
"version_affected": "=",
"version_value": "16.10.1e"
},
{
"version_affected": "=",
"version_value": "16.11.1"
},
{
"version_affected": "=",
"version_value": "16.11.1b"
},
{
"version_affected": "=",
"version_value": "16.11.1s"
},
{
"version_affected": "=",
"version_value": "16.12.1"
},
{
"version_affected": "=",
"version_value": "16.12.1s"
},
{
"version_affected": "=",
"version_value": "16.12.1c"
},
{
"version_affected": "=",
"version_value": "16.12.2"
},
{
"version_affected": "=",
"version_value": "16.12.3"
},
{
"version_affected": "=",
"version_value": "16.12.8"
},
{
"version_affected": "=",
"version_value": "16.12.2s"
},
{
"version_affected": "=",
"version_value": "16.12.4"
},
{
"version_affected": "=",
"version_value": "16.12.3s"
},
{
"version_affected": "=",
"version_value": "16.12.3a"
},
{
"version_affected": "=",
"version_value": "16.12.4a"
},
{
"version_affected": "=",
"version_value": "16.12.5"
},
{
"version_affected": "=",
"version_value": "16.12.6"
},
{
"version_affected": "=",
"version_value": "16.12.5b"
},
{
"version_affected": "=",
"version_value": "16.12.6a"
},
{
"version_affected": "=",
"version_value": "16.12.7"
},
{
"version_affected": "=",
"version_value": "17.1.1"
},
{
"version_affected": "=",
"version_value": "17.1.1s"
},
{
"version_affected": "=",
"version_value": "17.1.1t"
},
{
"version_affected": "=",
"version_value": "17.1.3"
},
{
"version_affected": "=",
"version_value": "17.2.1"
},
{
"version_affected": "=",
"version_value": "17.2.1a"
},
{
"version_affected": "=",
"version_value": "17.3.1"
},
{
"version_affected": "=",
"version_value": "17.3.2"
},
{
"version_affected": "=",
"version_value": "17.3.3"
},
{
"version_affected": "=",
"version_value": "17.3.2a"
},
{
"version_affected": "=",
"version_value": "17.3.4"
},
{
"version_affected": "=",
"version_value": "17.3.5"
},
{
"version_affected": "=",
"version_value": "17.3.6"
},
{
"version_affected": "=",
"version_value": "17.3.4b"
},
{
"version_affected": "=",
"version_value": "17.3.7"
},
{
"version_affected": "=",
"version_value": "17.3.8"
},
{
"version_affected": "=",
"version_value": "17.3.8a"
},
{
"version_affected": "=",
"version_value": "17.4.1"
},
{
"version_affected": "=",
"version_value": "17.5.1"
},
{
"version_affected": "=",
"version_value": "17.6.1"
},
{
"version_affected": "=",
"version_value": "17.6.2"
},
{
"version_affected": "=",
"version_value": "17.6.3"
},
{
"version_affected": "=",
"version_value": "17.6.4"
},
{
"version_affected": "=",
"version_value": "17.6.5"
},
{
"version_affected": "=",
"version_value": "17.6.6"
},
{
"version_affected": "=",
"version_value": "17.6.6a"
},
{
"version_affected": "=",
"version_value": "17.6.5a"
},
{
"version_affected": "=",
"version_value": "17.6.7"
},
{
"version_affected": "=",
"version_value": "17.7.1"
},
{
"version_affected": "=",
"version_value": "17.10.1"
},
{
"version_affected": "=",
"version_value": "17.10.1b"
},
{
"version_affected": "=",
"version_value": "17.8.1"
},
{
"version_affected": "=",
"version_value": "17.9.1"
},
{
"version_affected": "=",
"version_value": "17.9.2"
},
{
"version_affected": "=",
"version_value": "17.9.3"
},
{
"version_affected": "=",
"version_value": "17.9.4"
},
{
"version_affected": "=",
"version_value": "17.9.5"
},
{
"version_affected": "=",
"version_value": "17.9.4a"
},
{
"version_affected": "=",
"version_value": "17.11.1"
},
{
"version_affected": "=",
"version_value": "17.12.1"
},
{
"version_affected": "=",
"version_value": "17.12.2"
},
{
"version_affected": "=",
"version_value": "17.12.3"
},
{
"version_affected": "=",
"version_value": "17.13.1"
},
{
"version_affected": "=",
"version_value": "17.14.1"
},
{
"version_affected": "=",
"version_value": "17.11.99SW"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vlan-dos-27Pur5RT",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vlan-dos-27Pur5RT"
}
]
},
"source": {
"advisory": "cisco-sa-vlan-dos-27Pur5RT",
"discovery": "EXTERNAL",
"defects": [
"CSCwi34160"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
}
]
}

885
2024/20xxx/CVE-2024-20436.json
View File

@ -1,17 +1,894 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20436",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to a null pointer dereference when accessing specific URLs. An attacker could exploit this vulnerability by sending crafted HTTP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a DoS condition on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.9.1S"
},
{
"version_affected": "=",
"version_value": "3.9.2S"
},
{
"version_affected": "=",
"version_value": "3.9.0aS"
},
{
"version_affected": "=",
"version_value": "3.10.0S"
},
{
"version_affected": "=",
"version_value": "3.10.1S"
},
{
"version_affected": "=",
"version_value": "3.10.2S"
},
{
"version_affected": "=",
"version_value": "3.10.3S"
},
{
"version_affected": "=",
"version_value": "3.10.4S"
},
{
"version_affected": "=",
"version_value": "3.10.5S"
},
{
"version_affected": "=",
"version_value": "3.10.6S"
},
{
"version_affected": "=",
"version_value": "3.10.2tS"
},
{
"version_affected": "=",
"version_value": "3.10.7S"
},
{
"version_affected": "=",
"version_value": "3.10.8S"
},
{
"version_affected": "=",
"version_value": "3.10.8aS"
},
{
"version_affected": "=",
"version_value": "3.10.9S"
},
{
"version_affected": "=",
"version_value": "3.10.10S"
},
{
"version_affected": "=",
"version_value": "3.11.1S"
},
{
"version_affected": "=",
"version_value": "3.11.2S"
},
{
"version_affected": "=",
"version_value": "3.11.0S"
},
{
"version_affected": "=",
"version_value": "3.11.3S"
},
{
"version_affected": "=",
"version_value": "3.11.4S"
},
{
"version_affected": "=",
"version_value": "3.12.0S"
},
{
"version_affected": "=",
"version_value": "3.12.1S"
},
{
"version_affected": "=",
"version_value": "3.12.2S"
},
{
"version_affected": "=",
"version_value": "3.12.3S"
},
{
"version_affected": "=",
"version_value": "3.12.4S"
},
{
"version_affected": "=",
"version_value": "3.13.0S"
},
{
"version_affected": "=",
"version_value": "3.13.1S"
},
{
"version_affected": "=",
"version_value": "3.13.2S"
},
{
"version_affected": "=",
"version_value": "3.13.3S"
},
{
"version_affected": "=",
"version_value": "3.13.4S"
},
{
"version_affected": "=",
"version_value": "3.13.5S"
},
{
"version_affected": "=",
"version_value": "3.13.6S"
},
{
"version_affected": "=",
"version_value": "3.13.7S"
},
{
"version_affected": "=",
"version_value": "3.13.6aS"
},
{
"version_affected": "=",
"version_value": "3.13.8S"
},
{
"version_affected": "=",
"version_value": "3.13.9S"
},
{
"version_affected": "=",
"version_value": "3.13.10S"
},
{
"version_affected": "=",
"version_value": "3.14.0S"
},
{
"version_affected": "=",
"version_value": "3.14.1S"
},
{
"version_affected": "=",
"version_value": "3.14.2S"
},
{
"version_affected": "=",
"version_value": "3.14.3S"
},
{
"version_affected": "=",
"version_value": "3.14.4S"
},
{
"version_affected": "=",
"version_value": "3.15.0S"
},
{
"version_affected": "=",
"version_value": "3.15.1S"
},
{
"version_affected": "=",
"version_value": "3.15.2S"
},
{
"version_affected": "=",
"version_value": "3.15.1cS"
},
{
"version_affected": "=",
"version_value": "3.15.3S"
},
{
"version_affected": "=",
"version_value": "3.15.4S"
},
{
"version_affected": "=",
"version_value": "3.16.0S"
},
{
"version_affected": "=",
"version_value": "3.16.1aS"
},
{
"version_affected": "=",
"version_value": "3.16.2S"
},
{
"version_affected": "=",
"version_value": "3.16.0cS"
},
{
"version_affected": "=",
"version_value": "3.16.3S"
},
{
"version_affected": "=",
"version_value": "3.16.4aS"
},
{
"version_affected": "=",
"version_value": "3.16.4bS"
},
{
"version_affected": "=",
"version_value": "3.16.5S"
},
{
"version_affected": "=",
"version_value": "3.16.4dS"
},
{
"version_affected": "=",
"version_value": "3.16.6S"
},
{
"version_affected": "=",
"version_value": "3.16.7S"
},
{
"version_affected": "=",
"version_value": "3.16.6bS"
},
{
"version_affected": "=",
"version_value": "3.16.7aS"
},
{
"version_affected": "=",
"version_value": "3.16.7bS"
},
{
"version_affected": "=",
"version_value": "3.16.8S"
},
{
"version_affected": "=",
"version_value": "3.16.9S"
},
{
"version_affected": "=",
"version_value": "3.16.10S"
},
{
"version_affected": "=",
"version_value": "3.17.0S"
},
{
"version_affected": "=",
"version_value": "3.17.1S"
},
{
"version_affected": "=",
"version_value": "3.17.2S"
},
{
"version_affected": "=",
"version_value": "3.17.3S"
},
{
"version_affected": "=",
"version_value": "3.17.4S"
},
{
"version_affected": "=",
"version_value": "16.2.1"
},
{
"version_affected": "=",
"version_value": "16.2.2"
},
{
"version_affected": "=",
"version_value": "16.3.1"
},
{
"version_affected": "=",
"version_value": "16.3.2"
},
{
"version_affected": "=",
"version_value": "16.3.3"
},
{
"version_affected": "=",
"version_value": "16.3.1a"
},
{
"version_affected": "=",
"version_value": "16.3.4"
},
{
"version_affected": "=",
"version_value": "16.3.5"
},
{
"version_affected": "=",
"version_value": "16.3.6"
},
{
"version_affected": "=",
"version_value": "16.3.7"
},
{
"version_affected": "=",
"version_value": "16.3.8"
},
{
"version_affected": "=",
"version_value": "16.3.9"
},
{
"version_affected": "=",
"version_value": "16.3.10"
},
{
"version_affected": "=",
"version_value": "16.3.11"
},
{
"version_affected": "=",
"version_value": "16.4.1"
},
{
"version_affected": "=",
"version_value": "16.4.2"
},
{
"version_affected": "=",
"version_value": "16.4.3"
},
{
"version_affected": "=",
"version_value": "16.5.1"
},
{
"version_affected": "=",
"version_value": "16.5.1b"
},
{
"version_affected": "=",
"version_value": "16.5.2"
},
{
"version_affected": "=",
"version_value": "16.5.3"
},
{
"version_affected": "=",
"version_value": "3.18.2aSP"
},
{
"version_affected": "=",
"version_value": "16.6.1"
},
{
"version_affected": "=",
"version_value": "16.6.2"
},
{
"version_affected": "=",
"version_value": "16.6.3"
},
{
"version_affected": "=",
"version_value": "16.6.4"
},
{
"version_affected": "=",
"version_value": "16.6.5"
},
{
"version_affected": "=",
"version_value": "16.6.6"
},
{
"version_affected": "=",
"version_value": "16.6.7"
},
{
"version_affected": "=",
"version_value": "16.6.8"
},
{
"version_affected": "=",
"version_value": "16.6.9"
},
{
"version_affected": "=",
"version_value": "16.6.10"
},
{
"version_affected": "=",
"version_value": "16.7.1"
},
{
"version_affected": "=",
"version_value": "16.7.2"
},
{
"version_affected": "=",
"version_value": "16.7.3"
},
{
"version_affected": "=",
"version_value": "16.8.1"
},
{
"version_affected": "=",
"version_value": "16.8.1s"
},
{
"version_affected": "=",
"version_value": "16.8.2"
},
{
"version_affected": "=",
"version_value": "16.8.3"
},
{
"version_affected": "=",
"version_value": "16.9.1"
},
{
"version_affected": "=",
"version_value": "16.9.2"
},
{
"version_affected": "=",
"version_value": "16.9.1s"
},
{
"version_affected": "=",
"version_value": "16.9.3"
},
{
"version_affected": "=",
"version_value": "16.9.4"
},
{
"version_affected": "=",
"version_value": "16.9.5"
},
{
"version_affected": "=",
"version_value": "16.9.6"
},
{
"version_affected": "=",
"version_value": "16.9.7"
},
{
"version_affected": "=",
"version_value": "16.9.8"
},
{
"version_affected": "=",
"version_value": "16.10.1"
},
{
"version_affected": "=",
"version_value": "16.10.1a"
},
{
"version_affected": "=",
"version_value": "16.10.1b"
},
{
"version_affected": "=",
"version_value": "16.10.1s"
},
{
"version_affected": "=",
"version_value": "16.10.1e"
},
{
"version_affected": "=",
"version_value": "16.10.2"
},
{
"version_affected": "=",
"version_value": "16.10.3"
},
{
"version_affected": "=",
"version_value": "16.11.1"
},
{
"version_affected": "=",
"version_value": "16.11.1a"
},
{
"version_affected": "=",
"version_value": "16.11.1b"
},
{
"version_affected": "=",
"version_value": "16.11.2"
},
{
"version_affected": "=",
"version_value": "16.11.1s"
},
{
"version_affected": "=",
"version_value": "16.12.1"
},
{
"version_affected": "=",
"version_value": "16.12.1s"
},
{
"version_affected": "=",
"version_value": "16.12.1a"
},
{
"version_affected": "=",
"version_value": "16.12.1c"
},
{
"version_affected": "=",
"version_value": "16.12.2"
},
{
"version_affected": "=",
"version_value": "16.12.3"
},
{
"version_affected": "=",
"version_value": "16.12.8"
},
{
"version_affected": "=",
"version_value": "16.12.2s"
},
{
"version_affected": "=",
"version_value": "16.12.4"
},
{
"version_affected": "=",
"version_value": "16.12.3s"
},
{
"version_affected": "=",
"version_value": "16.12.4a"
},
{
"version_affected": "=",
"version_value": "16.12.5"
},
{
"version_affected": "=",
"version_value": "16.12.6"
},
{
"version_affected": "=",
"version_value": "16.12.7"
},
{
"version_affected": "=",
"version_value": "17.1.1"
},
{
"version_affected": "=",
"version_value": "17.1.1s"
},
{
"version_affected": "=",
"version_value": "17.1.1t"
},
{
"version_affected": "=",
"version_value": "17.1.3"
},
{
"version_affected": "=",
"version_value": "17.2.1"
},
{
"version_affected": "=",
"version_value": "17.2.1r"
},
{
"version_affected": "=",
"version_value": "17.2.1v"
},
{
"version_affected": "=",
"version_value": "17.2.2"
},
{
"version_affected": "=",
"version_value": "17.2.3"
},
{
"version_affected": "=",
"version_value": "17.3.1"
},
{
"version_affected": "=",
"version_value": "17.3.2"
},
{
"version_affected": "=",
"version_value": "17.3.3"
},
{
"version_affected": "=",
"version_value": "17.3.1a"
},
{
"version_affected": "=",
"version_value": "17.3.4"
},
{
"version_affected": "=",
"version_value": "17.3.5"
},
{
"version_affected": "=",
"version_value": "17.3.4a"
},
{
"version_affected": "=",
"version_value": "17.3.6"
},
{
"version_affected": "=",
"version_value": "17.3.7"
},
{
"version_affected": "=",
"version_value": "17.3.8"
},
{
"version_affected": "=",
"version_value": "17.3.8a"
},
{
"version_affected": "=",
"version_value": "17.4.1"
},
{
"version_affected": "=",
"version_value": "17.4.2"
},
{
"version_affected": "=",
"version_value": "17.4.1a"
},
{
"version_affected": "=",
"version_value": "17.4.1b"
},
{
"version_affected": "=",
"version_value": "17.5.1"
},
{
"version_affected": "=",
"version_value": "17.5.1a"
},
{
"version_affected": "=",
"version_value": "17.6.1"
},
{
"version_affected": "=",
"version_value": "17.6.2"
},
{
"version_affected": "=",
"version_value": "17.6.1a"
},
{
"version_affected": "=",
"version_value": "17.6.3"
},
{
"version_affected": "=",
"version_value": "17.6.3a"
},
{
"version_affected": "=",
"version_value": "17.6.4"
},
{
"version_affected": "=",
"version_value": "17.6.5"
},
{
"version_affected": "=",
"version_value": "17.6.6"
},
{
"version_affected": "=",
"version_value": "17.6.6a"
},
{
"version_affected": "=",
"version_value": "17.6.5a"
},
{
"version_affected": "=",
"version_value": "17.7.1"
},
{
"version_affected": "=",
"version_value": "17.7.1a"
},
{
"version_affected": "=",
"version_value": "17.7.2"
},
{
"version_affected": "=",
"version_value": "17.10.1"
},
{
"version_affected": "=",
"version_value": "17.10.1a"
},
{
"version_affected": "=",
"version_value": "17.10.1b"
},
{
"version_affected": "=",
"version_value": "17.8.1"
},
{
"version_affected": "=",
"version_value": "17.8.1a"
},
{
"version_affected": "=",
"version_value": "17.9.1"
},
{
"version_affected": "=",
"version_value": "17.9.2"
},
{
"version_affected": "=",
"version_value": "17.9.1a"
},
{
"version_affected": "=",
"version_value": "17.9.3"
},
{
"version_affected": "=",
"version_value": "17.9.2a"
},
{
"version_affected": "=",
"version_value": "17.9.3a"
},
{
"version_affected": "=",
"version_value": "17.9.4"
},
{
"version_affected": "=",
"version_value": "17.9.4a"
},
{
"version_affected": "=",
"version_value": "17.11.1"
},
{
"version_affected": "=",
"version_value": "17.11.1a"
},
{
"version_affected": "=",
"version_value": "17.12.1"
},
{
"version_affected": "=",
"version_value": "17.12.1a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-httpsrvr-dos-yOZThut",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-httpsrvr-dos-yOZThut"
}
]
},
"source": {
"advisory": "cisco-sa-httpsrvr-dos-yOZThut",
"discovery": "INTERNAL",
"defects": [
"CSCwh94964"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

345
2024/20xxx/CVE-2024-20437.json
View File

@ -1,17 +1,354 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20437",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "17.3.2"
},
{
"version_affected": "=",
"version_value": "17.3.3"
},
{
"version_affected": "=",
"version_value": "17.3.2a"
},
{
"version_affected": "=",
"version_value": "17.3.4"
},
{
"version_affected": "=",
"version_value": "17.3.5"
},
{
"version_affected": "=",
"version_value": "17.3.4a"
},
{
"version_affected": "=",
"version_value": "17.3.6"
},
{
"version_affected": "=",
"version_value": "17.3.4b"
},
{
"version_affected": "=",
"version_value": "17.3.4c"
},
{
"version_affected": "=",
"version_value": "17.3.5a"
},
{
"version_affected": "=",
"version_value": "17.3.5b"
},
{
"version_affected": "=",
"version_value": "17.3.7"
},
{
"version_affected": "=",
"version_value": "17.3.8"
},
{
"version_affected": "=",
"version_value": "17.3.8a"
},
{
"version_affected": "=",
"version_value": "17.4.1"
},
{
"version_affected": "=",
"version_value": "17.4.2"
},
{
"version_affected": "=",
"version_value": "17.4.1a"
},
{
"version_affected": "=",
"version_value": "17.4.1b"
},
{
"version_affected": "=",
"version_value": "17.4.2a"
},
{
"version_affected": "=",
"version_value": "17.5.1"
},
{
"version_affected": "=",
"version_value": "17.5.1a"
},
{
"version_affected": "=",
"version_value": "17.6.1"
},
{
"version_affected": "=",
"version_value": "17.6.2"
},
{
"version_affected": "=",
"version_value": "17.6.1w"
},
{
"version_affected": "=",
"version_value": "17.6.1a"
},
{
"version_affected": "=",
"version_value": "17.6.1x"
},
{
"version_affected": "=",
"version_value": "17.6.3"
},
{
"version_affected": "=",
"version_value": "17.6.1y"
},
{
"version_affected": "=",
"version_value": "17.6.1z"
},
{
"version_affected": "=",
"version_value": "17.6.3a"
},
{
"version_affected": "=",
"version_value": "17.6.4"
},
{
"version_affected": "=",
"version_value": "17.6.1z1"
},
{
"version_affected": "=",
"version_value": "17.6.5"
},
{
"version_affected": "=",
"version_value": "17.6.6"
},
{
"version_affected": "=",
"version_value": "17.6.6a"
},
{
"version_affected": "=",
"version_value": "17.6.5a"
},
{
"version_affected": "=",
"version_value": "17.7.1"
},
{
"version_affected": "=",
"version_value": "17.7.1a"
},
{
"version_affected": "=",
"version_value": "17.7.1b"
},
{
"version_affected": "=",
"version_value": "17.7.2"
},
{
"version_affected": "=",
"version_value": "17.10.1"
},
{
"version_affected": "=",
"version_value": "17.10.1a"
},
{
"version_affected": "=",
"version_value": "17.10.1b"
},
{
"version_affected": "=",
"version_value": "17.8.1"
},
{
"version_affected": "=",
"version_value": "17.8.1a"
},
{
"version_affected": "=",
"version_value": "17.9.1"
},
{
"version_affected": "=",
"version_value": "17.9.1w"
},
{
"version_affected": "=",
"version_value": "17.9.2"
},
{
"version_affected": "=",
"version_value": "17.9.1a"
},
{
"version_affected": "=",
"version_value": "17.9.1x"
},
{
"version_affected": "=",
"version_value": "17.9.1y"
},
{
"version_affected": "=",
"version_value": "17.9.3"
},
{
"version_affected": "=",
"version_value": "17.9.2a"
},
{
"version_affected": "=",
"version_value": "17.9.1x1"
},
{
"version_affected": "=",
"version_value": "17.9.3a"
},
{
"version_affected": "=",
"version_value": "17.9.4"
},
{
"version_affected": "=",
"version_value": "17.9.1y1"
},
{
"version_affected": "=",
"version_value": "17.9.4a"
},
{
"version_affected": "=",
"version_value": "17.11.1"
},
{
"version_affected": "=",
"version_value": "17.11.1a"
},
{
"version_affected": "=",
"version_value": "17.12.1"
},
{
"version_affected": "=",
"version_value": "17.12.1w"
},
{
"version_affected": "=",
"version_value": "17.12.1a"
},
{
"version_affected": "=",
"version_value": "17.12.1x"
},
{
"version_affected": "=",
"version_value": "17.12.1y"
},
{
"version_affected": "=",
"version_value": "17.11.99SW"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-csrf-ycUYxkKO",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-csrf-ycUYxkKO"
}
]
},
"source": {
"advisory": "cisco-sa-webui-csrf-ycUYxkKO",
"discovery": "INTERNAL",
"defects": [
"CSCwh96411"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

492
2024/20xxx/CVE-2024-20455.json
View File

@ -1,17 +1,501 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20455",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability exists because UTD improperly handles certain packets as those packets egress an SD-WAN IPsec tunnel. An attacker could exploit this vulnerability by sending crafted traffic through an SD-WAN IPsec tunnel that is configured on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.\r\n\r Note: SD-WAN tunnels that are configured with Generic Routing Encapsulation (GRE) are not affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "State Issues",
"cweId": "CWE-371"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "17.1.1"
},
{
"version_affected": "=",
"version_value": "17.1.1a"
},
{
"version_affected": "=",
"version_value": "17.1.1s"
},
{
"version_affected": "=",
"version_value": "17.1.1t"
},
{
"version_affected": "=",
"version_value": "17.1.3"
},
{
"version_affected": "=",
"version_value": "17.2.1"
},
{
"version_affected": "=",
"version_value": "17.2.1r"
},
{
"version_affected": "=",
"version_value": "17.2.1a"
},
{
"version_affected": "=",
"version_value": "17.2.1v"
},
{
"version_affected": "=",
"version_value": "17.2.2"
},
{
"version_affected": "=",
"version_value": "17.2.3"
},
{
"version_affected": "=",
"version_value": "17.3.1"
},
{
"version_affected": "=",
"version_value": "17.3.2"
},
{
"version_affected": "=",
"version_value": "17.3.3"
},
{
"version_affected": "=",
"version_value": "17.3.1a"
},
{
"version_affected": "=",
"version_value": "17.3.1w"
},
{
"version_affected": "=",
"version_value": "17.3.2a"
},
{
"version_affected": "=",
"version_value": "17.3.1x"
},
{
"version_affected": "=",
"version_value": "17.3.1z"
},
{
"version_affected": "=",
"version_value": "17.3.4"
},
{
"version_affected": "=",
"version_value": "17.3.5"
},
{
"version_affected": "=",
"version_value": "17.3.4a"
},
{
"version_affected": "=",
"version_value": "17.3.6"
},
{
"version_affected": "=",
"version_value": "17.3.4b"
},
{
"version_affected": "=",
"version_value": "17.3.4c"
},
{
"version_affected": "=",
"version_value": "17.3.5a"
},
{
"version_affected": "=",
"version_value": "17.3.5b"
},
{
"version_affected": "=",
"version_value": "17.3.7"
},
{
"version_affected": "=",
"version_value": "17.3.8"
},
{
"version_affected": "=",
"version_value": "17.3.8a"
},
{
"version_affected": "=",
"version_value": "17.4.1"
},
{
"version_affected": "=",
"version_value": "17.4.2"
},
{
"version_affected": "=",
"version_value": "17.4.1a"
},
{
"version_affected": "=",
"version_value": "17.4.1b"
},
{
"version_affected": "=",
"version_value": "17.4.2a"
},
{
"version_affected": "=",
"version_value": "17.5.1"
},
{
"version_affected": "=",
"version_value": "17.5.1a"
},
{
"version_affected": "=",
"version_value": "17.6.1"
},
{
"version_affected": "=",
"version_value": "17.6.2"
},
{
"version_affected": "=",
"version_value": "17.6.1w"
},
{
"version_affected": "=",
"version_value": "17.6.1a"
},
{
"version_affected": "=",
"version_value": "17.6.1x"
},
{
"version_affected": "=",
"version_value": "17.6.3"
},
{
"version_affected": "=",
"version_value": "17.6.1y"
},
{
"version_affected": "=",
"version_value": "17.6.1z"
},
{
"version_affected": "=",
"version_value": "17.6.3a"
},
{
"version_affected": "=",
"version_value": "17.6.4"
},
{
"version_affected": "=",
"version_value": "17.6.1z1"
},
{
"version_affected": "=",
"version_value": "17.6.5"
},
{
"version_affected": "=",
"version_value": "17.6.6"
},
{
"version_affected": "=",
"version_value": "17.6.6a"
},
{
"version_affected": "=",
"version_value": "17.6.5a"
},
{
"version_affected": "=",
"version_value": "17.7.1"
},
{
"version_affected": "=",
"version_value": "17.7.1a"
},
{
"version_affected": "=",
"version_value": "17.7.1b"
},
{
"version_affected": "=",
"version_value": "17.7.2"
},
{
"version_affected": "=",
"version_value": "17.10.1"
},
{
"version_affected": "=",
"version_value": "17.10.1a"
},
{
"version_affected": "=",
"version_value": "17.10.1b"
},
{
"version_affected": "=",
"version_value": "17.8.1"
},
{
"version_affected": "=",
"version_value": "17.8.1a"
},
{
"version_affected": "=",
"version_value": "17.9.1"
},
{
"version_affected": "=",
"version_value": "17.9.1w"
},
{
"version_affected": "=",
"version_value": "17.9.2"
},
{
"version_affected": "=",
"version_value": "17.9.1a"
},
{
"version_affected": "=",
"version_value": "17.9.1x"
},
{
"version_affected": "=",
"version_value": "17.9.1y"
},
{
"version_affected": "=",
"version_value": "17.9.3"
},
{
"version_affected": "=",
"version_value": "17.9.2a"
},
{
"version_affected": "=",
"version_value": "17.9.1x1"
},
{
"version_affected": "=",
"version_value": "17.9.3a"
},
{
"version_affected": "=",
"version_value": "17.9.4"
},
{
"version_affected": "=",
"version_value": "17.9.1y1"
},
{
"version_affected": "=",
"version_value": "17.9.5"
},
{
"version_affected": "=",
"version_value": "17.9.4a"
},
{
"version_affected": "=",
"version_value": "17.9.5a"
},
{
"version_affected": "=",
"version_value": "17.9.5b"
},
{
"version_affected": "=",
"version_value": "17.11.1"
},
{
"version_affected": "=",
"version_value": "17.11.1a"
},
{
"version_affected": "=",
"version_value": "17.12.1"
},
{
"version_affected": "=",
"version_value": "17.12.1w"
},
{
"version_affected": "=",
"version_value": "17.12.1a"
},
{
"version_affected": "=",
"version_value": "17.12.2"
},
{
"version_affected": "=",
"version_value": "17.12.2a"
},
{
"version_affected": "=",
"version_value": "17.13.1"
},
{
"version_affected": "=",
"version_value": "17.13.1a"
},
{
"version_affected": "=",
"version_value": "17.11.99SW"
}
]
}
},
{
"product_name": "Cisco IOS XE Catalyst SD-WAN",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "17.5.1a"
},
{
"version_affected": "=",
"version_value": "17.6.1a"
},
{
"version_affected": "=",
"version_value": "17.6.2"
},
{
"version_affected": "=",
"version_value": "17.6.4"
},
{
"version_affected": "=",
"version_value": "17.7.1a"
},
{
"version_affected": "=",
"version_value": "17.9.1a"
},
{
"version_affected": "=",
"version_value": "17.9.2a"
},
{
"version_affected": "=",
"version_value": "17.9.3a"
},
{
"version_affected": "=",
"version_value": "17.9.4"
},
{
"version_affected": "=",
"version_value": "17.8.1a"
},
{
"version_affected": "=",
"version_value": "17.10.1a"
},
{
"version_affected": "=",
"version_value": "17.11.1a"
},
{
"version_affected": "=",
"version_value": "17.12.1a"
},
{
"version_affected": "=",
"version_value": "17.13.1a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-utd-dos-hDATqxs",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-utd-dos-hDATqxs"
}
]
},
"source": {
"advisory": "cisco-sa-sdwan-utd-dos-hDATqxs",
"discovery": "EXTERNAL",
"defects": [
"CSCwi07137"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

89
2024/20xxx/CVE-2024-20464.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20464",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An attacker could exploit this vulnerability by sending a crafted PIMv2 packet to a PIM-enabled interface on an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.\r\n\r Note: This vulnerability can be exploited with either an IPv4 multicast or unicast packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "17.13.1"
},
{
"version_affected": "=",
"version_value": "17.13.1a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pim-APbVfySJ",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pim-APbVfySJ"
}
]
},
"source": {
"advisory": "cisco-sa-pim-APbVfySJ",
"discovery": "INTERNAL",
"defects": [
"CSCwi53919"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

97
2024/20xxx/CVE-2024-20465.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20465",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to the incorrect handling of IPv4 ACLs on switched virtual interfaces when an administrator enables and disables Resilient Ethernet Protocol (REP). An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "IOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15.2(8)E2"
},
{
"version_affected": "=",
"version_value": "15.2(8)E3"
},
{
"version_affected": "=",
"version_value": "15.2(8)E4"
},
{
"version_affected": "=",
"version_value": "15.2(8)E5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-repacl-9eXgnBpD",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-repacl-9eXgnBpD"
}
]
},
"source": {
"advisory": "cisco-sa-repacl-9eXgnBpD",
"discovery": "INTERNAL",
"defects": [
"CSCwi85609"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

93
2024/20xxx/CVE-2024-20467.json
View File

@ -1,17 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20467",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper management of resources during fragment reassembly. An attacker could exploit this vulnerability by sending specific sizes of fragmented packets to an affected device or through a Virtual Fragmentation Reassembly (VFR)-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.\r\n\r Note: This vulnerability affects Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers if they are running Cisco IOS XE Software Release 17.12.1 or 17.12.1a."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Resource Management Errors",
"cweId": "CWE-399"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "17.12.1"
},
{
"version_affected": "=",
"version_value": "17.12.1a"
},
{
"version_affected": "=",
"version_value": "17.11.99SW"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpp-vfr-dos-nhHKGgO",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpp-vfr-dos-nhHKGgO"
}
]
},
"source": {
"advisory": "cisco-sa-cpp-vfr-dos-nhHKGgO",
"discovery": "INTERNAL",
"defects": [
"CSCwh44152"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

489
2024/20xxx/CVE-2024-20475.json
View File

@ -1,17 +1,498 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20475",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Catalyst SD-WAN Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20.6.1"
},
{
"version_affected": "=",
"version_value": "20.6.1.1"
},
{
"version_affected": "=",
"version_value": "20.6.0.18.3"
},
{
"version_affected": "=",
"version_value": "20.6.0.18.4"
},
{
"version_affected": "=",
"version_value": "20.6.1.0.1"
},
{
"version_affected": "=",
"version_value": "20.6.2"
},
{
"version_affected": "=",
"version_value": "20.7.1EFT2"
},
{
"version_affected": "=",
"version_value": "20.7.1"
},
{
"version_affected": "=",
"version_value": "20.6.2.1"
},
{
"version_affected": "=",
"version_value": "20.6.2.2"
},
{
"version_affected": "=",
"version_value": "20.7.1.1"
},
{
"version_affected": "=",
"version_value": "20.6.2.2.2"
},
{
"version_affected": "=",
"version_value": "20.6.2.2.3"
},
{
"version_affected": "=",
"version_value": "20.6.2.0.4"
},
{
"version_affected": "=",
"version_value": "20.6.2.2.7"
},
{
"version_affected": "=",
"version_value": "20.6.3"
},
{
"version_affected": "=",
"version_value": "20.7.1.0.2"
},
{
"version_affected": "=",
"version_value": "20.8.1"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.7"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.5"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.10"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.2"
},
{
"version_affected": "=",
"version_value": "20.7.2"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.11"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.14"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.19"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.18"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.23"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.25"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.27"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.29"
},
{
"version_affected": "=",
"version_value": "20.10.1"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.33"
},
{
"version_affected": "=",
"version_value": "20.9.1_LI_Images"
},
{
"version_affected": "=",
"version_value": "20.10.1_LI_Images"
},
{
"version_affected": "=",
"version_value": "20.9.3"
},
{
"version_affected": "=",
"version_value": "20.6.5.1"
},
{
"version_affected": "=",
"version_value": "20.11.1"
},
{
"version_affected": "=",
"version_value": "20.11.1_LI_Images"
},
{
"version_affected": "=",
"version_value": "20.9.3_LI_ Images"
},
{
"version_affected": "=",
"version_value": "20.6.3.1.1"
},
{
"version_affected": "=",
"version_value": "20.9.3.0.3"
},
{
"version_affected": "=",
"version_value": "20.6.3.2"
},
{
"version_affected": "=",
"version_value": "20.6.4.1"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.39"
},
{
"version_affected": "=",
"version_value": "20.6.5.2"
},
{
"version_affected": "=",
"version_value": "20.10.1.1"
},
{
"version_affected": "=",
"version_value": "20.6.2.2.4"
},
{
"version_affected": "=",
"version_value": "20.6.1.2"
},
{
"version_affected": "=",
"version_value": "20.11.1.1"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.40"
},
{
"version_affected": "=",
"version_value": "20.9.2.2"
},
{
"version_affected": "=",
"version_value": "20.6.5.2.3"
},
{
"version_affected": "=",
"version_value": "20.6.5.1.5"
},
{
"version_affected": "=",
"version_value": "20.9.3.0.4"
},
{
"version_affected": "=",
"version_value": "20.6.4.0.19"
},
{
"version_affected": "=",
"version_value": "20.6.3.3"
},
{
"version_affected": "=",
"version_value": "20.6.5.4"
},
{
"version_affected": "=",
"version_value": "20.6.5.1.7"
},
{
"version_affected": "=",
"version_value": "20.9.3.0.12"
},
{
"version_affected": "=",
"version_value": "20.11.1.2"
},
{
"version_affected": "=",
"version_value": "20.6.3.4"
},
{
"version_affected": "=",
"version_value": "20.10.1.2"
},
{
"version_affected": "=",
"version_value": "20.6.5.1.10"
},
{
"version_affected": "=",
"version_value": "20.6.5.2.4"
},
{
"version_affected": "=",
"version_value": "20.9.3.0.18"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.47"
},
{
"version_affected": "=",
"version_value": "20.9.2.3"
},
{
"version_affected": "=",
"version_value": "20.9.3.0.21"
},
{
"version_affected": "=",
"version_value": "20.9.4_LI_Images"
},
{
"version_affected": "=",
"version_value": "20.9.4"
},
{
"version_affected": "=",
"version_value": "20.6.5.1.11"
},
{
"version_affected": "=",
"version_value": "20.12.1"
},
{
"version_affected": "=",
"version_value": "20.12.1_LI_Images"
},
{
"version_affected": "=",
"version_value": "20.9.3.0.23"
},
{
"version_affected": "=",
"version_value": "20.9.4.1"
},
{
"version_affected": "=",
"version_value": "20.9.4.1_LI_Images"
},
{
"version_affected": "=",
"version_value": "20.9.3.0.25"
},
{
"version_affected": "=",
"version_value": "20.9.3.0.24"
},
{
"version_affected": "=",
"version_value": "20.6.5.1.14"
},
{
"version_affected": "=",
"version_value": "20.9.3.0.26"
},
{
"version_affected": "=",
"version_value": "20.6.3.0.51"
},
{
"version_affected": "=",
"version_value": "20.12.2"
},
{
"version_affected": "=",
"version_value": "20.12.2_LI_Images"
},
{
"version_affected": "=",
"version_value": "20.6.6.0.1"
},
{
"version_affected": "=",
"version_value": "20.13.1_LI_Images"
},
{
"version_affected": "=",
"version_value": "20.9.4.0.4"
},
{
"version_affected": "=",
"version_value": "20.13.1"
},
{
"version_affected": "=",
"version_value": "20.9.4.1.1"
},
{
"version_affected": "=",
"version_value": "20.9.5"
},
{
"version_affected": "=",
"version_value": "20.9.5_LI_Images"
},
{
"version_affected": "=",
"version_value": "20.12.3_LI_Images"
},
{
"version_affected": "=",
"version_value": "20.12.3"
},
{
"version_affected": "=",
"version_value": "20.9.4.1.3"
},
{
"version_affected": "=",
"version_value": "20.6.7"
},
{
"version_affected": "=",
"version_value": "20.9.5.1"
},
{
"version_affected": "=",
"version_value": "20.9.5.1_LI_Images"
},
{
"version_affected": "=",
"version_value": "20.14.1"
},
{
"version_affected": "=",
"version_value": "20.14.1_LI_Images"
},
{
"version_affected": "=",
"version_value": "20.9.5.2_LI_Images"
},
{
"version_affected": "=",
"version_value": "20.12.3.1"
},
{
"version_affected": "=",
"version_value": "20.12.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-xss-zQ4KPvYd",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-xss-zQ4KPvYd"
}
]
},
"source": {
"advisory": "cisco-sa-sdwan-xss-zQ4KPvYd",
"discovery": "EXTERNAL",
"defects": [
"CSCwk43942"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

901
2024/20xxx/CVE-2024-20480.json
View File

@ -1,17 +1,910 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20480",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover. \r\n\r This vulnerability is due to improper handling of IPv4 DHCP packets. An attacker could exploit this vulnerability by sending certain IPv4 DHCP packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition that requires a manual reload to recover."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Operator Precedence Logic Error",
"cweId": "CWE-783"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "16.1.1"
},
{
"version_affected": "=",
"version_value": "16.1.2"
},
{
"version_affected": "=",
"version_value": "16.1.3"
},
{
"version_affected": "=",
"version_value": "16.2.1"
},
{
"version_affected": "=",
"version_value": "16.2.2"
},
{
"version_affected": "=",
"version_value": "16.3.1"
},
{
"version_affected": "=",
"version_value": "16.3.2"
},
{
"version_affected": "=",
"version_value": "16.3.3"
},
{
"version_affected": "=",
"version_value": "16.3.1a"
},
{
"version_affected": "=",
"version_value": "16.3.4"
},
{
"version_affected": "=",
"version_value": "16.3.5"
},
{
"version_affected": "=",
"version_value": "16.3.5b"
},
{
"version_affected": "=",
"version_value": "16.3.6"
},
{
"version_affected": "=",
"version_value": "16.3.7"
},
{
"version_affected": "=",
"version_value": "16.3.8"
},
{
"version_affected": "=",
"version_value": "16.3.9"
},
{
"version_affected": "=",
"version_value": "16.3.10"
},
{
"version_affected": "=",
"version_value": "16.3.11"
},
{
"version_affected": "=",
"version_value": "16.4.1"
},
{
"version_affected": "=",
"version_value": "16.4.2"
},
{
"version_affected": "=",
"version_value": "16.4.3"
},
{
"version_affected": "=",
"version_value": "16.5.1"
},
{
"version_affected": "=",
"version_value": "16.5.1a"
},
{
"version_affected": "=",
"version_value": "16.5.1b"
},
{
"version_affected": "=",
"version_value": "16.5.2"
},
{
"version_affected": "=",
"version_value": "16.5.3"
},
{
"version_affected": "=",
"version_value": "16.6.1"
},
{
"version_affected": "=",
"version_value": "16.6.2"
},
{
"version_affected": "=",
"version_value": "16.6.3"
},
{
"version_affected": "=",
"version_value": "16.6.4"
},
{
"version_affected": "=",
"version_value": "16.6.5"
},
{
"version_affected": "=",
"version_value": "16.6.4a"
},
{
"version_affected": "=",
"version_value": "16.6.5a"
},
{
"version_affected": "=",
"version_value": "16.6.6"
},
{
"version_affected": "=",
"version_value": "16.6.7"
},
{
"version_affected": "=",
"version_value": "16.6.8"
},
{
"version_affected": "=",
"version_value": "16.6.9"
},
{
"version_affected": "=",
"version_value": "16.6.10"
},
{
"version_affected": "=",
"version_value": "16.7.1"
},
{
"version_affected": "=",
"version_value": "16.7.1a"
},
{
"version_affected": "=",
"version_value": "16.7.1b"
},
{
"version_affected": "=",
"version_value": "16.7.2"
},
{
"version_affected": "=",
"version_value": "16.7.3"
},
{
"version_affected": "=",
"version_value": "16.7.4"
},
{
"version_affected": "=",
"version_value": "16.8.1"
},
{
"version_affected": "=",
"version_value": "16.8.1a"
},
{
"version_affected": "=",
"version_value": "16.8.1b"
},
{
"version_affected": "=",
"version_value": "16.8.1s"
},
{
"version_affected": "=",
"version_value": "16.8.1c"
},
{
"version_affected": "=",
"version_value": "16.8.1d"
},
{
"version_affected": "=",
"version_value": "16.8.2"
},
{
"version_affected": "=",
"version_value": "16.8.1e"
},
{
"version_affected": "=",
"version_value": "16.8.3"
},
{
"version_affected": "=",
"version_value": "16.9.1"
},
{
"version_affected": "=",
"version_value": "16.9.2"
},
{
"version_affected": "=",
"version_value": "16.9.1a"
},
{
"version_affected": "=",
"version_value": "16.9.1b"
},
{
"version_affected": "=",
"version_value": "16.9.1s"
},
{
"version_affected": "=",
"version_value": "16.9.3"
},
{
"version_affected": "=",
"version_value": "16.9.4"
},
{
"version_affected": "=",
"version_value": "16.9.3a"
},
{
"version_affected": "=",
"version_value": "16.9.5"
},
{
"version_affected": "=",
"version_value": "16.9.5f"
},
{
"version_affected": "=",
"version_value": "16.9.6"
},
{
"version_affected": "=",
"version_value": "16.9.7"
},
{
"version_affected": "=",
"version_value": "16.9.8"
},
{
"version_affected": "=",
"version_value": "16.10.1"
},
{
"version_affected": "=",
"version_value": "16.10.1a"
},
{
"version_affected": "=",
"version_value": "16.10.1b"
},
{
"version_affected": "=",
"version_value": "16.10.1s"
},
{
"version_affected": "=",
"version_value": "16.10.1c"
},
{
"version_affected": "=",
"version_value": "16.10.1e"
},
{
"version_affected": "=",
"version_value": "16.10.1d"
},
{
"version_affected": "=",
"version_value": "16.10.2"
},
{
"version_affected": "=",
"version_value": "16.10.1f"
},
{
"version_affected": "=",
"version_value": "16.10.1g"
},
{
"version_affected": "=",
"version_value": "16.10.3"
},
{
"version_affected": "=",
"version_value": "16.11.1"
},
{
"version_affected": "=",
"version_value": "16.11.1a"
},
{
"version_affected": "=",
"version_value": "16.11.1b"
},
{
"version_affected": "=",
"version_value": "16.11.2"
},
{
"version_affected": "=",
"version_value": "16.11.1s"
},
{
"version_affected": "=",
"version_value": "16.12.1"
},
{
"version_affected": "=",
"version_value": "16.12.1s"
},
{
"version_affected": "=",
"version_value": "16.12.1a"
},
{
"version_affected": "=",
"version_value": "16.12.1c"
},
{
"version_affected": "=",
"version_value": "16.12.1w"
},
{
"version_affected": "=",
"version_value": "16.12.2"
},
{
"version_affected": "=",
"version_value": "16.12.1y"
},
{
"version_affected": "=",
"version_value": "16.12.2a"
},
{
"version_affected": "=",
"version_value": "16.12.3"
},
{
"version_affected": "=",
"version_value": "16.12.8"
},
{
"version_affected": "=",
"version_value": "16.12.2s"
},
{
"version_affected": "=",
"version_value": "16.12.1x"
},
{
"version_affected": "=",
"version_value": "16.12.1t"
},
{
"version_affected": "=",
"version_value": "16.12.4"
},
{
"version_affected": "=",
"version_value": "16.12.3s"
},
{
"version_affected": "=",
"version_value": "16.12.3a"
},
{
"version_affected": "=",
"version_value": "16.12.4a"
},
{
"version_affected": "=",
"version_value": "16.12.5"
},
{
"version_affected": "=",
"version_value": "16.12.6"
},
{
"version_affected": "=",
"version_value": "16.12.1z1"
},
{
"version_affected": "=",
"version_value": "16.12.5a"
},
{
"version_affected": "=",
"version_value": "16.12.5b"
},
{
"version_affected": "=",
"version_value": "16.12.1z2"
},
{
"version_affected": "=",
"version_value": "16.12.6a"
},
{
"version_affected": "=",
"version_value": "16.12.7"
},
{
"version_affected": "=",
"version_value": "16.12.9"
},
{
"version_affected": "=",
"version_value": "16.12.10"
},
{
"version_affected": "=",
"version_value": "16.12.10a"
},
{
"version_affected": "=",
"version_value": "16.12.11"
},
{
"version_affected": "=",
"version_value": "17.1.1"
},
{
"version_affected": "=",
"version_value": "17.1.1a"
},
{
"version_affected": "=",
"version_value": "17.1.1s"
},
{
"version_affected": "=",
"version_value": "17.1.1t"
},
{
"version_affected": "=",
"version_value": "17.1.3"
},
{
"version_affected": "=",
"version_value": "17.2.1"
},
{
"version_affected": "=",
"version_value": "17.2.1r"
},
{
"version_affected": "=",
"version_value": "17.2.1a"
},
{
"version_affected": "=",
"version_value": "17.2.1v"
},
{
"version_affected": "=",
"version_value": "17.2.2"
},
{
"version_affected": "=",
"version_value": "17.2.3"
},
{
"version_affected": "=",
"version_value": "17.3.1"
},
{
"version_affected": "=",
"version_value": "17.3.2"
},
{
"version_affected": "=",
"version_value": "17.3.3"
},
{
"version_affected": "=",
"version_value": "17.3.1a"
},
{
"version_affected": "=",
"version_value": "17.3.1w"
},
{
"version_affected": "=",
"version_value": "17.3.2a"
},
{
"version_affected": "=",
"version_value": "17.3.1x"
},
{
"version_affected": "=",
"version_value": "17.3.1z"
},
{
"version_affected": "=",
"version_value": "17.3.4"
},
{
"version_affected": "=",
"version_value": "17.3.5"
},
{
"version_affected": "=",
"version_value": "17.3.4a"
},
{
"version_affected": "=",
"version_value": "17.3.6"
},
{
"version_affected": "=",
"version_value": "17.3.4b"
},
{
"version_affected": "=",
"version_value": "17.3.4c"
},
{
"version_affected": "=",
"version_value": "17.3.5a"
},
{
"version_affected": "=",
"version_value": "17.3.5b"
},
{
"version_affected": "=",
"version_value": "17.3.7"
},
{
"version_affected": "=",
"version_value": "17.3.8"
},
{
"version_affected": "=",
"version_value": "17.3.8a"
},
{
"version_affected": "=",
"version_value": "17.4.1"
},
{
"version_affected": "=",
"version_value": "17.4.2"
},
{
"version_affected": "=",
"version_value": "17.4.1a"
},
{
"version_affected": "=",
"version_value": "17.4.1b"
},
{
"version_affected": "=",
"version_value": "17.4.2a"
},
{
"version_affected": "=",
"version_value": "17.5.1"
},
{
"version_affected": "=",
"version_value": "17.5.1a"
},
{
"version_affected": "=",
"version_value": "17.6.1"
},
{
"version_affected": "=",
"version_value": "17.6.2"
},
{
"version_affected": "=",
"version_value": "17.6.1w"
},
{
"version_affected": "=",
"version_value": "17.6.1a"
},
{
"version_affected": "=",
"version_value": "17.6.1x"
},
{
"version_affected": "=",
"version_value": "17.6.3"
},
{
"version_affected": "=",
"version_value": "17.6.1y"
},
{
"version_affected": "=",
"version_value": "17.6.1z"
},
{
"version_affected": "=",
"version_value": "17.6.3a"
},
{
"version_affected": "=",
"version_value": "17.6.4"
},
{
"version_affected": "=",
"version_value": "17.6.1z1"
},
{
"version_affected": "=",
"version_value": "17.6.5"
},
{
"version_affected": "=",
"version_value": "17.6.6"
},
{
"version_affected": "=",
"version_value": "17.6.6a"
},
{
"version_affected": "=",
"version_value": "17.6.5a"
},
{
"version_affected": "=",
"version_value": "17.6.7"
},
{
"version_affected": "=",
"version_value": "17.7.1"
},
{
"version_affected": "=",
"version_value": "17.7.1a"
},
{
"version_affected": "=",
"version_value": "17.7.1b"
},
{
"version_affected": "=",
"version_value": "17.7.2"
},
{
"version_affected": "=",
"version_value": "17.10.1"
},
{
"version_affected": "=",
"version_value": "17.10.1a"
},
{
"version_affected": "=",
"version_value": "17.10.1b"
},
{
"version_affected": "=",
"version_value": "17.8.1"
},
{
"version_affected": "=",
"version_value": "17.8.1a"
},
{
"version_affected": "=",
"version_value": "17.9.1"
},
{
"version_affected": "=",
"version_value": "17.9.1w"
},
{
"version_affected": "=",
"version_value": "17.9.2"
},
{
"version_affected": "=",
"version_value": "17.9.1a"
},
{
"version_affected": "=",
"version_value": "17.9.1x"
},
{
"version_affected": "=",
"version_value": "17.9.1y"
},
{
"version_affected": "=",
"version_value": "17.9.3"
},
{
"version_affected": "=",
"version_value": "17.9.2a"
},
{
"version_affected": "=",
"version_value": "17.9.1x1"
},
{
"version_affected": "=",
"version_value": "17.9.3a"
},
{
"version_affected": "=",
"version_value": "17.9.4"
},
{
"version_affected": "=",
"version_value": "17.9.1y1"
},
{
"version_affected": "=",
"version_value": "17.9.5"
},
{
"version_affected": "=",
"version_value": "17.9.4a"
},
{
"version_affected": "=",
"version_value": "17.9.5a"
},
{
"version_affected": "=",
"version_value": "17.9.5b"
},
{
"version_affected": "=",
"version_value": "17.11.1"
},
{
"version_affected": "=",
"version_value": "17.11.1a"
},
{
"version_affected": "=",
"version_value": "17.12.1"
},
{
"version_affected": "=",
"version_value": "17.12.1w"
},
{
"version_affected": "=",
"version_value": "17.12.1a"
},
{
"version_affected": "=",
"version_value": "17.12.1x"
},
{
"version_affected": "=",
"version_value": "17.12.2"
},
{
"version_affected": "=",
"version_value": "17.12.3"
},
{
"version_affected": "=",
"version_value": "17.12.2a"
},
{
"version_affected": "=",
"version_value": "17.12.1y"
},
{
"version_affected": "=",
"version_value": "17.12.3a"
},
{
"version_affected": "=",
"version_value": "17.13.1"
},
{
"version_affected": "=",
"version_value": "17.13.1a"
},
{
"version_affected": "=",
"version_value": "17.14.1"
},
{
"version_affected": "=",
"version_value": "17.14.1a"
},
{
"version_affected": "=",
"version_value": "17.11.99SW"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-MBcbG9k",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-MBcbG9k"
}
]
},
"source": {
"advisory": "cisco-sa-ios-xe-sda-edge-dos-MBcbG9k",
"discovery": "INTERNAL",
"defects": [
"CSCwk36431"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

720
2024/20xxx/CVE-2024-20496.json
View File

@ -1,17 +1,729 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20496",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system.\r\n\r\nThis vulnerability is due to incorrect handling of a specific type of malformed UDP packet. An attacker in a machine-in-the-middle position could exploit this vulnerability by sending crafted UDP packets to an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition on the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco SD-WAN vEdge Cloud",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "20.1.12"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "18.4.5"
},
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "19.0.1a"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "18.3.0"
},
{
"version_affected": "=",
"version_value": "19.2.3"
},
{
"version_affected": "=",
"version_value": "20.3.1"
},
{
"version_affected": "=",
"version_value": "20.1.2"
},
{
"version_affected": "=",
"version_value": "19.2.929"
},
{
"version_affected": "=",
"version_value": "19.2.31"
},
{
"version_affected": "=",
"version_value": "20.3.2"
},
{
"version_affected": "=",
"version_value": "19.2.32"
},
{
"version_affected": "=",
"version_value": "18.4.6"
},
{
"version_affected": "=",
"version_value": "20.4.1"
},
{
"version_affected": "=",
"version_value": "19.2.4"
},
{
"version_affected": "=",
"version_value": "20.4.1.1"
},
{
"version_affected": "=",
"version_value": "20.3.3"
},
{
"version_affected": "=",
"version_value": "20.5.1"
},
{
"version_affected": "=",
"version_value": "20.1.3"
},
{
"version_affected": "=",
"version_value": "20.4.1.2"
},
{
"version_affected": "=",
"version_value": "20.4.2"
},
{
"version_affected": "=",
"version_value": "20.3.4"
},
{
"version_affected": "=",
"version_value": "20.6.1"
},
{
"version_affected": "=",
"version_value": "20.6.2"
},
{
"version_affected": "=",
"version_value": "20.7.1"
},
{
"version_affected": "=",
"version_value": "20.3.5"
},
{
"version_affected": "=",
"version_value": "20.6.3"
},
{
"version_affected": "=",
"version_value": "20.8.1"
},
{
"version_affected": "=",
"version_value": "20.7.2"
},
{
"version_affected": "=",
"version_value": "20.6.4"
},
{
"version_affected": "=",
"version_value": "20.9.1"
},
{
"version_affected": "=",
"version_value": "20.3.6"
},
{
"version_affected": "=",
"version_value": "20.9.1.1"
},
{
"version_affected": "=",
"version_value": "20.9.2"
},
{
"version_affected": "=",
"version_value": "20.6.5"
},
{
"version_affected": "=",
"version_value": "20.3.7"
},
{
"version_affected": "=",
"version_value": "20.9.3"
},
{
"version_affected": "=",
"version_value": "20.4.2.3"
},
{
"version_affected": "=",
"version_value": "20.3.4.3"
},
{
"version_affected": "=",
"version_value": "20.6.4.1"
},
{
"version_affected": "=",
"version_value": "20.6.3.2"
},
{
"version_affected": "=",
"version_value": "20.3.5.1"
},
{
"version_affected": "=",
"version_value": "20.9.3.1"
},
{
"version_affected": "=",
"version_value": "20.6.5.2"
},
{
"version_affected": "=",
"version_value": "20.3.7.1"
},
{
"version_affected": "=",
"version_value": "20.3.3.2"
},
{
"version_affected": "=",
"version_value": "20.6.1.2"
},
{
"version_affected": "=",
"version_value": "20.1.3.1"
},
{
"version_affected": "=",
"version_value": "20.9.2.2"
},
{
"version_affected": "=",
"version_value": "20.6.5.3"
},
{
"version_affected": "=",
"version_value": "20.6.3.3"
},
{
"version_affected": "=",
"version_value": "20.3.7.2"
},
{
"version_affected": "=",
"version_value": "20.6.5.4"
},
{
"version_affected": "=",
"version_value": "20.9.2.3"
},
{
"version_affected": "=",
"version_value": "20.3.8"
}
]
}
},
{
"product_name": "Cisco SD-WAN vEdge router",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "18.4.303"
},
{
"version_affected": "=",
"version_value": "18.3.7"
},
{
"version_affected": "=",
"version_value": "19.3.0"
},
{
"version_affected": "=",
"version_value": "18.2.0"
},
{
"version_affected": "=",
"version_value": "20.1.12"
},
{
"version_affected": "=",
"version_value": "19.2.099"
},
{
"version_affected": "=",
"version_value": "18.3.3"
},
{
"version_affected": "=",
"version_value": "18.3.6"
},
{
"version_affected": "=",
"version_value": "19.0.0"
},
{
"version_affected": "=",
"version_value": "18.4.0"
},
{
"version_affected": "=",
"version_value": "19.1.01"
},
{
"version_affected": "=",
"version_value": "19.2.098"
},
{
"version_affected": "=",
"version_value": "18.3.1"
},
{
"version_affected": "=",
"version_value": "18.4.302"
},
{
"version_affected": "=",
"version_value": "19.2.2"
},
{
"version_affected": "=",
"version_value": "18.3.5"
},
{
"version_affected": "=",
"version_value": "19.1.0"
},
{
"version_affected": "=",
"version_value": "20.1.11"
},
{
"version_affected": "=",
"version_value": "19.2.097"
},
{
"version_affected": "=",
"version_value": "18.4.5"
},
{
"version_affected": "=",
"version_value": "18.3.8"
},
{
"version_affected": "=",
"version_value": "18.3.0"
},
{
"version_affected": "=",
"version_value": "18.4.3"
},
{
"version_affected": "=",
"version_value": "18.4.4"
},
{
"version_affected": "=",
"version_value": "19.2.1"
},
{
"version_affected": "=",
"version_value": "18.3.4"
},
{
"version_affected": "=",
"version_value": "19.0.1a"
},
{
"version_affected": "=",
"version_value": "20.1.1"
},
{
"version_affected": "=",
"version_value": "18.4.1"
},
{
"version_affected": "=",
"version_value": "19.2.0"
},
{
"version_affected": "=",
"version_value": "19.2.3"
},
{
"version_affected": "=",
"version_value": "20.3.1"
},
{
"version_affected": "=",
"version_value": "20.1.2"
},
{
"version_affected": "=",
"version_value": "19.2.929"
},
{
"version_affected": "=",
"version_value": "19.2.31"
},
{
"version_affected": "=",
"version_value": "20.3.2"
},
{
"version_affected": "=",
"version_value": "19.2.32"
},
{
"version_affected": "=",
"version_value": "18.4.6"
},
{
"version_affected": "=",
"version_value": "20.4.1"
},
{
"version_affected": "=",
"version_value": "19.2.4"
},
{
"version_affected": "=",
"version_value": "20.4.1.1"
},
{
"version_affected": "=",
"version_value": "20.3.3"
},
{
"version_affected": "=",
"version_value": "20.5.1"
},
{
"version_affected": "=",
"version_value": "20.1.3"
},
{
"version_affected": "=",
"version_value": "20.4.1.2"
},
{
"version_affected": "=",
"version_value": "20.4.2"
},
{
"version_affected": "=",
"version_value": "20.3.4"
},
{
"version_affected": "=",
"version_value": "20.6.1"
},
{
"version_affected": "=",
"version_value": "20.6.2"
},
{
"version_affected": "=",
"version_value": "20.7.1"
},
{
"version_affected": "=",
"version_value": "20.7.1.2"
},
{
"version_affected": "=",
"version_value": "20.3.5"
},
{
"version_affected": "=",
"version_value": "20.9.1"
},
{
"version_affected": "=",
"version_value": "20.6.3"
},
{
"version_affected": "=",
"version_value": "20.8.1"
},
{
"version_affected": "=",
"version_value": "20.7.2"
},
{
"version_affected": "=",
"version_value": "20.6.4"
},
{
"version_affected": "=",
"version_value": "20.3.6"
},
{
"version_affected": "=",
"version_value": "20.9.2"
},
{
"version_affected": "=",
"version_value": "20.6.5"
},
{
"version_affected": "=",
"version_value": "20.3.7"
},
{
"version_affected": "=",
"version_value": "20.9.3"
},
{
"version_affected": "=",
"version_value": "20.6.5.1"
},
{
"version_affected": "=",
"version_value": "20.3.3.2"
},
{
"version_affected": "=",
"version_value": "20.6.4.1"
},
{
"version_affected": "=",
"version_value": "20.6.3.2"
},
{
"version_affected": "=",
"version_value": "20.3.4.3"
},
{
"version_affected": "=",
"version_value": "20.6.5.2"
},
{
"version_affected": "=",
"version_value": "20.9.3.1"
},
{
"version_affected": "=",
"version_value": "20.3.7.1"
},
{
"version_affected": "=",
"version_value": "20.3.5.1"
},
{
"version_affected": "=",
"version_value": "20.4.2.3"
},
{
"version_affected": "=",
"version_value": "20.6.1.2"
},
{
"version_affected": "=",
"version_value": "20.9.2.2"
},
{
"version_affected": "=",
"version_value": "20.1.3.1"
},
{
"version_affected": "=",
"version_value": "20.6.5.3"
},
{
"version_affected": "=",
"version_value": "20.6.3.3"
},
{
"version_affected": "=",
"version_value": "20.3.7.2"
},
{
"version_affected": "=",
"version_value": "20.6.5.4"
},
{
"version_affected": "=",
"version_value": "20.9.2.3"
},
{
"version_affected": "=",
"version_value": "20.3.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-vedos-KqFfhps3",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-vedos-KqFfhps3"
}
]
},
"source": {
"advisory": "cisco-sa-sdw-vedos-KqFfhps3",
"discovery": "EXTERNAL",
"defects": [
"CSCwd85135"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

145
2024/20xxx/CVE-2024-20508.json
View File

@ -1,17 +1,154 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20508",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process. If the action in case of Cisco UTD Snort IPS Engine failure is set to the default, fail-open, successful exploitation of this vulnerability could allow the attacker to bypass configured security policies. If the action in case of Cisco UTD Snort IPS Engine failure is set to fail-close, successful exploitation of this vulnerability could cause traffic that is configured to be inspected by Cisco UTD Snort IPS Engine to be dropped."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco UTD SNORT IPS Engine Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "17.12.1a"
},
{
"version_affected": "=",
"version_value": "17.12.2"
},
{
"version_affected": "=",
"version_value": "17.13.1a"
},
{
"version_affected": "=",
"version_value": "17.12.3"
},
{
"version_affected": "=",
"version_value": "17.12.3a"
},
{
"version_affected": "=",
"version_value": "17.15.1a"
},
{
"version_affected": "=",
"version_value": "17.9.5a"
},
{
"version_affected": "=",
"version_value": "17.6.1a"
},
{
"version_affected": "=",
"version_value": "17.8.1a"
},
{
"version_affected": "=",
"version_value": "17.6.2"
},
{
"version_affected": "=",
"version_value": "17.7.2"
},
{
"version_affected": "=",
"version_value": "17.12.4"
},
{
"version_affected": "=",
"version_value": "17.14.1a"
},
{
"version_affected": "=",
"version_value": "17.11.1a"
},
{
"version_affected": "=",
"version_value": "17.7.1a"
},
{
"version_affected": "=",
"version_value": "17.6.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-utd-snort3-dos-bypas-b4OUEwxD",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-utd-snort3-dos-bypas-b4OUEwxD"
}
]
},
"source": {
"advisory": "cisco-sa-utd-snort3-dos-bypas-b4OUEwxD",
"discovery": "INTERNAL",
"defects": [
"CSCwj21273"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

869
2024/20xxx/CVE-2024-20510.json
View File

@ -1,17 +1,878 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20510",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication.\r\n\r This vulnerability is due to a logic error when activating the pre-authentication ACL that is received from the authentication, authorization, and accounting (AAA) server. An attacker could exploit this vulnerability by connecting to a wireless network that is configured for CWA and sending traffic through an affected device that should be denied by the configured ACL before user authentication. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device before the user authentication is completed, allowing the attacker to access trusted networks that the device might be protecting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "16.3.1"
},
{
"version_affected": "=",
"version_value": "16.3.2"
},
{
"version_affected": "=",
"version_value": "16.3.3"
},
{
"version_affected": "=",
"version_value": "16.3.1a"
},
{
"version_affected": "=",
"version_value": "16.3.4"
},
{
"version_affected": "=",
"version_value": "16.3.5"
},
{
"version_affected": "=",
"version_value": "16.3.5b"
},
{
"version_affected": "=",
"version_value": "16.3.6"
},
{
"version_affected": "=",
"version_value": "16.3.7"
},
{
"version_affected": "=",
"version_value": "16.3.8"
},
{
"version_affected": "=",
"version_value": "16.3.9"
},
{
"version_affected": "=",
"version_value": "16.3.10"
},
{
"version_affected": "=",
"version_value": "16.3.11"
},
{
"version_affected": "=",
"version_value": "16.4.1"
},
{
"version_affected": "=",
"version_value": "16.4.2"
},
{
"version_affected": "=",
"version_value": "16.4.3"
},
{
"version_affected": "=",
"version_value": "16.5.1"
},
{
"version_affected": "=",
"version_value": "16.5.1a"
},
{
"version_affected": "=",
"version_value": "16.5.1b"
},
{
"version_affected": "=",
"version_value": "16.5.2"
},
{
"version_affected": "=",
"version_value": "16.5.3"
},
{
"version_affected": "=",
"version_value": "16.6.1"
},
{
"version_affected": "=",
"version_value": "16.6.2"
},
{
"version_affected": "=",
"version_value": "16.6.3"
},
{
"version_affected": "=",
"version_value": "16.6.4"
},
{
"version_affected": "=",
"version_value": "16.6.5"
},
{
"version_affected": "=",
"version_value": "16.6.4a"
},
{
"version_affected": "=",
"version_value": "16.6.5a"
},
{
"version_affected": "=",
"version_value": "16.6.6"
},
{
"version_affected": "=",
"version_value": "16.6.7"
},
{
"version_affected": "=",
"version_value": "16.6.8"
},
{
"version_affected": "=",
"version_value": "16.6.9"
},
{
"version_affected": "=",
"version_value": "16.6.10"
},
{
"version_affected": "=",
"version_value": "16.7.1"
},
{
"version_affected": "=",
"version_value": "16.7.1a"
},
{
"version_affected": "=",
"version_value": "16.7.1b"
},
{
"version_affected": "=",
"version_value": "16.7.2"
},
{
"version_affected": "=",
"version_value": "16.7.3"
},
{
"version_affected": "=",
"version_value": "16.7.4"
},
{
"version_affected": "=",
"version_value": "16.8.1"
},
{
"version_affected": "=",
"version_value": "16.8.1a"
},
{
"version_affected": "=",
"version_value": "16.8.1b"
},
{
"version_affected": "=",
"version_value": "16.8.1s"
},
{
"version_affected": "=",
"version_value": "16.8.1c"
},
{
"version_affected": "=",
"version_value": "16.8.1d"
},
{
"version_affected": "=",
"version_value": "16.8.2"
},
{
"version_affected": "=",
"version_value": "16.8.1e"
},
{
"version_affected": "=",
"version_value": "16.8.3"
},
{
"version_affected": "=",
"version_value": "16.9.1"
},
{
"version_affected": "=",
"version_value": "16.9.2"
},
{
"version_affected": "=",
"version_value": "16.9.1a"
},
{
"version_affected": "=",
"version_value": "16.9.1b"
},
{
"version_affected": "=",
"version_value": "16.9.1s"
},
{
"version_affected": "=",
"version_value": "16.9.3"
},
{
"version_affected": "=",
"version_value": "16.9.4"
},
{
"version_affected": "=",
"version_value": "16.9.3a"
},
{
"version_affected": "=",
"version_value": "16.9.5"
},
{
"version_affected": "=",
"version_value": "16.9.5f"
},
{
"version_affected": "=",
"version_value": "16.9.6"
},
{
"version_affected": "=",
"version_value": "16.9.7"
},
{
"version_affected": "=",
"version_value": "16.9.8"
},
{
"version_affected": "=",
"version_value": "16.10.1"
},
{
"version_affected": "=",
"version_value": "16.10.1a"
},
{
"version_affected": "=",
"version_value": "16.10.1b"
},
{
"version_affected": "=",
"version_value": "16.10.1s"
},
{
"version_affected": "=",
"version_value": "16.10.1c"
},
{
"version_affected": "=",
"version_value": "16.10.1e"
},
{
"version_affected": "=",
"version_value": "16.10.1d"
},
{
"version_affected": "=",
"version_value": "16.10.2"
},
{
"version_affected": "=",
"version_value": "16.10.1f"
},
{
"version_affected": "=",
"version_value": "16.10.1g"
},
{
"version_affected": "=",
"version_value": "16.10.3"
},
{
"version_affected": "=",
"version_value": "16.11.1"
},
{
"version_affected": "=",
"version_value": "16.11.1a"
},
{
"version_affected": "=",
"version_value": "16.11.1b"
},
{
"version_affected": "=",
"version_value": "16.11.2"
},
{
"version_affected": "=",
"version_value": "16.11.1s"
},
{
"version_affected": "=",
"version_value": "16.12.1"
},
{
"version_affected": "=",
"version_value": "16.12.1s"
},
{
"version_affected": "=",
"version_value": "16.12.1a"
},
{
"version_affected": "=",
"version_value": "16.12.1c"
},
{
"version_affected": "=",
"version_value": "16.12.1w"
},
{
"version_affected": "=",
"version_value": "16.12.2"
},
{
"version_affected": "=",
"version_value": "16.12.1y"
},
{
"version_affected": "=",
"version_value": "16.12.2a"
},
{
"version_affected": "=",
"version_value": "16.12.3"
},
{
"version_affected": "=",
"version_value": "16.12.8"
},
{
"version_affected": "=",
"version_value": "16.12.2s"
},
{
"version_affected": "=",
"version_value": "16.12.1x"
},
{
"version_affected": "=",
"version_value": "16.12.1t"
},
{
"version_affected": "=",
"version_value": "16.12.4"
},
{
"version_affected": "=",
"version_value": "16.12.3s"
},
{
"version_affected": "=",
"version_value": "16.12.3a"
},
{
"version_affected": "=",
"version_value": "16.12.4a"
},
{
"version_affected": "=",
"version_value": "16.12.5"
},
{
"version_affected": "=",
"version_value": "16.12.6"
},
{
"version_affected": "=",
"version_value": "16.12.1z1"
},
{
"version_affected": "=",
"version_value": "16.12.5a"
},
{
"version_affected": "=",
"version_value": "16.12.5b"
},
{
"version_affected": "=",
"version_value": "16.12.1z2"
},
{
"version_affected": "=",
"version_value": "16.12.6a"
},
{
"version_affected": "=",
"version_value": "16.12.7"
},
{
"version_affected": "=",
"version_value": "16.12.9"
},
{
"version_affected": "=",
"version_value": "16.12.10"
},
{
"version_affected": "=",
"version_value": "16.12.10a"
},
{
"version_affected": "=",
"version_value": "16.12.11"
},
{
"version_affected": "=",
"version_value": "17.1.1"
},
{
"version_affected": "=",
"version_value": "17.1.1a"
},
{
"version_affected": "=",
"version_value": "17.1.1s"
},
{
"version_affected": "=",
"version_value": "17.1.1t"
},
{
"version_affected": "=",
"version_value": "17.1.3"
},
{
"version_affected": "=",
"version_value": "17.2.1"
},
{
"version_affected": "=",
"version_value": "17.2.1r"
},
{
"version_affected": "=",
"version_value": "17.2.1a"
},
{
"version_affected": "=",
"version_value": "17.2.1v"
},
{
"version_affected": "=",
"version_value": "17.2.2"
},
{
"version_affected": "=",
"version_value": "17.2.3"
},
{
"version_affected": "=",
"version_value": "17.3.1"
},
{
"version_affected": "=",
"version_value": "17.3.2"
},
{
"version_affected": "=",
"version_value": "17.3.3"
},
{
"version_affected": "=",
"version_value": "17.3.1a"
},
{
"version_affected": "=",
"version_value": "17.3.1w"
},
{
"version_affected": "=",
"version_value": "17.3.2a"
},
{
"version_affected": "=",
"version_value": "17.3.1x"
},
{
"version_affected": "=",
"version_value": "17.3.1z"
},
{
"version_affected": "=",
"version_value": "17.3.4"
},
{
"version_affected": "=",
"version_value": "17.3.5"
},
{
"version_affected": "=",
"version_value": "17.3.4a"
},
{
"version_affected": "=",
"version_value": "17.3.6"
},
{
"version_affected": "=",
"version_value": "17.3.4b"
},
{
"version_affected": "=",
"version_value": "17.3.4c"
},
{
"version_affected": "=",
"version_value": "17.3.5a"
},
{
"version_affected": "=",
"version_value": "17.3.5b"
},
{
"version_affected": "=",
"version_value": "17.3.7"
},
{
"version_affected": "=",
"version_value": "17.3.8"
},
{
"version_affected": "=",
"version_value": "17.3.8a"
},
{
"version_affected": "=",
"version_value": "17.4.1"
},
{
"version_affected": "=",
"version_value": "17.4.2"
},
{
"version_affected": "=",
"version_value": "17.4.1a"
},
{
"version_affected": "=",
"version_value": "17.4.1b"
},
{
"version_affected": "=",
"version_value": "17.4.2a"
},
{
"version_affected": "=",
"version_value": "17.5.1"
},
{
"version_affected": "=",
"version_value": "17.5.1a"
},
{
"version_affected": "=",
"version_value": "17.6.1"
},
{
"version_affected": "=",
"version_value": "17.6.2"
},
{
"version_affected": "=",
"version_value": "17.6.1w"
},
{
"version_affected": "=",
"version_value": "17.6.1a"
},
{
"version_affected": "=",
"version_value": "17.6.1x"
},
{
"version_affected": "=",
"version_value": "17.6.3"
},
{
"version_affected": "=",
"version_value": "17.6.1y"
},
{
"version_affected": "=",
"version_value": "17.6.1z"
},
{
"version_affected": "=",
"version_value": "17.6.3a"
},
{
"version_affected": "=",
"version_value": "17.6.4"
},
{
"version_affected": "=",
"version_value": "17.6.1z1"
},
{
"version_affected": "=",
"version_value": "17.6.5"
},
{
"version_affected": "=",
"version_value": "17.6.6"
},
{
"version_affected": "=",
"version_value": "17.6.6a"
},
{
"version_affected": "=",
"version_value": "17.6.5a"
},
{
"version_affected": "=",
"version_value": "17.6.7"
},
{
"version_affected": "=",
"version_value": "17.7.1"
},
{
"version_affected": "=",
"version_value": "17.7.1a"
},
{
"version_affected": "=",
"version_value": "17.7.1b"
},
{
"version_affected": "=",
"version_value": "17.7.2"
},
{
"version_affected": "=",
"version_value": "17.10.1"
},
{
"version_affected": "=",
"version_value": "17.10.1a"
},
{
"version_affected": "=",
"version_value": "17.10.1b"
},
{
"version_affected": "=",
"version_value": "17.8.1"
},
{
"version_affected": "=",
"version_value": "17.8.1a"
},
{
"version_affected": "=",
"version_value": "17.9.1"
},
{
"version_affected": "=",
"version_value": "17.9.1w"
},
{
"version_affected": "=",
"version_value": "17.9.2"
},
{
"version_affected": "=",
"version_value": "17.9.1a"
},
{
"version_affected": "=",
"version_value": "17.9.1x"
},
{
"version_affected": "=",
"version_value": "17.9.1y"
},
{
"version_affected": "=",
"version_value": "17.9.3"
},
{
"version_affected": "=",
"version_value": "17.9.2a"
},
{
"version_affected": "=",
"version_value": "17.9.1x1"
},
{
"version_affected": "=",
"version_value": "17.9.3a"
},
{
"version_affected": "=",
"version_value": "17.9.4"
},
{
"version_affected": "=",
"version_value": "17.9.1y1"
},
{
"version_affected": "=",
"version_value": "17.9.5"
},
{
"version_affected": "=",
"version_value": "17.9.4a"
},
{
"version_affected": "=",
"version_value": "17.9.5a"
},
{
"version_affected": "=",
"version_value": "17.9.5b"
},
{
"version_affected": "=",
"version_value": "17.11.1"
},
{
"version_affected": "=",
"version_value": "17.11.1a"
},
{
"version_affected": "=",
"version_value": "17.12.1"
},
{
"version_affected": "=",
"version_value": "17.12.1w"
},
{
"version_affected": "=",
"version_value": "17.12.1a"
},
{
"version_affected": "=",
"version_value": "17.12.1x"
},
{
"version_affected": "=",
"version_value": "17.12.2"
},
{
"version_affected": "=",
"version_value": "17.12.3"
},
{
"version_affected": "=",
"version_value": "17.12.2a"
},
{
"version_affected": "=",
"version_value": "17.12.1y"
},
{
"version_affected": "=",
"version_value": "17.13.1"
},
{
"version_affected": "=",
"version_value": "17.13.1a"
},
{
"version_affected": "=",
"version_value": "17.11.99SW"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-cwa-acl-nPSbHSnA",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-cwa-acl-nPSbHSnA"
}
]
},
"source": {
"advisory": "cisco-sa-c9800-cwa-acl-nPSbHSnA",
"discovery": "EXTERNAL",
"defects": [
"CSCwh81471"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

18
2024/36xxx/CVE-2024-36292.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36292",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2024/41xxx/CVE-2024-41445.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41445",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-41445",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Library MDF (mdflib) v2.1 is vulnerable to a heap-based buffer overread via a crafted mdf4 file is parsed using the ReadData function"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/g0ku704/vulnerabilities/tree/main/CVE-2024-41445",
"url": "https://github.com/g0ku704/vulnerabilities/tree/main/CVE-2024-41445"
}
]
}

67
2024/41xxx/CVE-2024-41708.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41708",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-41708",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/AdaCore/aws",
"refsource": "MISC",
"name": "https://github.com/AdaCore/aws"
},
{
"refsource": "CONFIRM",
"name": "https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf",
"url": "https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf"
}
]
}

18
2024/42xxx/CVE-2024-42498.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-42498",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/43xxx/CVE-2024-43101.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43101",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2024/44xxx/CVE-2024-44678.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44678",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44678",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. This allows an authenticated attacker to execute arbitrary commands on the device by sending a crafted HTTP request to the ssid parameter in the request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.newegg.com/gigastone-tr1/p/0E6-008K-00004",
"refsource": "MISC",
"name": "https://www.newegg.com/gigastone-tr1/p/0E6-008K-00004"
},
{
"refsource": "CONFIRM",
"name": "https://www.bridewell.com/insights/blogs/detail/cve-2024-44678-identified-vulnerability-in-gigastone-wi-fi-range-extenders",
"url": "https://www.bridewell.com/insights/blogs/detail/cve-2024-44678-identified-vulnerability-in-gigastone-wi-fi-range-extenders"
}
]
}

67
2024/44xxx/CVE-2024-44825.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44825",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44825",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/invesalius/invesalius3",
"refsource": "MISC",
"name": "https://github.com/invesalius/invesalius3"
},
{
"refsource": "MISC",
"name": "https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-44825",
"url": "https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-44825"
}
]
}

18
2024/45xxx/CVE-2024-45333.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45333",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/45xxx/CVE-2024-45378.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45378",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/45xxx/CVE-2024-45381.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45381",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2024/45xxx/CVE-2024-45750.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45750",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-45750",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and older) allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase, it accepts malformed ECDSA signatures and establishes the tunnel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://thegreenbow.com",
"refsource": "MISC",
"name": "https://thegreenbow.com"
},
{
"refsource": "CONFIRM",
"name": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-17024",
"url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-17024"
}
]
}

18
2024/45xxx/CVE-2024-45834.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45834",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/45xxx/CVE-2024-45839.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45839",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2024/46xxx/CVE-2024-46485.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46485",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46485",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/kikaku-ship/cms/tree/main/1/readme.md",
"refsource": "MISC",
"name": "https://github.com/kikaku-ship/cms/tree/main/1/readme.md"
}
]
}

62
2024/46xxx/CVE-2024-46488.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46488",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46488",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/VulnSphere/LLMVulnSphere/blob/main/VectorDB/sqlite-vec/OOBR_2.md",
"refsource": "MISC",
"name": "https://github.com/VulnSphere/LLMVulnSphere/blob/main/VectorDB/sqlite-vec/OOBR_2.md"
}
]
}

62
2024/46xxx/CVE-2024-46489.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46489",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46489",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/VulnSphere/LLMVulnSphere/blob/main/Prompt/promptr/RCE_FC_6.0.7.md",
"refsource": "MISC",
"name": "https://github.com/VulnSphere/LLMVulnSphere/blob/main/Prompt/promptr/RCE_FC_6.0.7.md"
}
]
}

62
2024/46xxx/CVE-2024-46600.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46600",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/loading15678/cms/tree/main/3/readme.md",
"refsource": "MISC",
"name": "https://github.com/loading15678/cms/tree/main/3/readme.md"
}
]
}

67
2024/46xxx/CVE-2024-46655.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46655",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ellevo.com/",
"refsource": "MISC",
"name": "https://ellevo.com/"
},
{
"refsource": "MISC",
"name": "https://csflabs.github.io/cve/2024/09/24/cve-2024-46655-Cross-Site-Scripting-(XSS)-(Reflected)-in-Ellevo-application.html",
"url": "https://csflabs.github.io/cve/2024/09/24/cve-2024-46655-Cross-Site-Scripting-(XSS)-(Reflected)-in-Ellevo-application.html"
}
]
}

85
2024/47xxx/CVE-2024-47078.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47078",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone (i.e., via bluetooth). Prior to version 2.5.1, multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses resulting in unauthorized control of MQTT-connected nodes. Version 2.5.1 contains a patch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication",
"cweId": "CWE-287"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "meshtastic",
"product": {
"product_data": [
{
"product_name": "firmware",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.5.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/meshtastic/firmware/security/advisories/GHSA-vqcq-wjwx-7252",
"refsource": "MISC",
"name": "https://github.com/meshtastic/firmware/security/advisories/GHSA-vqcq-wjwx-7252"
}
]
},
"source": {
"advisory": "GHSA-vqcq-wjwx-7252",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

86
2024/47xxx/CVE-2024-47082.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47082",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to cross-site request forgery (CSRF) attacks if users did not explicitly enable CSRF preventing security mechanism for their servers. Additionally, the Django HTTP view integration, in particular, had an exemption for Django's built-in CSRF protection (i.e., the `CsrfViewMiddleware` middleware) by default. In affect, all Strawberry integrations were vulnerable to CSRF attacks by default. Version `v0.243.0` is the first `strawberry-graphql` including a patch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "strawberry-graphql",
"product": {
"product_data": [
{
"product_name": "strawberry",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.243.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/strawberry-graphql/strawberry/security/advisories/GHSA-79gp-q4wv-33fr",
"refsource": "MISC",
"name": "https://github.com/strawberry-graphql/strawberry/security/advisories/GHSA-79gp-q4wv-33fr"
},
{
"url": "https://github.com/strawberry-graphql/strawberry/commit/37265b230e511480a9ceace492f9f6a484be1387",
"refsource": "MISC",
"name": "https://github.com/strawberry-graphql/strawberry/commit/37265b230e511480a9ceace492f9f6a484be1387"
},
{
"url": "https://strawberry.rocks/docs/breaking-changes/0.243.0",
"refsource": "MISC",
"name": "https://strawberry.rocks/docs/breaking-changes/0.243.0"
}
]
},
"source": {
"advisory": "GHSA-79gp-q4wv-33fr",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

18
2024/47xxx/CVE-2024-47147.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47147",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

113
2024/47xxx/CVE-2024-47305.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47305",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dnesscarkey",
"product": {
"product_data": [
{
"product_name": "Use Any Font",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "6.3.09",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.3.08",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/use-any-font/wordpress-use-any-font-plugin-6-3-08-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/use-any-font/wordpress-use-any-font-plugin-6-3-08-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 6.3.09 or a higher version."
}
],
"value": "Update to 6.3.09 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

113
2024/47xxx/CVE-2024-47315.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47315",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GiveWP",
"product": {
"product_data": [
{
"product_name": "GiveWP",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.16.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.15.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-donation-plugin-and-fundraising-platform-plugin-3-15-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-donation-plugin-and-fundraising-platform-plugin-3-15-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.16.0 or a higher version."
}
],
"value": "Update to 3.16.0 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

18
2024/47xxx/CVE-2024-47492.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47492",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47493.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47493",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47494.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47495.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47495",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47496.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47496",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47497.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47497",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47498.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47498",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47499.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47499",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47500.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47500",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47501.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47501",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47502.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47502",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47503.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47504.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47504",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47505.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47506.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47506",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47507.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47507",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47508.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47508",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47509.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47509",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47510.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47510",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47511.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47511",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47512.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47512",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47513.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47513",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47514.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47514",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47515.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47515",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47516.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47516",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47550.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47550",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

6
2024/7xxx/CVE-2024-7386.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Premium Packages \u2013 Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the wpdmpp_async_request() function. This makes it possible for unauthenticated attackers to perform actions such as initiating refunds via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link."
"value": "The Premium Packages \u2013 Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund() function. This makes it possible for unauthenticated attackers to perform actions such as initiating refunds via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link."
}
]
},
@ -61,9 +61,9 @@
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a714536-c6fd-495b-b774-104657329a74?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/trunk/wpdm-premium-packages.php?rev=3102989#L1148",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3156970%40wpdm-premium-packages&new=3156970%40wpdm-premium-packages&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/trunk/wpdm-premium-packages.php?rev=3102989#L1148"
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3156970%40wpdm-premium-packages&new=3156970%40wpdm-premium-packages&sfp_email=&sfph_mail="
}
]
},

26
2024/7xxx/CVE-2024-7409.json
View File

@ -91,6 +91,27 @@
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.15",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "415.92.202409162258-0",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -180,6 +201,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6811"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6818",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6818"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6964",
"refsource": "MISC",

2
2024/8xxx/CVE-2024-8661.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in the \"Next&Previous Nav\" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N \u00a0Since the \"Next&Previous Nav\" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users.\u00a0Thanks, Chu Quoc Khanh for reporting."
"value": "Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the \"Next&Previous Nav\" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 4.6 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N \u00a0Since the \"Next&Previous Nav\" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users.\u00a0Thanks, Chu Quoc Khanh for reporting."
}
]
},

2
2024/8xxx/CVE-2024-8850.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as {email} is used for the field in versions 4.9.9 to 4.9.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
"value": "The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as {email} is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},

120
2024/8xxx/CVE-2024-8975.json
View File

@ -1,17 +1,129 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8975",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@grafana.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM\nThis issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element",
"cweId": "CWE-428"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Grafana",
"product": {
"product_data": [
{
"product_name": "Alloy",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.3.3"
},
{
"version_affected": "<=",
"version_name": "1.4.0-rc.0",
"version_value": "1.4.0-rc.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://grafana.com/security/security-advisories/cve-2024-8975/",
"refsource": "MISC",
"name": "https://grafana.com/security/security-advisories/cve-2024-8975/"
},
{
"url": "https://grafana.com/blog/2024/09/25/grafana-alloy-and-grafana-agent-flow-security-release-high-severity-fix-for-cve-2024-8975-and-cve-2024-8996/",
"refsource": "MISC",
"name": "https://grafana.com/blog/2024/09/25/grafana-alloy-and-grafana-agent-flow-security-release-high-severity-fix-for-cve-2024-8975-and-cve-2024-8996/"
},
{
"url": "https://github.com/grafana/alloy/releases/tag/v1.4.0",
"refsource": "MISC",
"name": "https://github.com/grafana/alloy/releases/tag/v1.4.0"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Edit the registry to manually <span style=\"background-color: transparent;\">add the double quotes manually to `Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Alloy\\ImagePath`</span>\n\n<br>"
}
],
"value": "Edit the registry to manually add the double quotes manually to `Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Alloy\\ImagePath`"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uninstall Alloy, and then perform a clean install with version either 1.3.3 or 1.4.0 or a higher version<br>"
}
],
"value": "Uninstall Alloy, and then perform a clean install with version either 1.3.3 or 1.4.0 or a higher version"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

115
2024/8xxx/CVE-2024-8996.json
View File

@ -1,17 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8996",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@grafana.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM\nThis issue affects Agent Flow: before 0.43.2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element",
"cweId": "CWE-428"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Grafana",
"product": {
"product_data": [
{
"product_name": "Agent Flow",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "0.43.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://grafana.com/security/security-advisories/cve-2024-8996/",
"refsource": "MISC",
"name": "https://grafana.com/security/security-advisories/cve-2024-8996/"
},
{
"url": "https://grafana.com/blog/2024/09/25/grafana-alloy-and-grafana-agent-flow-security-release-high-severity-fix-for-cve-2024-8975-and-cve-2024-8996/",
"refsource": "MISC",
"name": "https://grafana.com/blog/2024/09/25/grafana-alloy-and-grafana-agent-flow-security-release-high-severity-fix-for-cve-2024-8975-and-cve-2024-8996/"
},
{
"url": "https://github.com/grafana/agent/releases/tag/v0.43.2",
"refsource": "MISC",
"name": "https://github.com/grafana/agent/releases/tag/v0.43.2"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Edit the registry to manually<span style=\"background-color: transparent;\"><span style=\"background-color: transparent;\"> add the double quotes manually to `Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Grafana Agent Flow`</span>\n\n</span>\n\n<br>"
}
],
"value": "Edit the registry to manually add the double quotes manually to `Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Grafana Agent Flow`"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uninstall Agent Flow, and then perform a clean install with version either 0.43.1 or a higher version<br>"
}
],
"value": "Uninstall Agent Flow, and then perform a clean install with version either 0.43.1 or a higher version"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2024/9xxx/CVE-2024-9177.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9177",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9178.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9178",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9179.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9179",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9180.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9180",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9181.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9181",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9182.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9182",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9183.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9183",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9184.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9184",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9185.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9185",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9186.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9186",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9196.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9196",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9197.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9197",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9198.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9198",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9199.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9199",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9200.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9200",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9201.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9201",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}