admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-02 15:03:20 +00:00
parent e543fbd842
commit df0ac23dc3
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
49 changed files with 448 additions and 2543 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/28xxx/CVE-2023-28826.json
View File

@ -95,6 +95,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

11
2023/5xxx/CVE-2023-5178.json
View File

@ -174,12 +174,6 @@
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
@ -631,11 +625,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1269"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1278",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1278"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5178",
"refsource": "MISC",

11
2024/0xxx/CVE-2024-0646.json
View File

@ -179,12 +179,6 @@
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
@ -482,11 +476,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1269"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1278",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1278"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0646",
"refsource": "MISC",

5
2024/0xxx/CVE-2024-0670.json
View File

@ -69,6 +69,11 @@
"url": "https://checkmk.com/werk/16361",
"refsource": "MISC",
"name": "https://checkmk.com/werk/16361"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/29",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/29"
}
]
},

5
2024/22xxx/CVE-2024-22099.json
View File

@ -64,11 +64,6 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/"
}
]
},

5
2024/23xxx/CVE-2024-23201.json
View File

@ -144,6 +144,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23204.json
View File

@ -127,11 +127,6 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23216.json
View File

@ -78,6 +78,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23218.json
View File

@ -149,6 +149,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23225.json
View File

@ -123,6 +123,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23227.json
View File

@ -78,6 +78,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23234.json
View File

@ -78,6 +78,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23244.json
View File

@ -68,6 +68,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/21",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23245.json
View File

@ -78,6 +78,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23265.json
View File

@ -161,6 +161,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23267.json
View File

@ -78,6 +78,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23268.json
View File

@ -78,6 +78,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23270.json
View File

@ -117,6 +117,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23272.json
View File

@ -78,6 +78,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23275.json
View File

@ -78,6 +78,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

5
2024/23xxx/CVE-2024-23276.json
View File

@ -73,6 +73,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/21",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
}
]
}

5
2024/23xxx/CVE-2024-23286.json
View File

@ -161,6 +161,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Mar/22",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/22"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/23",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/23"
}
]
}

99
2024/23xxx/CVE-2024-23494.json
View File

@ -1,108 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23494",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nSQL injection vulnerability exists in GetDIAE_unListParameters.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper neutralization of special elements used in an SQL command ('SQL injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Delta Electronics",
"product": {
"product_data": [
{
"product_name": "DIAEnergie",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v1.10.00.005"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-074-12",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en/customerService\">Delta Electronics' regional sales or agents</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

99
2024/23xxx/CVE-2024-23975.json
View File

@ -1,108 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23975",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nSQL injection vulnerability exists in GetDIAE_slogListParameters.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection') ",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Delta Electronics",
"product": {
"product_data": [
{
"product_name": "DIAEnergie",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v1.10.00.005"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-074-12",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en/customerService\">Delta Electronics' regional sales or agents</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

99
2024/25xxx/CVE-2024-25567.json
View File

@ -1,108 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25567",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nPath traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper limitation of a pathname to a restricted directory ('Path traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Delta Electronics",
"product": {
"product_data": [
{
"product_name": "DIAEnergie",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v1.10.00.005"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-074-12",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en/customerService\">Delta Electronics' regional sales or agents</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

99
2024/25xxx/CVE-2024-25574.json
View File

@ -1,108 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25574",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nSQL injection vulnerability exists in GetDIAE_usListParameters.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Delta Electronics",
"product": {
"product_data": [
{
"product_name": "DIAEnergie",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v1.10.00.005"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-074-12",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en/customerService\">Delta Electronics' regional sales or agents</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

99
2024/25xxx/CVE-2024-25937.json
View File

@ -1,108 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25937",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nSQL injection vulnerability exists in the script DIAE_tagHandler.ashx.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Delta Electronics",
"product": {
"product_data": [
{
"product_name": "DIAEnergie",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v1.10.00.005"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-074-12",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en/customerService\">Delta Electronics' regional sales or agents</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

154
2024/26xxx/CVE-2024-26609.json
View File

@ -5,164 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-26609",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject QUEUE/DROP verdict parameters\n\nThis reverts commit e0abdadcc6e1.\n\ncore.c:nf_hook_slow assumes that the upper 16 bits of NF_DROP\nverdicts contain a valid errno, i.e. -EPERM, -EHOSTUNREACH or similar,\nor 0.\n\nDue to the reverted commit, its possible to provide a positive\nvalue, e.g. NF_ACCEPT (1), which results in use-after-free.\n\nIts not clear to me why this commit was made.\n\nNF_QUEUE is not used by nftables; \"queue\" rules in nftables\nwill result in use of \"nft_queue\" expression.\n\nIf we later need to allow specifiying errno values from userspace\n(do not know why), this has to call NF_DROP_GETERR and check that\n\"err <= 0\" holds true."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e0abdadcc6e1",
"version_value": "8365e9d92b85"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.15",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.307",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.269",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.210",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.149",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.76",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.15",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.3",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8365e9d92b85fda975a5ece7a3a139cb964018c8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8365e9d92b85fda975a5ece7a3a139cb964018c8"
},
{
"url": "https://git.kernel.org/stable/c/4e66422f1b56149761dc76030e6345d1cca6f869",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/4e66422f1b56149761dc76030e6345d1cca6f869"
},
{
"url": "https://git.kernel.org/stable/c/55a60251fa50d4e68175e36666b536a602ce4f6c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/55a60251fa50d4e68175e36666b536a602ce4f6c"
},
{
"url": "https://git.kernel.org/stable/c/960cf4f812530f01f6acc6878ceaa5404c06af7b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/960cf4f812530f01f6acc6878ceaa5404c06af7b"
},
{
"url": "https://git.kernel.org/stable/c/8e34430e33b8a80bc014f3efe29cac76bc30a4b4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8e34430e33b8a80bc014f3efe29cac76bc30a4b4"
},
{
"url": "https://git.kernel.org/stable/c/6653118b176a00915125521c6572ae8e507621db",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6653118b176a00915125521c6572ae8e507621db"
},
{
"url": "https://git.kernel.org/stable/c/f05a497e7bc8851eeeb3a58da180ba469efebb05",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f05a497e7bc8851eeeb3a58da180ba469efebb05"
},
{
"url": "https://git.kernel.org/stable/c/f342de4e2f33e0e39165d8639387aa6c19dff660",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f342de4e2f33e0e39165d8639387aa6c19dff660"
}
]
},
"generator": {
"engine": "bippy-8df59b4913de"
}
}

154
2024/26xxx/CVE-2024-26613.json
View File

@ -5,164 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-26613",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv\n\nSyzcaller UBSAN crash occurs in rds_cmsg_recv(),\nwhich reads inc->i_rx_lat_trace[j + 1] with index 4 (3 + 1),\nbut with array size of 4 (RDS_RX_MAX_TRACES).\nHere 'j' is assigned from rs->rs_rx_trace[i] and in-turn from\ntrace.rx_trace_pos[i] in rds_recv_track_latency(),\nwith both arrays sized 3 (RDS_MSG_RX_DGRAM_TRACE_MAX). So fix the\noff-by-one bounds check in rds_recv_track_latency() to prevent\na potential crash in rds_cmsg_recv().\n\nFound by syzcaller:\n=================================================================\nUBSAN: array-index-out-of-bounds in net/rds/recv.c:585:39\nindex 4 is out of range for type 'u64 [4]'\nCPU: 1 PID: 8058 Comm: syz-executor228 Not tainted 6.6.0-gd2f51b3516da #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS 1.15.0-1 04/01/2014\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x136/0x150 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0xd5/0x130 lib/ubsan.c:348\n rds_cmsg_recv+0x60d/0x700 net/rds/recv.c:585\n rds_recvmsg+0x3fb/0x1610 net/rds/recv.c:716\n sock_recvmsg_nosec net/socket.c:1044 [inline]\n sock_recvmsg+0xe2/0x160 net/socket.c:1066\n __sys_recvfrom+0x1b6/0x2f0 net/socket.c:2246\n __do_sys_recvfrom net/socket.c:2264 [inline]\n __se_sys_recvfrom net/socket.c:2260 [inline]\n __x64_sys_recvfrom+0xe0/0x1b0 net/socket.c:2260\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n=================================================================="
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3289025aedc0",
"version_value": "344350bfa3b4"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.11",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.307",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.269",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.210",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.149",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.76",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.15",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.3",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/344350bfa3b4b37d7c3d5a00536e6fbf0e953fbf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/344350bfa3b4b37d7c3d5a00536e6fbf0e953fbf"
},
{
"url": "https://git.kernel.org/stable/c/a37ae111db5e0f7e3d6b692056c30e3e0f6f79cd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a37ae111db5e0f7e3d6b692056c30e3e0f6f79cd"
},
{
"url": "https://git.kernel.org/stable/c/5ae8d50044633306ff160fcf7faa24994175efe1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5ae8d50044633306ff160fcf7faa24994175efe1"
},
{
"url": "https://git.kernel.org/stable/c/00d1ee8e1d02194f7b7b433e904e04bbcd2cc0dc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/00d1ee8e1d02194f7b7b433e904e04bbcd2cc0dc"
},
{
"url": "https://git.kernel.org/stable/c/71024928b3f71ce4529426f8692943205c58d30b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/71024928b3f71ce4529426f8692943205c58d30b"
},
{
"url": "https://git.kernel.org/stable/c/7a73190ea557e7f26914b0fe04c1f57a96cb771f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7a73190ea557e7f26914b0fe04c1f57a96cb771f"
},
{
"url": "https://git.kernel.org/stable/c/0b787c2dea15e7a2828fa3a74a5447df4ed57711",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0b787c2dea15e7a2828fa3a74a5447df4ed57711"
},
{
"url": "https://git.kernel.org/stable/c/13e788deb7348cc88df34bed736c3b3b9927ea52",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/13e788deb7348cc88df34bed736c3b3b9927ea52"
}
]
},
"generator": {
"engine": "bippy-8df59b4913de"
}
}

5
2024/26xxx/CVE-2024-26622.json
View File

@ -137,6 +137,11 @@
"url": "https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/"
}
]
},

10
2024/27xxx/CVE-2024-27507.json
View File

@ -61,16 +61,6 @@
"refsource": "FEDORA",
"name": "FEDORA-2024-34301311f8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVOY7E2QWQRVXZTJGI7Z4KXGSU6BGEKH/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2024-ef8c8a8b37",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QRV2D4GYUZNZRJHVGFSYSOSZLCETI4E/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2024-0a0b1533f7",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2B6GZQ3WUVFNAAWFQJAQY7UM4OH5TA/"
}
]
}

99
2024/28xxx/CVE-2024-28029.json
View File

@ -1,108 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28029",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nPrivileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Delta Electronics",
"product": {
"product_data": [
{
"product_name": "DIAEnergie",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v1.10.00.005"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-074-12",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en/customerService\">Delta Electronics' regional sales or agents</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

99
2024/28xxx/CVE-2024-28040.json
View File

@ -1,108 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28040",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nSQL injection vulnerability exists in GetDIAE_astListParameters.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection') ",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Delta Electronics",
"product": {
"product_data": [
{
"product_name": "DIAEnergie",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v1.10.00.005"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-074-12",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en/customerService\">Delta Electronics' regional sales or agents</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

99
2024/28xxx/CVE-2024-28045.json
View File

@ -1,108 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28045",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nImproper neutralization of input within the affected product could lead to cross-site scripting.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper neutralization of input during web page generation ('Cross-site scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Delta Electronics",
"product": {
"product_data": [
{
"product_name": "DIAEnergie",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v1.10.00.005"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-074-12",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en/customerService\">Delta Electronics' regional sales or agents</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

99
2024/28xxx/CVE-2024-28171.json
View File

@ -1,108 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28171",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nIt is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper limitation of a pathname to a restricted directory ('Path traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Delta Electronics",
"product": {
"product_data": [
{
"product_name": "DIAEnergie",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v1.10.00.005"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-074-12",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Delta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en/customerService\">Delta Electronics' regional sales or agents</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

5
2024/2xxx/CVE-2024-2044.json
View File

@ -72,11 +72,6 @@
"url": "https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/",
"refsource": "MISC",
"name": "https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUYN2JXKKHFSVTASH344TBRGWDH64XQV/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUYN2JXKKHFSVTASH344TBRGWDH64XQV/"
}
]
},

10
2024/2xxx/CVE-2024-2057.json
View File

@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Harrison Chase LangChain 0.1.9. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255372."
"value": "A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.27 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-255372."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in Harrison Chase LangChain 0.1.9 ausgemacht. Es geht dabei um die Funktion load_local in der Bibliothek libs/community/langchain_community/retrievers/tfidf.py. Durch das Manipulieren mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
"value": "Es wurde eine kritische Schwachstelle in LangChain langchain_community 0.0.26 ausgemacht. Es geht dabei um die Funktion load_local in der Bibliothek libs/community/langchain_community/retrievers/tfidf.py der Komponente TFIDFRetriever. Durch das Manipulieren mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.0.27 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
@ -36,16 +36,16 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Harrison Chase",
"vendor_name": "LangChain",
"product": {
"product_data": [
{
"product_name": "LangChain",
"product_name": "langchain_community",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.1.9"
"version_value": "0.0.26"
}
]
}

95
2024/2xxx/CVE-2024-2391.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2391",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in EVE-NG 5.0.1-13 and classified as problematic. Affected by this issue is some unknown functionality of the component Lab Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256442 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in EVE-NG 5.0.1-13 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Lab Handler. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "EVE-NG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.0.1-13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.256442",
"refsource": "MISC",
"name": "https://vuldb.com/?id.256442"
},
{
"url": "https://vuldb.com/?ctiid.256442",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.256442"
},
{
"url": "https://www.exploit-db.com/exploits/51153",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/51153"
}
]
},
"credits": [
{
"lang": "en",
"value": "Casp3r0x0 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}

95
2024/2xxx/CVE-2024-2393.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2393",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file add_user.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256453 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In SourceCodester CRUD without Page Reload 1.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei add_user.php. Durch Beeinflussen des Arguments city mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "CRUD without Page Reload",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.256453",
"refsource": "MISC",
"name": "https://vuldb.com/?id.256453"
},
{
"url": "https://vuldb.com/?ctiid.256453",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.256453"
},
{
"url": "https://github.com/CveSecLook/cve/blob/main/CRUD%20(Create%2C%20Read%2C%20Update%2C%20Delete)%20Without%20Page%20Reload%3ARefresh%20Using%20PHP%20and%20MySQL%20with%20Source%20Code%202/sql-1.md",
"refsource": "MISC",
"name": "https://github.com/CveSecLook/cve/blob/main/CRUD%20(Create%2C%20Read%2C%20Update%2C%20Delete)%20Without%20Page%20Reload%3ARefresh%20Using%20PHP%20and%20MySQL%20with%20Source%20Code%202/sql-1.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "404cchd (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

95
2024/2xxx/CVE-2024-2394.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2394",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256454 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in SourceCodester Employee Management System 1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /Admin/add-admin.php. Dank der Manipulation des Arguments avatar mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Employee Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.256454",
"refsource": "MISC",
"name": "https://vuldb.com/?id.256454"
},
{
"url": "https://vuldb.com/?ctiid.256454",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.256454"
},
{
"url": "https://github.com/LiAoRJ/CVE_Hunter/blob/main/RCE-1.md",
"refsource": "MISC",
"name": "https://github.com/LiAoRJ/CVE_Hunter/blob/main/RCE-1.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "LiAoRJ (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.7,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
}
]
}

456
2024/2xxx/CVE-2024-2398.json
View File

@ -1,464 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2398",
"ASSIGNER": "cve@curl.se",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application."
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-772 Missing Release of Resource after Effective Lifetime "
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "curl",
"product": {
"product_data": [
{
"product_name": "curl",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "8.6.0",
"version_value": "8.6.0"
},
{
"version_affected": "<=",
"version_name": "8.5.0",
"version_value": "8.5.0"
},
{
"version_affected": "<=",
"version_name": "8.4.0",
"version_value": "8.4.0"
},
{
"version_affected": "<=",
"version_name": "8.3.0",
"version_value": "8.3.0"
},
{
"version_affected": "<=",
"version_name": "8.2.1",
"version_value": "8.2.1"
},
{
"version_affected": "<=",
"version_name": "8.2.0",
"version_value": "8.2.0"
},
{
"version_affected": "<=",
"version_name": "8.1.2",
"version_value": "8.1.2"
},
{
"version_affected": "<=",
"version_name": "8.1.1",
"version_value": "8.1.1"
},
{
"version_affected": "<=",
"version_name": "8.1.0",
"version_value": "8.1.0"
},
{
"version_affected": "<=",
"version_name": "8.0.1",
"version_value": "8.0.1"
},
{
"version_affected": "<=",
"version_name": "8.0.0",
"version_value": "8.0.0"
},
{
"version_affected": "<=",
"version_name": "7.88.1",
"version_value": "7.88.1"
},
{
"version_affected": "<=",
"version_name": "7.88.0",
"version_value": "7.88.0"
},
{
"version_affected": "<=",
"version_name": "7.87.0",
"version_value": "7.87.0"
},
{
"version_affected": "<=",
"version_name": "7.86.0",
"version_value": "7.86.0"
},
{
"version_affected": "<=",
"version_name": "7.85.0",
"version_value": "7.85.0"
},
{
"version_affected": "<=",
"version_name": "7.84.0",
"version_value": "7.84.0"
},
{
"version_affected": "<=",
"version_name": "7.83.1",
"version_value": "7.83.1"
},
{
"version_affected": "<=",
"version_name": "7.83.0",
"version_value": "7.83.0"
},
{
"version_affected": "<=",
"version_name": "7.82.0",
"version_value": "7.82.0"
},
{
"version_affected": "<=",
"version_name": "7.81.0",
"version_value": "7.81.0"
},
{
"version_affected": "<=",
"version_name": "7.80.0",
"version_value": "7.80.0"
},
{
"version_affected": "<=",
"version_name": "7.79.1",
"version_value": "7.79.1"
},
{
"version_affected": "<=",
"version_name": "7.79.0",
"version_value": "7.79.0"
},
{
"version_affected": "<=",
"version_name": "7.78.0",
"version_value": "7.78.0"
},
{
"version_affected": "<=",
"version_name": "7.77.0",
"version_value": "7.77.0"
},
{
"version_affected": "<=",
"version_name": "7.76.1",
"version_value": "7.76.1"
},
{
"version_affected": "<=",
"version_name": "7.76.0",
"version_value": "7.76.0"
},
{
"version_affected": "<=",
"version_name": "7.75.0",
"version_value": "7.75.0"
},
{
"version_affected": "<=",
"version_name": "7.74.0",
"version_value": "7.74.0"
},
{
"version_affected": "<=",
"version_name": "7.73.0",
"version_value": "7.73.0"
},
{
"version_affected": "<=",
"version_name": "7.72.0",
"version_value": "7.72.0"
},
{
"version_affected": "<=",
"version_name": "7.71.1",
"version_value": "7.71.1"
},
{
"version_affected": "<=",
"version_name": "7.71.0",
"version_value": "7.71.0"
},
{
"version_affected": "<=",
"version_name": "7.70.0",
"version_value": "7.70.0"
},
{
"version_affected": "<=",
"version_name": "7.69.1",
"version_value": "7.69.1"
},
{
"version_affected": "<=",
"version_name": "7.69.0",
"version_value": "7.69.0"
},
{
"version_affected": "<=",
"version_name": "7.68.0",
"version_value": "7.68.0"
},
{
"version_affected": "<=",
"version_name": "7.67.0",
"version_value": "7.67.0"
},
{
"version_affected": "<=",
"version_name": "7.66.0",
"version_value": "7.66.0"
},
{
"version_affected": "<=",
"version_name": "7.65.3",
"version_value": "7.65.3"
},
{
"version_affected": "<=",
"version_name": "7.65.2",
"version_value": "7.65.2"
},
{
"version_affected": "<=",
"version_name": "7.65.1",
"version_value": "7.65.1"
},
{
"version_affected": "<=",
"version_name": "7.65.0",
"version_value": "7.65.0"
},
{
"version_affected": "<=",
"version_name": "7.64.1",
"version_value": "7.64.1"
},
{
"version_affected": "<=",
"version_name": "7.64.0",
"version_value": "7.64.0"
},
{
"version_affected": "<=",
"version_name": "7.63.0",
"version_value": "7.63.0"
},
{
"version_affected": "<=",
"version_name": "7.62.0",
"version_value": "7.62.0"
},
{
"version_affected": "<=",
"version_name": "7.61.1",
"version_value": "7.61.1"
},
{
"version_affected": "<=",
"version_name": "7.61.0",
"version_value": "7.61.0"
},
{
"version_affected": "<=",
"version_name": "7.60.0",
"version_value": "7.60.0"
},
{
"version_affected": "<=",
"version_name": "7.59.0",
"version_value": "7.59.0"
},
{
"version_affected": "<=",
"version_name": "7.58.0",
"version_value": "7.58.0"
},
{
"version_affected": "<=",
"version_name": "7.57.0",
"version_value": "7.57.0"
},
{
"version_affected": "<=",
"version_name": "7.56.1",
"version_value": "7.56.1"
},
{
"version_affected": "<=",
"version_name": "7.56.0",
"version_value": "7.56.0"
},
{
"version_affected": "<=",
"version_name": "7.55.1",
"version_value": "7.55.1"
},
{
"version_affected": "<=",
"version_name": "7.55.0",
"version_value": "7.55.0"
},
{
"version_affected": "<=",
"version_name": "7.54.1",
"version_value": "7.54.1"
},
{
"version_affected": "<=",
"version_name": "7.54.0",
"version_value": "7.54.0"
},
{
"version_affected": "<=",
"version_name": "7.53.1",
"version_value": "7.53.1"
},
{
"version_affected": "<=",
"version_name": "7.53.0",
"version_value": "7.53.0"
},
{
"version_affected": "<=",
"version_name": "7.52.1",
"version_value": "7.52.1"
},
{
"version_affected": "<=",
"version_name": "7.52.0",
"version_value": "7.52.0"
},
{
"version_affected": "<=",
"version_name": "7.51.0",
"version_value": "7.51.0"
},
{
"version_affected": "<=",
"version_name": "7.50.3",
"version_value": "7.50.3"
},
{
"version_affected": "<=",
"version_name": "7.50.2",
"version_value": "7.50.2"
},
{
"version_affected": "<=",
"version_name": "7.50.1",
"version_value": "7.50.1"
},
{
"version_affected": "<=",
"version_name": "7.50.0",
"version_value": "7.50.0"
},
{
"version_affected": "<=",
"version_name": "7.49.1",
"version_value": "7.49.1"
},
{
"version_affected": "<=",
"version_name": "7.49.0",
"version_value": "7.49.0"
},
{
"version_affected": "<=",
"version_name": "7.48.0",
"version_value": "7.48.0"
},
{
"version_affected": "<=",
"version_name": "7.47.1",
"version_value": "7.47.1"
},
{
"version_affected": "<=",
"version_name": "7.47.0",
"version_value": "7.47.0"
},
{
"version_affected": "<=",
"version_name": "7.46.0",
"version_value": "7.46.0"
},
{
"version_affected": "<=",
"version_name": "7.45.0",
"version_value": "7.45.0"
},
{
"version_affected": "<=",
"version_name": "7.44.0",
"version_value": "7.44.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://curl.se/docs/CVE-2024-2398.json",
"refsource": "MISC",
"name": "https://curl.se/docs/CVE-2024-2398.json"
},
{
"url": "https://curl.se/docs/CVE-2024-2398.html",
"refsource": "MISC",
"name": "https://curl.se/docs/CVE-2024-2398.html"
},
{
"url": "https://hackerone.com/reports/2402845",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2402845"
}
]
},
"credits": [
{
"lang": "en",
"value": "w0x42 on hackerone"
},
{
"lang": "en",
"value": "Stefan Eissing"
}
]
}
}

80
2024/2xxx/CVE-2024-2399.json
View File

@ -1,89 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2399",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Premium Addons for Elementor",
"product": {
"product_data": [
{
"product_name": "Premium Addons Pro for Elementor",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "4.10.23"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc057069-15cd-477f-9106-e616e919c62f?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc057069-15cd-477f-9106-e616e919c62f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.10.23/widgets/premium-media-wheel.php#L2753",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.10.23/widgets/premium-media-wheel.php#L2753"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3051259/premium-addons-for-elementor/trunk/widgets/premium-media-wheel.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3051259/premium-addons-for-elementor/trunk/widgets/premium-media-wheel.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "wesley"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

69
2024/2xxx/CVE-2024-2400.json
View File

@ -1,78 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2400",
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "122.0.6261.128",
"version_value": "122.0.6261.128"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/327696052",
"refsource": "MISC",
"name": "https://issues.chromium.org/issues/327696052"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T55OZ7JOMLNT5ICM4DTCZOJZD6TZICKO/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T55OZ7JOMLNT5ICM4DTCZOJZD6TZICKO/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIKPDCUMQNF2DFB7TU3V4ISJ7WFJH7YI/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIKPDCUMQNF2DFB7TU3V4ISJ7WFJH7YI/"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

60
2024/2xxx/CVE-2024-2403.json
View File

@ -1,70 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2403",
"ASSIGNER": "security@devolutions.net",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nImproper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and\nearlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.\n\n"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Devolutions",
"product": {
"product_data": [
{
"product_name": "Remote Desktop Manager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2024.1.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2024-0004",
"refsource": "MISC",
"name": "https://devolutions.net/security/advisories/DEVO-2024-0004"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
}
}

4
2024/2xxx/CVE-2024-2412.json
View File

@ -68,9 +68,9 @@
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html",
"url": "https://www.twcert.org.tw/tw/lp-132-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html"
"name": "https://www.twcert.org.tw/tw/lp-132-1.html"
}
]
},

93
2024/2xxx/CVE-2024-2413.json
View File

@ -1,102 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2413",
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321: Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Intumit",
"product": {
"product_data": [
{
"product_name": "SmartRobot",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "earlier version",
"version_value": "v6.1.2-202212tw"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "TVN-202403002",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to v6.2.0-202303tw or later version or change current encryption key."
}
],
"value": "Update to v6.2.0-202303tw or later version or change current encryption key."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

195
2024/2xxx/CVE-2024-2431.json
View File

@ -1,204 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2431",
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "6.0.4",
"status": "unaffected"
}
],
"lessThan": "6.0.4",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.1.12",
"status": "unaffected"
}
],
"lessThan": "5.1.12",
"status": "affected",
"version": "5.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.2.13",
"status": "unaffected"
}
],
"lessThan": "5.2.13",
"status": "affected",
"version": "5.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.1.1",
"status": "unaffected"
}
],
"lessThan": "6.1.1",
"status": "affected",
"version": "6.1",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.2"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-2431",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-2431"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"GPC-15349"
],
"discovery": "EXTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This is an issue only if \"Allow User to Disable GlobalProtect App\" is set to \"Allow with Passcode\". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed."
}
],
"value": "This is an issue only if \"Allow User to Disable GlobalProtect App\" is set to \"Allow with Passcode\". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed."
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "You can mitigate this issue by setting \"Allow User to Disable GlobalProtect App\" to \"Disallow\" or \"Allow with Ticket.\"<br>"
}
],
"value": "You can mitigate this issue by setting \"Allow User to Disable GlobalProtect App\" to \"Disallow\" or \"Allow with Ticket.\"\n"
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.<br>"
}
],
"value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.\n"
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks AIG Red Team and Stephen Collyer for discovering and reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

165
2024/2xxx/CVE-2024-2432.json
View File

@ -1,174 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2432",
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "5.1.12",
"status": "unaffected"
}
],
"lessThan": "5.1.12",
"status": "affected",
"version": "5.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.0.8",
"status": "unaffected"
}
],
"lessThan": "6.0.8",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.1.2",
"status": "unaffected"
}
],
"lessThan": "6.1.2",
"status": "affected",
"version": "6.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.2.1",
"status": "unaffected"
}
],
"lessThan": "6.2.1",
"status": "affected",
"version": "6.2",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-2432",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-2432"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"GPC-18129"
],
"discovery": "EXTERNAL"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.2, GlobalProtect app 6.2.1, and all later GlobalProtect app versions on Windows.<br>"
}
],
"value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.2, GlobalProtect app 6.2.1, and all later GlobalProtect app versions on Windows.\n"
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Erwin Chan for discovering and reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

233
2024/2xxx/CVE-2024-2433.json
View File

@ -1,242 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2433",
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. \n\n\n\nThis issue affects only the web interface of the management plane; the dataplane is unaffected.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "9.0.17-h4",
"status": "unaffected"
}
],
"lessThan": "9.0.17-h4",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "9.1.17",
"status": "unaffected"
}
],
"lessThan": "9.1.17",
"status": "affected",
"version": "9.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.12",
"status": "unaffected"
}
],
"lessThan": "10.1.12",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.8",
"status": "unaffected"
}
],
"lessThan": "10.2.8",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.0.3",
"status": "unaffected"
}
],
"lessThan": "11.0.3",
"status": "affected",
"version": "11.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "11.1"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Cloud NGFW",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Prisma Access",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-2433",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-2433"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"PAN-181876",
"PAN-218663"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the effect of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices\">https://docs.paloaltonetworks.com/best-practices</a>.<br>"
}
],
"value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the effect of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices .\n"
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Panorama on PAN-OS 9.0.17-h4, PAN-OS 9.1.18, PAN-OS 10.1.12, PAN-OS 10.2.11, PAN-OS 11.0.4, and all later PAN-OS versions.<br>"
}
],
"value": "This issue is fixed in Panorama on PAN-OS 9.0.17-h4, PAN-OS 9.1.18, PAN-OS 10.1.12, PAN-OS 10.2.11, PAN-OS 11.0.4, and all later PAN-OS versions.\n"
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Omar Eissa (https://de.linkedin.com/in/oeissa) for discovering and reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}