From df0ac23dc3212b54a19c23d1f621eb90afa87d05 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 15:03:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/28xxx/CVE-2023-28826.json | 5 + 2023/5xxx/CVE-2023-5178.json | 11 - 2024/0xxx/CVE-2024-0646.json | 11 - 2024/0xxx/CVE-2024-0670.json | 5 + 2024/22xxx/CVE-2024-22099.json | 5 - 2024/23xxx/CVE-2024-23201.json | 5 + 2024/23xxx/CVE-2024-23204.json | 5 - 2024/23xxx/CVE-2024-23216.json | 5 + 2024/23xxx/CVE-2024-23218.json | 5 + 2024/23xxx/CVE-2024-23225.json | 5 + 2024/23xxx/CVE-2024-23227.json | 5 + 2024/23xxx/CVE-2024-23234.json | 5 + 2024/23xxx/CVE-2024-23244.json | 5 + 2024/23xxx/CVE-2024-23245.json | 5 + 2024/23xxx/CVE-2024-23265.json | 5 + 2024/23xxx/CVE-2024-23267.json | 5 + 2024/23xxx/CVE-2024-23268.json | 5 + 2024/23xxx/CVE-2024-23270.json | 5 + 2024/23xxx/CVE-2024-23272.json | 5 + 2024/23xxx/CVE-2024-23275.json | 5 + 2024/23xxx/CVE-2024-23276.json | 5 + 2024/23xxx/CVE-2024-23286.json | 5 + 2024/23xxx/CVE-2024-23494.json | 99 +------ 2024/23xxx/CVE-2024-23975.json | 99 +------ 2024/25xxx/CVE-2024-25567.json | 99 +------ 2024/25xxx/CVE-2024-25574.json | 99 +------ 2024/25xxx/CVE-2024-25937.json | 99 +------ 2024/26xxx/CVE-2024-26609.json | 154 +---------- 2024/26xxx/CVE-2024-26613.json | 154 +---------- 2024/26xxx/CVE-2024-26622.json | 5 + 2024/27xxx/CVE-2024-27507.json | 10 - 2024/28xxx/CVE-2024-28029.json | 99 +------ 2024/28xxx/CVE-2024-28040.json | 99 +------ 2024/28xxx/CVE-2024-28045.json | 99 +------ 2024/28xxx/CVE-2024-28171.json | 99 +------ 2024/2xxx/CVE-2024-2044.json | 5 - 2024/2xxx/CVE-2024-2057.json | 10 +- 2024/2xxx/CVE-2024-2391.json | 95 ++++++- 2024/2xxx/CVE-2024-2393.json | 95 ++++++- 2024/2xxx/CVE-2024-2394.json | 95 ++++++- 2024/2xxx/CVE-2024-2398.json | 456 +-------------------------------- 2024/2xxx/CVE-2024-2399.json | 80 +----- 2024/2xxx/CVE-2024-2400.json | 69 +---- 2024/2xxx/CVE-2024-2403.json | 60 +---- 2024/2xxx/CVE-2024-2412.json | 4 +- 2024/2xxx/CVE-2024-2413.json | 93 +------ 2024/2xxx/CVE-2024-2431.json | 195 +------------- 2024/2xxx/CVE-2024-2432.json | 165 +----------- 2024/2xxx/CVE-2024-2433.json | 233 +---------------- 49 files changed, 448 insertions(+), 2543 deletions(-) diff --git a/2023/28xxx/CVE-2023-28826.json b/2023/28xxx/CVE-2023-28826.json index 50b4271300f..07a568fcb73 100644 --- a/2023/28xxx/CVE-2023-28826.json +++ b/2023/28xxx/CVE-2023-28826.json @@ -95,6 +95,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2023/5xxx/CVE-2023-5178.json b/2023/5xxx/CVE-2023-5178.json index fdfcf4e9e79..346e2ee8936 100644 --- a/2023/5xxx/CVE-2023-5178.json +++ b/2023/5xxx/CVE-2023-5178.json @@ -174,12 +174,6 @@ ], "defaultStatus": "affected" } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unaffected" - } } ] } @@ -631,11 +625,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1269" }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1278", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1278" - }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5178", "refsource": "MISC", diff --git a/2024/0xxx/CVE-2024-0646.json b/2024/0xxx/CVE-2024-0646.json index 9f2240a3c35..729d79821bb 100644 --- a/2024/0xxx/CVE-2024-0646.json +++ b/2024/0xxx/CVE-2024-0646.json @@ -179,12 +179,6 @@ ], "defaultStatus": "affected" } - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unaffected" - } } ] } @@ -482,11 +476,6 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:1269" }, - { - "url": "https://access.redhat.com/errata/RHSA-2024:1278", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2024:1278" - }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0646", "refsource": "MISC", diff --git a/2024/0xxx/CVE-2024-0670.json b/2024/0xxx/CVE-2024-0670.json index e1a8e356b80..0cb67acb540 100644 --- a/2024/0xxx/CVE-2024-0670.json +++ b/2024/0xxx/CVE-2024-0670.json @@ -69,6 +69,11 @@ "url": "https://checkmk.com/werk/16361", "refsource": "MISC", "name": "https://checkmk.com/werk/16361" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/29", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/29" } ] }, diff --git a/2024/22xxx/CVE-2024-22099.json b/2024/22xxx/CVE-2024-22099.json index e029181e640..56538cc9388 100644 --- a/2024/22xxx/CVE-2024-22099.json +++ b/2024/22xxx/CVE-2024-22099.json @@ -64,11 +64,6 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/" } ] }, diff --git a/2024/23xxx/CVE-2024-23201.json b/2024/23xxx/CVE-2024-23201.json index af749bd9a89..c5174f2024e 100644 --- a/2024/23xxx/CVE-2024-23201.json +++ b/2024/23xxx/CVE-2024-23201.json @@ -144,6 +144,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23204.json b/2024/23xxx/CVE-2024-23204.json index 22ff4891855..8608d57dcf1 100644 --- a/2024/23xxx/CVE-2024-23204.json +++ b/2024/23xxx/CVE-2024-23204.json @@ -127,11 +127,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23216.json b/2024/23xxx/CVE-2024-23216.json index 996dc738cca..ca0b07a42fc 100644 --- a/2024/23xxx/CVE-2024-23216.json +++ b/2024/23xxx/CVE-2024-23216.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23218.json b/2024/23xxx/CVE-2024-23218.json index 30fbebff2b2..d00b3a3d244 100644 --- a/2024/23xxx/CVE-2024-23218.json +++ b/2024/23xxx/CVE-2024-23218.json @@ -149,6 +149,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23225.json b/2024/23xxx/CVE-2024-23225.json index 69c2bf1ecb7..01fad8906ed 100644 --- a/2024/23xxx/CVE-2024-23225.json +++ b/2024/23xxx/CVE-2024-23225.json @@ -123,6 +123,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23227.json b/2024/23xxx/CVE-2024-23227.json index 97739600418..b8c8c10e4b4 100644 --- a/2024/23xxx/CVE-2024-23227.json +++ b/2024/23xxx/CVE-2024-23227.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23234.json b/2024/23xxx/CVE-2024-23234.json index a61ff8cc35a..eed40619ad1 100644 --- a/2024/23xxx/CVE-2024-23234.json +++ b/2024/23xxx/CVE-2024-23234.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23244.json b/2024/23xxx/CVE-2024-23244.json index 8ce0ddf280a..9b00db414ca 100644 --- a/2024/23xxx/CVE-2024-23244.json +++ b/2024/23xxx/CVE-2024-23244.json @@ -68,6 +68,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23245.json b/2024/23xxx/CVE-2024-23245.json index f2cf8750d7d..894cd0f2a48 100644 --- a/2024/23xxx/CVE-2024-23245.json +++ b/2024/23xxx/CVE-2024-23245.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23265.json b/2024/23xxx/CVE-2024-23265.json index e9cfba3a180..173fcd5437a 100644 --- a/2024/23xxx/CVE-2024-23265.json +++ b/2024/23xxx/CVE-2024-23265.json @@ -161,6 +161,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23267.json b/2024/23xxx/CVE-2024-23267.json index 56e57194a13..2d00a655e22 100644 --- a/2024/23xxx/CVE-2024-23267.json +++ b/2024/23xxx/CVE-2024-23267.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23268.json b/2024/23xxx/CVE-2024-23268.json index 38c435adfa4..18ec1e320c9 100644 --- a/2024/23xxx/CVE-2024-23268.json +++ b/2024/23xxx/CVE-2024-23268.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23270.json b/2024/23xxx/CVE-2024-23270.json index 3971a1e8853..2dcd08ad7f9 100644 --- a/2024/23xxx/CVE-2024-23270.json +++ b/2024/23xxx/CVE-2024-23270.json @@ -117,6 +117,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23272.json b/2024/23xxx/CVE-2024-23272.json index fcd2d81c4a5..8882081cd2b 100644 --- a/2024/23xxx/CVE-2024-23272.json +++ b/2024/23xxx/CVE-2024-23272.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23275.json b/2024/23xxx/CVE-2024-23275.json index d93d30bc11f..2a5d62fb5d9 100644 --- a/2024/23xxx/CVE-2024-23275.json +++ b/2024/23xxx/CVE-2024-23275.json @@ -78,6 +78,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23276.json b/2024/23xxx/CVE-2024-23276.json index add41807a87..a0a9f429be1 100644 --- a/2024/23xxx/CVE-2024-23276.json +++ b/2024/23xxx/CVE-2024-23276.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23286.json b/2024/23xxx/CVE-2024-23286.json index fd7e2034948..c491cda3783 100644 --- a/2024/23xxx/CVE-2024-23286.json +++ b/2024/23xxx/CVE-2024-23286.json @@ -161,6 +161,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/23", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23494.json b/2024/23xxx/CVE-2024-23494.json index 8cd23597170..181dc12c3e3 100644 --- a/2024/23xxx/CVE-2024-23494.json +++ b/2024/23xxx/CVE-2024-23494.json @@ -1,108 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23494", - "ASSIGNER": "ics-cert@hq.dhs.gov", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "\nSQL injection vulnerability exists in GetDIAE_unListParameters.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89: Improper neutralization of special elements used in an SQL command ('SQL injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Delta Electronics", - "product": { - "product_data": [ - { - "product_name": "DIAEnergie", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "v1.10.00.005" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12", - "refsource": "MISC", - "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "advisory": "ICSA-24-074-12", - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
" - } - ], - "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n" - } - ], - "credits": [ - { - "lang": "en", - "value": "Michael Heinzl reported these vulnerabilities to CISA." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/23xxx/CVE-2024-23975.json b/2024/23xxx/CVE-2024-23975.json index 7b4c62877ff..09ec6c75f0d 100644 --- a/2024/23xxx/CVE-2024-23975.json +++ b/2024/23xxx/CVE-2024-23975.json @@ -1,108 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23975", - "ASSIGNER": "ics-cert@hq.dhs.gov", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "\nSQL injection vulnerability exists in GetDIAE_slogListParameters.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection') ", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Delta Electronics", - "product": { - "product_data": [ - { - "product_name": "DIAEnergie", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "v1.10.00.005" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12", - "refsource": "MISC", - "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "advisory": "ICSA-24-074-12", - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
" - } - ], - "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n" - } - ], - "credits": [ - { - "lang": "en", - "value": "Michael Heinzl reported these vulnerabilities to CISA" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/25xxx/CVE-2024-25567.json b/2024/25xxx/CVE-2024-25567.json index f867eaaca6a..6072f8015c1 100644 --- a/2024/25xxx/CVE-2024-25567.json +++ b/2024/25xxx/CVE-2024-25567.json @@ -1,108 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25567", - "ASSIGNER": "ics-cert@hq.dhs.gov", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "\nPath traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-22: Improper limitation of a pathname to a restricted directory ('Path traversal')", - "cweId": "CWE-22" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Delta Electronics", - "product": { - "product_data": [ - { - "product_name": "DIAEnergie", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "v1.10.00.005" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12", - "refsource": "MISC", - "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "advisory": "ICSA-24-074-12", - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
" - } - ], - "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n" - } - ], - "credits": [ - { - "lang": "en", - "value": "Michael Heinzl reported these vulnerabilities to CISA." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/25xxx/CVE-2024-25574.json b/2024/25xxx/CVE-2024-25574.json index df376dc2a2b..0a28b358593 100644 --- a/2024/25xxx/CVE-2024-25574.json +++ b/2024/25xxx/CVE-2024-25574.json @@ -1,108 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25574", - "ASSIGNER": "ics-cert@hq.dhs.gov", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "\nSQL injection vulnerability exists in GetDIAE_usListParameters.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Delta Electronics", - "product": { - "product_data": [ - { - "product_name": "DIAEnergie", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "v1.10.00.005" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12", - "refsource": "MISC", - "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "advisory": "ICSA-24-074-12", - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
" - } - ], - "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n" - } - ], - "credits": [ - { - "lang": "en", - "value": "Michael Heinzl reported these vulnerabilities to CISA." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/25xxx/CVE-2024-25937.json b/2024/25xxx/CVE-2024-25937.json index 1953d7f858c..c90c9550bb8 100644 --- a/2024/25xxx/CVE-2024-25937.json +++ b/2024/25xxx/CVE-2024-25937.json @@ -1,108 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25937", - "ASSIGNER": "ics-cert@hq.dhs.gov", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "\nSQL injection vulnerability exists in the script DIAE_tagHandler.ashx.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Delta Electronics", - "product": { - "product_data": [ - { - "product_name": "DIAEnergie", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "v1.10.00.005" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12", - "refsource": "MISC", - "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "advisory": "ICSA-24-074-12", - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
" - } - ], - "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n" - } - ], - "credits": [ - { - "lang": "en", - "value": "Michael Heinzl reported these vulnerabilities to CISA." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/26xxx/CVE-2024-26609.json b/2024/26xxx/CVE-2024-26609.json index 608e592cb84..c336df4f04b 100644 --- a/2024/26xxx/CVE-2024-26609.json +++ b/2024/26xxx/CVE-2024-26609.json @@ -5,164 +5,14 @@ "CVE_data_meta": { "ID": "CVE-2024-26609", "ASSIGNER": "cve@kernel.org", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject QUEUE/DROP verdict parameters\n\nThis reverts commit e0abdadcc6e1.\n\ncore.c:nf_hook_slow assumes that the upper 16 bits of NF_DROP\nverdicts contain a valid errno, i.e. -EPERM, -EHOSTUNREACH or similar,\nor 0.\n\nDue to the reverted commit, its possible to provide a positive\nvalue, e.g. NF_ACCEPT (1), which results in use-after-free.\n\nIts not clear to me why this commit was made.\n\nNF_QUEUE is not used by nftables; \"queue\" rules in nftables\nwill result in use of \"nft_queue\" expression.\n\nIf we later need to allow specifiying errno values from userspace\n(do not know why), this has to call NF_DROP_GETERR and check that\n\"err <= 0\" holds true." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Linux", - "product": { - "product_data": [ - { - "product_name": "Linux", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "e0abdadcc6e1", - "version_value": "8365e9d92b85" - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "3.15", - "status": "affected" - }, - { - "version": "0", - "lessThan": "3.15", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "4.19.307", - "lessThanOrEqual": "4.19.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "5.4.269", - "lessThanOrEqual": "5.4.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "5.10.210", - "lessThanOrEqual": "5.10.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "5.15.149", - "lessThanOrEqual": "5.15.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "6.1.76", - "lessThanOrEqual": "6.1.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "6.6.15", - "lessThanOrEqual": "6.6.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "6.7.3", - "lessThanOrEqual": "6.7.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "6.8", - "lessThanOrEqual": "*", - "status": "unaffected", - "versionType": "original_commit_for_fix" - } - ], - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://git.kernel.org/stable/c/8365e9d92b85fda975a5ece7a3a139cb964018c8", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/8365e9d92b85fda975a5ece7a3a139cb964018c8" - }, - { - "url": "https://git.kernel.org/stable/c/4e66422f1b56149761dc76030e6345d1cca6f869", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/4e66422f1b56149761dc76030e6345d1cca6f869" - }, - { - "url": "https://git.kernel.org/stable/c/55a60251fa50d4e68175e36666b536a602ce4f6c", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/55a60251fa50d4e68175e36666b536a602ce4f6c" - }, - { - "url": "https://git.kernel.org/stable/c/960cf4f812530f01f6acc6878ceaa5404c06af7b", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/960cf4f812530f01f6acc6878ceaa5404c06af7b" - }, - { - "url": "https://git.kernel.org/stable/c/8e34430e33b8a80bc014f3efe29cac76bc30a4b4", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/8e34430e33b8a80bc014f3efe29cac76bc30a4b4" - }, - { - "url": "https://git.kernel.org/stable/c/6653118b176a00915125521c6572ae8e507621db", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/6653118b176a00915125521c6572ae8e507621db" - }, - { - "url": "https://git.kernel.org/stable/c/f05a497e7bc8851eeeb3a58da180ba469efebb05", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/f05a497e7bc8851eeeb3a58da180ba469efebb05" - }, - { - "url": "https://git.kernel.org/stable/c/f342de4e2f33e0e39165d8639387aa6c19dff660", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/f342de4e2f33e0e39165d8639387aa6c19dff660" - } - ] - }, - "generator": { - "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26613.json b/2024/26xxx/CVE-2024-26613.json index 6a85911fbfb..4b0dea0e131 100644 --- a/2024/26xxx/CVE-2024-26613.json +++ b/2024/26xxx/CVE-2024-26613.json @@ -5,164 +5,14 @@ "CVE_data_meta": { "ID": "CVE-2024-26613", "ASSIGNER": "cve@kernel.org", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv\n\nSyzcaller UBSAN crash occurs in rds_cmsg_recv(),\nwhich reads inc->i_rx_lat_trace[j + 1] with index 4 (3 + 1),\nbut with array size of 4 (RDS_RX_MAX_TRACES).\nHere 'j' is assigned from rs->rs_rx_trace[i] and in-turn from\ntrace.rx_trace_pos[i] in rds_recv_track_latency(),\nwith both arrays sized 3 (RDS_MSG_RX_DGRAM_TRACE_MAX). So fix the\noff-by-one bounds check in rds_recv_track_latency() to prevent\na potential crash in rds_cmsg_recv().\n\nFound by syzcaller:\n=================================================================\nUBSAN: array-index-out-of-bounds in net/rds/recv.c:585:39\nindex 4 is out of range for type 'u64 [4]'\nCPU: 1 PID: 8058 Comm: syz-executor228 Not tainted 6.6.0-gd2f51b3516da #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS 1.15.0-1 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x136/0x150 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0xd5/0x130 lib/ubsan.c:348\n rds_cmsg_recv+0x60d/0x700 net/rds/recv.c:585\n rds_recvmsg+0x3fb/0x1610 net/rds/recv.c:716\n sock_recvmsg_nosec net/socket.c:1044 [inline]\n sock_recvmsg+0xe2/0x160 net/socket.c:1066\n __sys_recvfrom+0x1b6/0x2f0 net/socket.c:2246\n __do_sys_recvfrom net/socket.c:2264 [inline]\n __se_sys_recvfrom net/socket.c:2260 [inline]\n __x64_sys_recvfrom+0xe0/0x1b0 net/socket.c:2260\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n==================================================================" + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Linux", - "product": { - "product_data": [ - { - "product_name": "Linux", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3289025aedc0", - "version_value": "344350bfa3b4" - }, - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "version": "4.11", - "status": "affected" - }, - { - "version": "0", - "lessThan": "4.11", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "4.19.307", - "lessThanOrEqual": "4.19.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "5.4.269", - "lessThanOrEqual": "5.4.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "5.10.210", - "lessThanOrEqual": "5.10.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "5.15.149", - "lessThanOrEqual": "5.15.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "6.1.76", - "lessThanOrEqual": "6.1.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "6.6.15", - "lessThanOrEqual": "6.6.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "6.7.3", - "lessThanOrEqual": "6.7.*", - "status": "unaffected", - "versionType": "custom" - }, - { - "version": "6.8", - "lessThanOrEqual": "*", - "status": "unaffected", - "versionType": "original_commit_for_fix" - } - ], - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://git.kernel.org/stable/c/344350bfa3b4b37d7c3d5a00536e6fbf0e953fbf", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/344350bfa3b4b37d7c3d5a00536e6fbf0e953fbf" - }, - { - "url": "https://git.kernel.org/stable/c/a37ae111db5e0f7e3d6b692056c30e3e0f6f79cd", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/a37ae111db5e0f7e3d6b692056c30e3e0f6f79cd" - }, - { - "url": "https://git.kernel.org/stable/c/5ae8d50044633306ff160fcf7faa24994175efe1", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/5ae8d50044633306ff160fcf7faa24994175efe1" - }, - { - "url": "https://git.kernel.org/stable/c/00d1ee8e1d02194f7b7b433e904e04bbcd2cc0dc", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/00d1ee8e1d02194f7b7b433e904e04bbcd2cc0dc" - }, - { - "url": "https://git.kernel.org/stable/c/71024928b3f71ce4529426f8692943205c58d30b", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/71024928b3f71ce4529426f8692943205c58d30b" - }, - { - "url": "https://git.kernel.org/stable/c/7a73190ea557e7f26914b0fe04c1f57a96cb771f", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/7a73190ea557e7f26914b0fe04c1f57a96cb771f" - }, - { - "url": "https://git.kernel.org/stable/c/0b787c2dea15e7a2828fa3a74a5447df4ed57711", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/0b787c2dea15e7a2828fa3a74a5447df4ed57711" - }, - { - "url": "https://git.kernel.org/stable/c/13e788deb7348cc88df34bed736c3b3b9927ea52", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/13e788deb7348cc88df34bed736c3b3b9927ea52" - } - ] - }, - "generator": { - "engine": "bippy-8df59b4913de" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26622.json b/2024/26xxx/CVE-2024-26622.json index 3eee2ca7836..c69dc0cbd91 100644 --- a/2024/26xxx/CVE-2024-26622.json +++ b/2024/26xxx/CVE-2024-26622.json @@ -137,6 +137,11 @@ "url": "https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/" } ] }, diff --git a/2024/27xxx/CVE-2024-27507.json b/2024/27xxx/CVE-2024-27507.json index 23798116a67..7bb142f2a02 100644 --- a/2024/27xxx/CVE-2024-27507.json +++ b/2024/27xxx/CVE-2024-27507.json @@ -61,16 +61,6 @@ "refsource": "FEDORA", "name": "FEDORA-2024-34301311f8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVOY7E2QWQRVXZTJGI7Z4KXGSU6BGEKH/" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2024-ef8c8a8b37", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QRV2D4GYUZNZRJHVGFSYSOSZLCETI4E/" - }, - { - "refsource": "FEDORA", - "name": "FEDORA-2024-0a0b1533f7", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2B6GZQ3WUVFNAAWFQJAQY7UM4OH5TA/" } ] } diff --git a/2024/28xxx/CVE-2024-28029.json b/2024/28xxx/CVE-2024-28029.json index 40cd1c36621..e2de2bc7160 100644 --- a/2024/28xxx/CVE-2024-28029.json +++ b/2024/28xxx/CVE-2024-28029.json @@ -1,108 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28029", - "ASSIGNER": "ics-cert@hq.dhs.gov", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "\nPrivileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-285 Improper Authorization", - "cweId": "CWE-285" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Delta Electronics", - "product": { - "product_data": [ - { - "product_name": "DIAEnergie", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "v1.10.00.005" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12", - "refsource": "MISC", - "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "advisory": "ICSA-24-074-12", - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
" - } - ], - "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n" - } - ], - "credits": [ - { - "lang": "en", - "value": "Michael Heinzl reported these vulnerabilities to CISA." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/28xxx/CVE-2024-28040.json b/2024/28xxx/CVE-2024-28040.json index cf03c7136fa..56c981349a2 100644 --- a/2024/28xxx/CVE-2024-28040.json +++ b/2024/28xxx/CVE-2024-28040.json @@ -1,108 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28040", - "ASSIGNER": "ics-cert@hq.dhs.gov", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "\nSQL injection vulnerability exists in GetDIAE_astListParameters.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection') ", - "cweId": "CWE-89" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Delta Electronics", - "product": { - "product_data": [ - { - "product_name": "DIAEnergie", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "v1.10.00.005" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12", - "refsource": "MISC", - "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "advisory": "ICSA-24-074-12", - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
" - } - ], - "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n" - } - ], - "credits": [ - { - "lang": "en", - "value": "Michael Heinzl reported these vulnerabilities to CISA." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/28xxx/CVE-2024-28045.json b/2024/28xxx/CVE-2024-28045.json index 76a7a6ff056..97ac74f44d4 100644 --- a/2024/28xxx/CVE-2024-28045.json +++ b/2024/28xxx/CVE-2024-28045.json @@ -1,108 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28045", - "ASSIGNER": "ics-cert@hq.dhs.gov", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "\nImproper neutralization of input within the affected product could lead to cross-site scripting.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79: Improper neutralization of input during web page generation ('Cross-site scripting')", - "cweId": "CWE-79" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Delta Electronics", - "product": { - "product_data": [ - { - "product_name": "DIAEnergie", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "v1.10.00.005" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12", - "refsource": "MISC", - "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "advisory": "ICSA-24-074-12", - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
" - } - ], - "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n" - } - ], - "credits": [ - { - "lang": "en", - "value": "Michael Heinzl reported these vulnerabilities to CISA." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 4.6, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/28xxx/CVE-2024-28171.json b/2024/28xxx/CVE-2024-28171.json index 347125c4002..525af06fdcb 100644 --- a/2024/28xxx/CVE-2024-28171.json +++ b/2024/28xxx/CVE-2024-28171.json @@ -1,108 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28171", - "ASSIGNER": "ics-cert@hq.dhs.gov", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "\nIt is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-22: Improper limitation of a pathname to a restricted directory ('Path traversal')", - "cweId": "CWE-22" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Delta Electronics", - "product": { - "product_data": [ - { - "product_name": "DIAEnergie", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "v1.10.00.005" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12", - "refsource": "MISC", - "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "advisory": "ICSA-24-074-12", - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "\n\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
" - } - ], - "value": "\nDelta recommends users update to DIAEnergie v1.10.00.005. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents https://www.deltaww.com/en/customerService .\n\n" - } - ], - "credits": [ - { - "lang": "en", - "value": "Michael Heinzl reported these vulnerabilities to CISA." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2044.json b/2024/2xxx/CVE-2024-2044.json index f1d5f9455d7..d9c152e4646 100644 --- a/2024/2xxx/CVE-2024-2044.json +++ b/2024/2xxx/CVE-2024-2044.json @@ -72,11 +72,6 @@ "url": "https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/", "refsource": "MISC", "name": "https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUYN2JXKKHFSVTASH344TBRGWDH64XQV/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUYN2JXKKHFSVTASH344TBRGWDH64XQV/" } ] }, diff --git a/2024/2xxx/CVE-2024-2057.json b/2024/2xxx/CVE-2024-2057.json index afd12e4d7f1..5f52153903c 100644 --- a/2024/2xxx/CVE-2024-2057.json +++ b/2024/2xxx/CVE-2024-2057.json @@ -11,11 +11,11 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Harrison Chase LangChain 0.1.9. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255372." + "value": "A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.27 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-255372." }, { "lang": "deu", - "value": "Es wurde eine kritische Schwachstelle in Harrison Chase LangChain 0.1.9 ausgemacht. Es geht dabei um die Funktion load_local in der Bibliothek libs/community/langchain_community/retrievers/tfidf.py. Durch das Manipulieren mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + "value": "Es wurde eine kritische Schwachstelle in LangChain langchain_community 0.0.26 ausgemacht. Es geht dabei um die Funktion load_local in der Bibliothek libs/community/langchain_community/retrievers/tfidf.py der Komponente TFIDFRetriever. Durch das Manipulieren mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.0.27 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." } ] }, @@ -36,16 +36,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Harrison Chase", + "vendor_name": "LangChain", "product": { "product_data": [ { - "product_name": "LangChain", + "product_name": "langchain_community", "version": { "version_data": [ { "version_affected": "=", - "version_value": "0.1.9" + "version_value": "0.0.26" } ] } diff --git a/2024/2xxx/CVE-2024-2391.json b/2024/2xxx/CVE-2024-2391.json index c030c9347a2..ce5f707d516 100644 --- a/2024/2xxx/CVE-2024-2391.json +++ b/2024/2xxx/CVE-2024-2391.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2391", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in EVE-NG 5.0.1-13 and classified as problematic. Affected by this issue is some unknown functionality of the component Lab Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256442 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in EVE-NG 5.0.1-13 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Lab Handler. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EVE-NG", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.0.1-13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256442", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256442" + }, + { + "url": "https://vuldb.com/?ctiid.256442", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256442" + }, + { + "url": "https://www.exploit-db.com/exploits/51153", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/51153" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Casp3r0x0 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2024/2xxx/CVE-2024-2393.json b/2024/2xxx/CVE-2024-2393.json index b5d9d10f1f9..2b24fb5e9c6 100644 --- a/2024/2xxx/CVE-2024-2393.json +++ b/2024/2xxx/CVE-2024-2393.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2393", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file add_user.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256453 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester CRUD without Page Reload 1.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei add_user.php. Durch Beeinflussen des Arguments city mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "CRUD without Page Reload", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256453", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256453" + }, + { + "url": "https://vuldb.com/?ctiid.256453", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256453" + }, + { + "url": "https://github.com/CveSecLook/cve/blob/main/CRUD%20(Create%2C%20Read%2C%20Update%2C%20Delete)%20Without%20Page%20Reload%3ARefresh%20Using%20PHP%20and%20MySQL%20with%20Source%20Code%202/sql-1.md", + "refsource": "MISC", + "name": "https://github.com/CveSecLook/cve/blob/main/CRUD%20(Create%2C%20Read%2C%20Update%2C%20Delete)%20Without%20Page%20Reload%3ARefresh%20Using%20PHP%20and%20MySQL%20with%20Source%20Code%202/sql-1.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "404cchd (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2394.json b/2024/2xxx/CVE-2024-2394.json index 06f086c7acf..e5bb490a604 100644 --- a/2024/2xxx/CVE-2024-2394.json +++ b/2024/2xxx/CVE-2024-2394.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2394", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256454 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in SourceCodester Employee Management System 1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /Admin/add-admin.php. Dank der Manipulation des Arguments avatar mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Employee Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.256454", + "refsource": "MISC", + "name": "https://vuldb.com/?id.256454" + }, + { + "url": "https://vuldb.com/?ctiid.256454", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.256454" + }, + { + "url": "https://github.com/LiAoRJ/CVE_Hunter/blob/main/RCE-1.md", + "refsource": "MISC", + "name": "https://github.com/LiAoRJ/CVE_Hunter/blob/main/RCE-1.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "LiAoRJ (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2024/2xxx/CVE-2024-2398.json b/2024/2xxx/CVE-2024-2398.json index 30e127bb972..fd524594d8d 100644 --- a/2024/2xxx/CVE-2024-2398.json +++ b/2024/2xxx/CVE-2024-2398.json @@ -1,464 +1,18 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2398", - "ASSIGNER": "cve@curl.se", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application." + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-772 Missing Release of Resource after Effective Lifetime " - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "curl", - "product": { - "product_data": [ - { - "product_name": "curl", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "8.6.0", - "version_value": "8.6.0" - }, - { - "version_affected": "<=", - "version_name": "8.5.0", - "version_value": "8.5.0" - }, - { - "version_affected": "<=", - "version_name": "8.4.0", - "version_value": "8.4.0" - }, - { - "version_affected": "<=", - "version_name": "8.3.0", - "version_value": "8.3.0" - }, - { - "version_affected": "<=", - "version_name": "8.2.1", - "version_value": "8.2.1" - }, - { - "version_affected": "<=", - "version_name": "8.2.0", - "version_value": "8.2.0" - }, - { - "version_affected": "<=", - "version_name": "8.1.2", - "version_value": "8.1.2" - }, - { - "version_affected": "<=", - "version_name": "8.1.1", - "version_value": "8.1.1" - }, - { - "version_affected": "<=", - "version_name": "8.1.0", - "version_value": "8.1.0" - }, - { - "version_affected": "<=", - "version_name": "8.0.1", - "version_value": "8.0.1" - }, - { - "version_affected": "<=", - "version_name": "8.0.0", - "version_value": "8.0.0" - }, - { - "version_affected": "<=", - "version_name": "7.88.1", - "version_value": "7.88.1" - }, - { - "version_affected": "<=", - "version_name": "7.88.0", - "version_value": "7.88.0" - }, - { - "version_affected": "<=", - "version_name": "7.87.0", - "version_value": "7.87.0" - }, - { - "version_affected": "<=", - "version_name": "7.86.0", - "version_value": "7.86.0" - }, - { - "version_affected": "<=", - "version_name": "7.85.0", - "version_value": "7.85.0" - }, - { - "version_affected": "<=", - "version_name": "7.84.0", - "version_value": "7.84.0" - }, - { - "version_affected": "<=", - "version_name": "7.83.1", - "version_value": "7.83.1" - }, - { - "version_affected": "<=", - "version_name": "7.83.0", - "version_value": "7.83.0" - }, - { - "version_affected": "<=", - "version_name": "7.82.0", - "version_value": "7.82.0" - }, - { - "version_affected": "<=", - "version_name": "7.81.0", - "version_value": "7.81.0" - }, - { - "version_affected": "<=", - "version_name": "7.80.0", - "version_value": "7.80.0" - }, - { - "version_affected": "<=", - "version_name": "7.79.1", - "version_value": "7.79.1" - }, - { - "version_affected": "<=", - "version_name": "7.79.0", - "version_value": "7.79.0" - }, - { - "version_affected": "<=", - "version_name": "7.78.0", - "version_value": "7.78.0" - }, - { - "version_affected": "<=", - "version_name": "7.77.0", - "version_value": "7.77.0" - }, - { - "version_affected": "<=", - "version_name": "7.76.1", - "version_value": "7.76.1" - }, - { - "version_affected": "<=", - "version_name": "7.76.0", - "version_value": "7.76.0" - }, - { - "version_affected": "<=", - "version_name": "7.75.0", - "version_value": "7.75.0" - }, - { - "version_affected": "<=", - "version_name": "7.74.0", - "version_value": "7.74.0" - }, - { - "version_affected": "<=", - "version_name": "7.73.0", - "version_value": "7.73.0" - }, - { - "version_affected": "<=", - "version_name": "7.72.0", - "version_value": "7.72.0" - }, - { - "version_affected": "<=", - "version_name": "7.71.1", - "version_value": "7.71.1" - }, - { - "version_affected": "<=", - "version_name": "7.71.0", - "version_value": "7.71.0" - }, - { - "version_affected": "<=", - "version_name": "7.70.0", - "version_value": "7.70.0" - }, - { - "version_affected": "<=", - "version_name": "7.69.1", - "version_value": "7.69.1" - }, - { - "version_affected": "<=", - "version_name": "7.69.0", - "version_value": "7.69.0" - }, - { - "version_affected": "<=", - "version_name": "7.68.0", - "version_value": "7.68.0" - }, - { - "version_affected": "<=", - "version_name": "7.67.0", - "version_value": "7.67.0" - }, - { - "version_affected": "<=", - "version_name": "7.66.0", - "version_value": "7.66.0" - }, - { - "version_affected": "<=", - "version_name": "7.65.3", - "version_value": "7.65.3" - }, - { - "version_affected": "<=", - "version_name": "7.65.2", - "version_value": "7.65.2" - }, - { - "version_affected": "<=", - "version_name": "7.65.1", - "version_value": "7.65.1" - }, - { - "version_affected": "<=", - "version_name": "7.65.0", - "version_value": "7.65.0" - }, - { - "version_affected": "<=", - "version_name": "7.64.1", - "version_value": "7.64.1" - }, - { - "version_affected": "<=", - "version_name": "7.64.0", - "version_value": "7.64.0" - }, - { - "version_affected": "<=", - "version_name": "7.63.0", - "version_value": "7.63.0" - }, - { - "version_affected": "<=", - "version_name": "7.62.0", - "version_value": "7.62.0" - }, - { - "version_affected": "<=", - "version_name": "7.61.1", - "version_value": "7.61.1" - }, - { - "version_affected": "<=", - "version_name": "7.61.0", - "version_value": "7.61.0" - }, - { - "version_affected": "<=", - "version_name": "7.60.0", - "version_value": "7.60.0" - }, - { - "version_affected": "<=", - "version_name": "7.59.0", - "version_value": "7.59.0" - }, - { - "version_affected": "<=", - "version_name": "7.58.0", - "version_value": "7.58.0" - }, - { - "version_affected": "<=", - "version_name": "7.57.0", - "version_value": "7.57.0" - }, - { - "version_affected": "<=", - "version_name": "7.56.1", - "version_value": "7.56.1" - }, - { - "version_affected": "<=", - "version_name": "7.56.0", - "version_value": "7.56.0" - }, - { - "version_affected": "<=", - "version_name": "7.55.1", - "version_value": "7.55.1" - }, - { - "version_affected": "<=", - "version_name": "7.55.0", - "version_value": "7.55.0" - }, - { - "version_affected": "<=", - "version_name": "7.54.1", - "version_value": "7.54.1" - }, - { - "version_affected": "<=", - "version_name": "7.54.0", - "version_value": "7.54.0" - }, - { - "version_affected": "<=", - "version_name": "7.53.1", - "version_value": "7.53.1" - }, - { - "version_affected": "<=", - "version_name": "7.53.0", - "version_value": "7.53.0" - }, - { - "version_affected": "<=", - "version_name": "7.52.1", - "version_value": "7.52.1" - }, - { - "version_affected": "<=", - "version_name": "7.52.0", - "version_value": "7.52.0" - }, - { - "version_affected": "<=", - "version_name": "7.51.0", - "version_value": "7.51.0" - }, - { - "version_affected": "<=", - "version_name": "7.50.3", - "version_value": "7.50.3" - }, - { - "version_affected": "<=", - "version_name": "7.50.2", - "version_value": "7.50.2" - }, - { - "version_affected": "<=", - "version_name": "7.50.1", - "version_value": "7.50.1" - }, - { - "version_affected": "<=", - "version_name": "7.50.0", - "version_value": "7.50.0" - }, - { - "version_affected": "<=", - "version_name": "7.49.1", - "version_value": "7.49.1" - }, - { - "version_affected": "<=", - "version_name": "7.49.0", - "version_value": "7.49.0" - }, - { - "version_affected": "<=", - "version_name": "7.48.0", - "version_value": "7.48.0" - }, - { - "version_affected": "<=", - "version_name": "7.47.1", - "version_value": "7.47.1" - }, - { - "version_affected": "<=", - "version_name": "7.47.0", - "version_value": "7.47.0" - }, - { - "version_affected": "<=", - "version_name": "7.46.0", - "version_value": "7.46.0" - }, - { - "version_affected": "<=", - "version_name": "7.45.0", - "version_value": "7.45.0" - }, - { - "version_affected": "<=", - "version_name": "7.44.0", - "version_value": "7.44.0" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://curl.se/docs/CVE-2024-2398.json", - "refsource": "MISC", - "name": "https://curl.se/docs/CVE-2024-2398.json" - }, - { - "url": "https://curl.se/docs/CVE-2024-2398.html", - "refsource": "MISC", - "name": "https://curl.se/docs/CVE-2024-2398.html" - }, - { - "url": "https://hackerone.com/reports/2402845", - "refsource": "MISC", - "name": "https://hackerone.com/reports/2402845" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "w0x42 on hackerone" - }, - { - "lang": "en", - "value": "Stefan Eissing" - } - ] + } } \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2399.json b/2024/2xxx/CVE-2024-2399.json index fd0a1a1ed94..e63bedc30b9 100644 --- a/2024/2xxx/CVE-2024-2399.json +++ b/2024/2xxx/CVE-2024-2399.json @@ -1,89 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2399", - "ASSIGNER": "security@wordfence.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Premium Addons for Elementor", - "product": { - "product_data": [ - { - "product_name": "Premium Addons Pro for Elementor", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "*", - "version_value": "4.10.23" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc057069-15cd-477f-9106-e616e919c62f?source=cve", - "refsource": "MISC", - "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc057069-15cd-477f-9106-e616e919c62f?source=cve" - }, - { - "url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.10.23/widgets/premium-media-wheel.php#L2753", - "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.10.23/widgets/premium-media-wheel.php#L2753" - }, - { - "url": "https://plugins.trac.wordpress.org/changeset/3051259/premium-addons-for-elementor/trunk/widgets/premium-media-wheel.php", - "refsource": "MISC", - "name": "https://plugins.trac.wordpress.org/changeset/3051259/premium-addons-for-elementor/trunk/widgets/premium-media-wheel.php" - } - ] - }, - "credits": [ - { - "lang": "en", - "value": "wesley" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", - "baseScore": 6.4, - "baseSeverity": "MEDIUM" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2400.json b/2024/2xxx/CVE-2024-2400.json index a9e5d5d9c02..f1eb96a2f23 100644 --- a/2024/2xxx/CVE-2024-2400.json +++ b/2024/2xxx/CVE-2024-2400.json @@ -1,78 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2400", - "ASSIGNER": "chrome-cve-admin@google.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Use after free" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Google", - "product": { - "product_data": [ - { - "product_name": "Chrome", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "122.0.6261.128", - "version_value": "122.0.6261.128" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html", - "refsource": "MISC", - "name": "https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html" - }, - { - "url": "https://issues.chromium.org/issues/327696052", - "refsource": "MISC", - "name": "https://issues.chromium.org/issues/327696052" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T55OZ7JOMLNT5ICM4DTCZOJZD6TZICKO/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T55OZ7JOMLNT5ICM4DTCZOJZD6TZICKO/" - }, - { - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIKPDCUMQNF2DFB7TU3V4ISJ7WFJH7YI/", - "refsource": "MISC", - "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIKPDCUMQNF2DFB7TU3V4ISJ7WFJH7YI/" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2403.json b/2024/2xxx/CVE-2024-2403.json index e062e7e0440..a0a1b78341b 100644 --- a/2024/2xxx/CVE-2024-2403.json +++ b/2024/2xxx/CVE-2024-2403.json @@ -1,70 +1,18 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2403", - "ASSIGNER": "security@devolutions.net", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "\nImproper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and\nearlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.\n\n" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Devolutions", - "product": { - "product_data": [ - { - "product_name": "Remote Desktop Manager", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "0", - "version_value": "2024.1.12" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://devolutions.net/security/advisories/DEVO-2024-0004", - "refsource": "MISC", - "name": "https://devolutions.net/security/advisories/DEVO-2024-0004" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2412.json b/2024/2xxx/CVE-2024-2412.json index e0e8f4dae7d..4b73eec12e7 100644 --- a/2024/2xxx/CVE-2024-2412.json +++ b/2024/2xxx/CVE-2024-2412.json @@ -68,9 +68,9 @@ "references": { "reference_data": [ { - "url": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html", + "url": "https://www.twcert.org.tw/tw/lp-132-1.html", "refsource": "MISC", - "name": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html" + "name": "https://www.twcert.org.tw/tw/lp-132-1.html" } ] }, diff --git a/2024/2xxx/CVE-2024-2413.json b/2024/2xxx/CVE-2024-2413.json index 7288f0da718..65a5e70dcbe 100644 --- a/2024/2xxx/CVE-2024-2413.json +++ b/2024/2xxx/CVE-2024-2413.json @@ -1,102 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2413", - "ASSIGNER": "cve@cert.org.tw", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-321: Use of Hard-coded Cryptographic Key", - "cweId": "CWE-321" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Intumit", - "product": { - "product_data": [ - { - "product_name": "SmartRobot", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "earlier version", - "version_value": "v6.1.2-202212tw" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html", - "refsource": "MISC", - "name": "https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "advisory": "TVN-202403002", - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update to v6.2.0-202303tw or later version or change current encryption key." - } - ], - "value": "Update to v6.2.0-202303tw or later version or change current encryption key." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2431.json b/2024/2xxx/CVE-2024-2431.json index 32224c316e4..045ef1c31c3 100644 --- a/2024/2xxx/CVE-2024-2431.json +++ b/2024/2xxx/CVE-2024-2431.json @@ -1,204 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2431", - "ASSIGNER": "psirt@paloaltonetworks.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-269 Improper Privilege Management", - "cweId": "CWE-269" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Palo Alto Networks", - "product": { - "product_data": [ - { - "product_name": "GlobalProtect App", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "6.0.4", - "status": "unaffected" - } - ], - "lessThan": "6.0.4", - "status": "affected", - "version": "6.0", - "versionType": "custom" - }, - { - "changes": [ - { - "at": "5.1.12", - "status": "unaffected" - } - ], - "lessThan": "5.1.12", - "status": "affected", - "version": "5.1", - "versionType": "custom" - }, - { - "changes": [ - { - "at": "5.2.13", - "status": "unaffected" - } - ], - "lessThan": "5.2.13", - "status": "affected", - "version": "5.2", - "versionType": "custom" - }, - { - "changes": [ - { - "at": "6.1.1", - "status": "unaffected" - } - ], - "lessThan": "6.1.1", - "status": "affected", - "version": "6.1", - "versionType": "custom" - }, - { - "status": "unaffected", - "version": "6.2" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://security.paloaltonetworks.com/CVE-2024-2431", - "refsource": "MISC", - "name": "https://security.paloaltonetworks.com/CVE-2024-2431" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "defect": [ - "GPC-15349" - ], - "discovery": "EXTERNAL" - }, - "configuration": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "This is an issue only if \"Allow User to Disable GlobalProtect App\" is set to \"Allow with Passcode\". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed." - } - ], - "value": "This is an issue only if \"Allow User to Disable GlobalProtect App\" is set to \"Allow with Passcode\". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed." - } - ], - "work_around": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "You can mitigate this issue by setting \"Allow User to Disable GlobalProtect App\" to \"Disallow\" or \"Allow with Ticket.\"
" - } - ], - "value": "You can mitigate this issue by setting \"Allow User to Disable GlobalProtect App\" to \"Disallow\" or \"Allow with Ticket.\"\n" - } - ], - "exploit": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.
" - } - ], - "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n" - } - ], - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.
" - } - ], - "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.\n" - } - ], - "credits": [ - { - "lang": "en", - "value": "Palo Alto Networks thanks AIG Red Team and Stephen Collyer for discovering and reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 5.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2432.json b/2024/2xxx/CVE-2024-2432.json index 0ef8e53e22d..f895edec5f8 100644 --- a/2024/2xxx/CVE-2024-2432.json +++ b/2024/2xxx/CVE-2024-2432.json @@ -1,174 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2432", - "ASSIGNER": "psirt@paloaltonetworks.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-269 Improper Privilege Management", - "cweId": "CWE-269" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Palo Alto Networks", - "product": { - "product_data": [ - { - "product_name": "GlobalProtect App", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "5.1.12", - "status": "unaffected" - } - ], - "lessThan": "5.1.12", - "status": "affected", - "version": "5.1", - "versionType": "custom" - }, - { - "changes": [ - { - "at": "6.0.8", - "status": "unaffected" - } - ], - "lessThan": "6.0.8", - "status": "affected", - "version": "6.0", - "versionType": "custom" - }, - { - "changes": [ - { - "at": "6.1.2", - "status": "unaffected" - } - ], - "lessThan": "6.1.2", - "status": "affected", - "version": "6.1", - "versionType": "custom" - }, - { - "changes": [ - { - "at": "6.2.1", - "status": "unaffected" - } - ], - "lessThan": "6.2.1", - "status": "affected", - "version": "6.2", - "versionType": "custom" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://security.paloaltonetworks.com/CVE-2024-2432", - "refsource": "MISC", - "name": "https://security.paloaltonetworks.com/CVE-2024-2432" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "defect": [ - "GPC-18129" - ], - "discovery": "EXTERNAL" - }, - "exploit": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.
" - } - ], - "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n" - } - ], - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.2, GlobalProtect app 6.2.1, and all later GlobalProtect app versions on Windows.
" - } - ], - "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.2, GlobalProtect app 6.2.1, and all later GlobalProtect app versions on Windows.\n" - } - ], - "credits": [ - { - "lang": "en", - "value": "Palo Alto Networks thanks Erwin Chan for discovering and reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 4.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2433.json b/2024/2xxx/CVE-2024-2433.json index 0c3c1461850..02f1aecf823 100644 --- a/2024/2xxx/CVE-2024-2433.json +++ b/2024/2xxx/CVE-2024-2433.json @@ -1,242 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2433", - "ASSIGNER": "psirt@paloaltonetworks.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. \n\n\n\nThis issue affects only the web interface of the management plane; the dataplane is unaffected.\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-269 Improper Privilege Management", - "cweId": "CWE-269" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Palo Alto Networks", - "product": { - "product_data": [ - { - "product_name": "PAN-OS", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "changes": [ - { - "at": "9.0.17-h4", - "status": "unaffected" - } - ], - "lessThan": "9.0.17-h4", - "status": "affected", - "version": "9.0", - "versionType": "custom" - }, - { - "changes": [ - { - "at": "9.1.17", - "status": "unaffected" - } - ], - "lessThan": "9.1.17", - "status": "affected", - "version": "9.1", - "versionType": "custom" - }, - { - "changes": [ - { - "at": "10.1.12", - "status": "unaffected" - } - ], - "lessThan": "10.1.12", - "status": "affected", - "version": "10.1", - "versionType": "custom" - }, - { - "changes": [ - { - "at": "10.2.8", - "status": "unaffected" - } - ], - "lessThan": "10.2.8", - "status": "affected", - "version": "10.2", - "versionType": "custom" - }, - { - "changes": [ - { - "at": "11.0.3", - "status": "unaffected" - } - ], - "lessThan": "11.0.3", - "status": "affected", - "version": "11.0", - "versionType": "custom" - }, - { - "status": "unaffected", - "version": "11.1" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - }, - { - "product_name": "Cloud NGFW", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "status": "unaffected", - "version": "All" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - }, - { - "product_name": "Prisma Access", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "status": "unaffected", - "version": "All" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://security.paloaltonetworks.com/CVE-2024-2433", - "refsource": "MISC", - "name": "https://security.paloaltonetworks.com/CVE-2024-2433" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "defect": [ - "PAN-181876", - "PAN-218663" - ], - "discovery": "EXTERNAL" - }, - "work_around": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the effect of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.
" - } - ], - "value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the effect of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices .\n" - } - ], - "exploit": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.
" - } - ], - "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n" - } - ], - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "This issue is fixed in Panorama on PAN-OS 9.0.17-h4, PAN-OS 9.1.18, PAN-OS 10.1.12, PAN-OS 10.2.11, PAN-OS 11.0.4, and all later PAN-OS versions.
" - } - ], - "value": "This issue is fixed in Panorama on PAN-OS 9.0.17-h4, PAN-OS 9.1.18, PAN-OS 10.1.12, PAN-OS 10.2.11, PAN-OS 11.0.4, and all later PAN-OS versions.\n" - } - ], - "credits": [ - { - "lang": "en", - "value": "Palo Alto Networks thanks Omar Eissa (https://de.linkedin.com/in/oeissa) for discovering and reporting this issue." - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 4.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] }