diff --git a/2023/24xxx/CVE-2023-24203.json b/2023/24xxx/CVE-2023-24203.json index d00de674140..fa6acb64511 100644 --- a/2023/24xxx/CVE-2023-24203.json +++ b/2023/24xxx/CVE-2023-24203.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24203", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24203", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com", + "refsource": "MISC", + "name": "https://www.sourcecodester.com" + }, + { + "refsource": "MISC", + "name": "https://momonguyen.com/2023/cve-2023-24203/", + "url": "https://momonguyen.com/2023/cve-2023-24203/" + }, + { + "refsource": "MISC", + "name": "https://github.com/momo1239/CVE-2023-24203-and-CVE-2023-24204", + "url": "https://github.com/momo1239/CVE-2023-24203-and-CVE-2023-24204" } ] } diff --git a/2023/24xxx/CVE-2023-24204.json b/2023/24xxx/CVE-2023-24204.json index a84cdb1fca2..eec66842035 100644 --- a/2023/24xxx/CVE-2023-24204.json +++ b/2023/24xxx/CVE-2023-24204.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24204", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24204", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com", + "refsource": "MISC", + "name": "https://www.sourcecodester.com" + }, + { + "refsource": "MISC", + "name": "https://momonguyen.com/2023/cve-2023-24203/", + "url": "https://momonguyen.com/2023/cve-2023-24203/" + }, + { + "refsource": "MISC", + "name": "https://github.com/momo1239/CVE-2023-24203-and-CVE-2023-24204", + "url": "https://github.com/momo1239/CVE-2023-24203-and-CVE-2023-24204" } ] } diff --git a/2023/36xxx/CVE-2023-36640.json b/2023/36xxx/CVE-2023-36640.json index c923b73b72d..6d0c739e4a2 100644 --- a/2023/36xxx/CVE-2023-36640.json +++ b/2023/36xxx/CVE-2023-36640.json @@ -1,17 +1,156 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.16 allows attacker to execute unauthorized code or commands via specially crafted commands" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-134" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiProxy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.4" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.10" + }, + { + "version_affected": "<=", + "version_name": "2.0.0", + "version_value": "2.0.14" + }, + { + "version_affected": "<=", + "version_name": "1.2.0", + "version_value": "1.2.13" + }, + { + "version_affected": "<=", + "version_name": "1.1.0", + "version_value": "1.1.6" + }, + { + "version_affected": "<=", + "version_name": "1.0.0", + "version_value": "1.0.7" + } + ] + } + }, + { + "product_name": "FortiPAM", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.0", + "version_value": "1.0.3" + } + ] + } + }, + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.2.0" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.12" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.14" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.16" + }, + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.0.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-137", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-137" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiOS version 7.4.1 or above \nPlease upgrade to FortiOS version 7.2.6 or above \nPlease upgrade to FortiSwitchManager version 7.2.3 or above \nPlease upgrade to FortiSwitchManager version 7.0.3 or above \nPlease upgrade to FortiProxy version 7.2.6 or above \nPlease upgrade to FortiProxy version 7.0.12 or above \nPlease upgrade to FortiPAM version 1.1.1 or above \nPlease upgrade to FortiSASE version 22.4 or above \n" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C" } ] } diff --git a/2023/40xxx/CVE-2023-40720.json b/2023/40xxx/CVE-2023-40720.json index ce8166cb4bd..0e11ef6e844 100644 --- a/2023/40xxx/CVE-2023-40720.json +++ b/2023/40xxx/CVE-2023-40720.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiVoice", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.1" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.8" + }, + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.0.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-282", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-282" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \n" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:P/RL:X/RC:C" } ] } diff --git a/2023/44xxx/CVE-2023-44247.json b/2023/44xxx/CVE-2023-44247.json index aecef7060d4..50d7c20f058 100644 --- a/2023/44xxx/CVE-2023-44247.json +++ b/2023/44xxx/CVE-2023-44247.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44247", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-415" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.15" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-195", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-195" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiOS version 7.0.0 or above \n" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C" } ] } diff --git a/2023/45xxx/CVE-2023-45583.json b/2023/45xxx/CVE-2023-45583.json index 998919fa0d1..7f6f187d3a9 100644 --- a/2023/45xxx/CVE-2023-45583.json +++ b/2023/45xxx/CVE-2023-45583.json @@ -1,17 +1,157 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchManager versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-134" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiProxy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.4" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.10" + } + ] + } + }, + { + "product_name": "FortiPAM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.0" + }, + { + "version_affected": "<=", + "version_name": "1.0.0", + "version_value": "1.0.3" + } + ] + } + }, + { + "product_name": "FortiSwitchManager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.2" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.2" + } + ] + } + }, + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.4.0" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.5" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.12" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.15" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-137", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-137" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiOS version 7.4.1 or above \nPlease upgrade to FortiOS version 7.2.6 or above \nPlease upgrade to FortiSwitchManager version 7.2.3 or above \nPlease upgrade to FortiSwitchManager version 7.0.3 or above \nPlease upgrade to FortiProxy version 7.2.6 or above \nPlease upgrade to FortiProxy version 7.0.12 or above \nPlease upgrade to FortiPAM version 1.1.1 or above \nPlease upgrade to FortiSASE version 22.4 or above \n" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C" } ] } diff --git a/2023/45xxx/CVE-2023-45586.json b/2023/45xxx/CVE-2023-45586.json index 731f50bcd15..0d32d3e6f35 100644 --- a/2023/45xxx/CVE-2023-45586.json +++ b/2023/45xxx/CVE-2023-45586.json @@ -1,17 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-345" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiProxy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.4.0", + "version_value": "7.4.1" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.7" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.13" + }, + { + "version_affected": "<=", + "version_name": "2.0.0", + "version_value": "2.0.14" + } + ] + } + }, + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.4.0", + "version_value": "7.4.1" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.7" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.12" + }, + { + "version_affected": "<=", + "version_name": "6.4.0", + "version_value": "6.4.15" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-225", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-225" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiProxy version 7.4.2 or above \nPlease upgrade to FortiProxy version 7.2.8 or above \nPlease upgrade to FortiProxy version 7.0.14 or above \nPlease upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiOS version 7.0.13 or above \nPlease upgrade to FortiSASE version 23.4.a or above \n" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:P/RL:X/RC:C" } ] } diff --git a/2023/46xxx/CVE-2023-46714.json b/2023/46xxx/CVE-2023-46714.json index 889a1f5a737..457c14fe23b 100644 --- a/2023/46xxx/CVE-2023-46714.json +++ b/2023/46xxx/CVE-2023-46714.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46714", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.4.0", + "version_value": "7.4.1" + }, + { + "version_affected": "<=", + "version_name": "7.2.1", + "version_value": "7.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-415", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-415" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiOS version 7.4.2 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiAuthenticator version 6.6.1 or above \nPlease upgrade to FortiAuthenticator version 6.5.5 or above \n" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C" } ] } diff --git a/2023/50xxx/CVE-2023-50180.json b/2023/50xxx/CVE-2023-50180.json index b454b380411..4cac8d42e53 100644 --- a/2023/50xxx/CVE-2023-50180.json +++ b/2023/50xxx/CVE-2023-50180.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-50180", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure", + "cweId": "CWE-497" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiADC", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.4.0", + "version_value": "7.4.1" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.3" + }, + { + "version_affected": "<=", + "version_name": "7.1.0", + "version_value": "7.1.4" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.5" + }, + { + "version_affected": "<=", + "version_name": "6.2.0", + "version_value": "6.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-433", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-433" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiADC version 7.4.2 or above \nPlease upgrade to FortiADC version 7.2.4 or above \n" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C" } ] } diff --git a/2024/1xxx/CVE-2024-1628.json b/2024/1xxx/CVE-2024-1628.json index 48be90d26f1..a9a5c304379 100644 --- a/2024/1xxx/CVE-2024-1628.json +++ b/2024/1xxx/CVE-2024-1628.json @@ -1,17 +1,358 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1628", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "GEHealthcareCVD@ge.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OS command injection vulnerabilities in GE HealthCare ultrasound devices" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GE HealthCare", + "product": { + "product_data": [ + { + "product_name": "Venue", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "R1" + }, + { + "version_affected": "=", + "version_value": "R2" + }, + { + "version_affected": "<=", + "version_name": "R3", + "version_value": "R3.3" + }, + { + "version_affected": "<=", + "version_name": "R4", + "version_value": "R4.3" + } + ] + } + }, + { + "product_name": "Venue Go", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "R2" + }, + { + "version_affected": "<=", + "version_name": "R3", + "version_value": "R3.3" + }, + { + "version_affected": "<=", + "version_name": "R4", + "version_value": "R4.3" + } + ] + } + }, + { + "product_name": "Venue Fit", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "R3", + "version_value": "R3.3" + }, + { + "version_affected": "<=", + "version_name": "R4", + "version_value": "R4.3" + } + ] + } + }, + { + "product_name": "LOGIQ e", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "R7", + "version_value": "R9.1.4" + }, + { + "version_affected": "<=", + "version_name": "R8", + "version_value": "R10.1.3" + }, + { + "version_affected": "<=", + "version_name": "R9", + "version_value": "R11.0.3" + } + ] + } + }, + { + "product_name": "LOGIQ He", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "R9.3.1" + } + ] + } + }, + { + "product_name": "Vivid E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "E95", + "version_value": "206" + }, + { + "version_affected": "<", + "version_name": "E90", + "version_value": "206" + }, + { + "version_affected": "<", + "version_name": "E80", + "version_value": "206" + } + ] + } + }, + { + "product_name": "Vivid S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "70N", + "version_value": "206" + }, + { + "version_affected": "<", + "version_name": "60N", + "version_value": "206" + } + ] + } + }, + { + "product_name": "Vivid T", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "T8", + "version_value": "206" + }, + { + "version_affected": "<", + "version_name": "T9", + "version_value": "206" + } + ] + } + }, + { + "product_name": "Vivid iq", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "206" + } + ] + } + }, + { + "product_name": "Voluson Expert 16", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + }, + { + "version_affected": "<", + "version_name": "BT24", + "version_value": "Ext1" + } + ] + } + }, + { + "product_name": "Voluson Expert 18", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + }, + { + "version_affected": "<", + "version_name": "BT24", + "version_value": "Ext1" + } + ] + } + }, + { + "product_name": "Voluson Expert 22", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + }, + { + "version_affected": "<", + "version_name": "BT24", + "version_value": "Ext1" + } + ] + } + }, + { + "product_name": "Voluson SWIFT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + }, + { + "version_affected": "=", + "version_value": "BT24" + } + ] + } + }, + { + "product_name": "Invenia ABUS 2.0", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.2.7" + } + ] + } + }, + { + "product_name": "LOGIQ E10", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "R3.2.0" + } + ] + } + }, + { + "product_name": "LOGIQ E10s", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "R3.2.0" + } + ] + } + }, + { + "product_name": "LOGIQ Fortis", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "R3.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://securityupdate.gehealthcare.com/", + "refsource": "MISC", + "name": "https://securityupdate.gehealthcare.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1629.json b/2024/1xxx/CVE-2024-1629.json index 7fbe0cb69b5..2ff5f3f909a 100644 --- a/2024/1xxx/CVE-2024-1629.json +++ b/2024/1xxx/CVE-2024-1629.json @@ -1,17 +1,343 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1629", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "GEHealthcareCVD@ge.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Path traversal vulnerability in \u201cdeleteFiles\u201d function of Common Service Desktop, a GE HealthCare ultrasound device component" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GE HealthCare", + "product": { + "product_data": [ + { + "product_name": "Venue", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "R1" + }, + { + "version_affected": "=", + "version_value": "R2" + }, + { + "version_affected": "<=", + "version_name": "R3", + "version_value": "R3.3" + }, + { + "version_affected": "<=", + "version_name": "R4", + "version_value": "R4.3" + } + ] + } + }, + { + "product_name": "Venue Go", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "R2" + }, + { + "version_affected": "<=", + "version_name": "R3", + "version_value": "R3.3" + }, + { + "version_affected": "<=", + "version_name": "R4", + "version_value": "R4.3" + } + ] + } + }, + { + "product_name": "Venue Fit", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "R3", + "version_value": "R3.3" + }, + { + "version_affected": "<=", + "version_name": "R4", + "version_value": "R4.3" + } + ] + } + }, + { + "product_name": "LOGIQ e", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "R7", + "version_value": "R9.1.4" + }, + { + "version_affected": "<=", + "version_name": "R8", + "version_value": "R10.1.3" + }, + { + "version_affected": "<=", + "version_name": "R9", + "version_value": "R11.0.3" + } + ] + } + }, + { + "product_name": "LOGIQ He", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "R9.3.1" + } + ] + } + }, + { + "product_name": "Vivid E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "E95", + "version_value": "206" + }, + { + "version_affected": "<", + "version_name": "E90", + "version_value": "206" + }, + { + "version_affected": "<", + "version_name": "E80", + "version_value": "206" + } + ] + } + }, + { + "product_name": "Vivid S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "70N", + "version_value": "206" + }, + { + "version_affected": "<", + "version_name": "60N", + "version_value": "206" + } + ] + } + }, + { + "product_name": "Vivid T", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "T8", + "version_value": "206" + }, + { + "version_affected": "<", + "version_name": "T9", + "version_value": "206" + } + ] + } + }, + { + "product_name": "Vivid iq", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "206" + } + ] + } + }, + { + "product_name": "Voluson Expert 16", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + }, + { + "version_affected": "=", + "version_value": "BT24" + } + ] + } + }, + { + "product_name": "Voluson Expert 18", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + }, + { + "version_affected": "=", + "version_value": "BT24" + } + ] + } + }, + { + "product_name": "Voluson Expert 22", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + }, + { + "version_affected": "=", + "version_value": "BT24" + } + ] + } + }, + { + "product_name": "Voluson SWIFT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + }, + { + "version_affected": "=", + "version_value": "BT24" + } + ] + } + }, + { + "product_name": "LOGIQ E10", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "R3.2.0" + } + ] + } + }, + { + "product_name": "LOGIQ E10s", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "R3.2.0" + } + ] + } + }, + { + "product_name": "LOGIQ Fortis", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "R3.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://securityupdate.gehealthcare.com/", + "refsource": "MISC", + "name": "https://securityupdate.gehealthcare.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1630.json b/2024/1xxx/CVE-2024-1630.json index 9a1b32023a9..6d8b998f6c7 100644 --- a/2024/1xxx/CVE-2024-1630.json +++ b/2024/1xxx/CVE-2024-1630.json @@ -1,17 +1,326 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1630", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "GEHealthcareCVD@ge.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Path traversal vulnerability in \u201cgetAllFolderContents\u201d function of Common Service Desktop, a GE HealthCare ultrasound device component" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GE HealthCare", + "product": { + "product_data": [ + { + "product_name": "Venue", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "R1" + }, + { + "version_affected": "=", + "version_value": "R2" + }, + { + "version_affected": "<=", + "version_name": "R3", + "version_value": "R3.3" + }, + { + "version_affected": "<=", + "version_name": "R4", + "version_value": "R4.3" + } + ] + } + }, + { + "product_name": "Venue Go", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "R2" + }, + { + "version_affected": "<=", + "version_name": "R3", + "version_value": "R3.3" + }, + { + "version_affected": "<=", + "version_name": "R4", + "version_value": "R4.3" + } + ] + } + }, + { + "product_name": "Venue Fit", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "R3", + "version_value": "R3.3" + }, + { + "version_affected": "<=", + "version_name": "R4", + "version_value": "R4.3" + } + ] + } + }, + { + "product_name": "LOGIQ e", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "R7", + "version_value": "R9.1.4" + }, + { + "version_affected": "<=", + "version_name": "R8", + "version_value": "R10.1.3" + }, + { + "version_affected": "<=", + "version_name": "R9", + "version_value": "R11.0.3" + } + ] + } + }, + { + "product_name": "LOGIQ He", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "R9.3.1" + } + ] + } + }, + { + "product_name": "Vivid E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "E95", + "version_value": "206" + }, + { + "version_affected": "<", + "version_name": "E90", + "version_value": "206" + }, + { + "version_affected": "<", + "version_name": "E80", + "version_value": "206" + } + ] + } + }, + { + "product_name": "Vivid T", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "T8", + "version_value": "206" + }, + { + "version_affected": "<", + "version_name": "T9", + "version_value": "206" + } + ] + } + }, + { + "product_name": "Vivid iq", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "206" + } + ] + } + }, + { + "product_name": "Voluson Expert 16", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + }, + { + "version_affected": "=", + "version_value": "BT24" + } + ] + } + }, + { + "product_name": "Voluson Expert 18", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + }, + { + "version_affected": "=", + "version_value": "BT24" + } + ] + } + }, + { + "product_name": "Voluson Expert 22", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + }, + { + "version_affected": "=", + "version_value": "BT24" + } + ] + } + }, + { + "product_name": "Voluson SWIFT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + }, + { + "version_affected": "=", + "version_value": "BT24" + } + ] + } + }, + { + "product_name": "LOGIQ E10", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "R3.2.0" + } + ] + } + }, + { + "product_name": "LOGIQ E10s", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "R3.2.0" + } + ] + } + }, + { + "product_name": "LOGIQ Fortis", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "R3.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://securityupdate.gehealthcare.com/", + "refsource": "MISC", + "name": "https://securityupdate.gehealthcare.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1913.json b/2024/1xxx/CVE-2024-1913.json index ec86532c860..59eb52ec112 100644 --- a/2024/1xxx/CVE-2024-1913.json +++ b/2024/1xxx/CVE-2024-1913.json @@ -80,6 +80,12 @@ "source": { "discovery": "UNKNOWN" }, + "credits": [ + { + "lang": "en", + "value": "ABB thanks Yuncheng Wang, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China for responsibly reporting the vulnerabilities and working with us as we addressed them" + } + ], "impact": { "cvss": [ { diff --git a/2024/1xxx/CVE-2024-1914.json b/2024/1xxx/CVE-2024-1914.json index ff488eca5d7..ff634e93dd5 100644 --- a/2024/1xxx/CVE-2024-1914.json +++ b/2024/1xxx/CVE-2024-1914.json @@ -80,6 +80,12 @@ "source": { "discovery": "UNKNOWN" }, + "credits": [ + { + "lang": "en", + "value": "ABB thanks Yuncheng Wang, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China for responsibly reporting the vulnerabilities and working with us as we addressed them." + } + ], "impact": { "cvss": [ { diff --git a/2024/23xxx/CVE-2024-23105.json b/2024/23xxx/CVE-2024-23105.json index 3216f184454..a9d0d02b945 100644 --- a/2024/23xxx/CVE-2024-23105.json +++ b/2024/23xxx/CVE-2024-23105.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23105", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-348" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiPortal", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.1" + }, + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "7.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-24-021", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-24-021" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiPortal version 7.2.2 or above \nPlease upgrade to FortiPortal version 7.0.7 or above \n" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C" } ] } diff --git a/2024/26xxx/CVE-2024-26007.json b/2024/26xxx/CVE-2024-26007.json index 2a9b794e89e..d09fc9a3454 100644 --- a/2024/26xxx/CVE-2024-26007.json +++ b/2024/26xxx/CVE-2024-26007.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service", + "cweId": "CWE-703" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-24-017", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-24-017" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiOS version 7.4.2 or above \n" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C" } ] } diff --git a/2024/26xxx/CVE-2024-26207.json b/2024/26xxx/CVE-2024-26207.json index 415e20bd3f7..688d473a088 100644 --- a/2024/26xxx/CVE-2024-26207.json +++ b/2024/26xxx/CVE-2024-26207.json @@ -42,7 +42,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -54,7 +54,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -66,7 +66,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -78,7 +78,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.20348.2402" + "version_value": "10.0.20348.2461" } ] } @@ -102,7 +102,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.19044.4291" + "version_value": "10.0.19044.4412" } ] } @@ -114,7 +114,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22621.3447" + "version_value": "10.0.22621.3593" } ] } @@ -126,7 +126,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.19045.4291" + "version_value": "10.0.19045.4412" } ] } @@ -138,7 +138,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22631.3447" + "version_value": "10.0.22631.3593" } ] } @@ -150,7 +150,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22631.3447" + "version_value": "10.0.22631.3593" } ] } @@ -162,7 +162,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.25398.830" + "version_value": "10.0.25398.887" } ] } @@ -174,7 +174,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.10240.20596" + "version_value": "10.0.10240.20651" } ] } @@ -186,7 +186,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -198,7 +198,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -210,7 +210,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -222,7 +222,7 @@ { "version_affected": "<", "version_name": "6.3.0", - "version_value": "6.3.9600.21924" + "version_value": "6.3.9600.21972" } ] } @@ -234,7 +234,7 @@ { "version_affected": "<", "version_name": "6.3.0", - "version_value": "6.3.9600.21924" + "version_value": "6.3.9600.21972" } ] } diff --git a/2024/26xxx/CVE-2024-26211.json b/2024/26xxx/CVE-2024-26211.json index c2b8b654cd0..47207e91521 100644 --- a/2024/26xxx/CVE-2024-26211.json +++ b/2024/26xxx/CVE-2024-26211.json @@ -42,7 +42,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -54,7 +54,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -66,7 +66,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -78,7 +78,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.20348.2402" + "version_value": "10.0.20348.2461" } ] } @@ -102,7 +102,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.19044.4291" + "version_value": "10.0.19044.4412" } ] } @@ -114,7 +114,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22621.3447" + "version_value": "10.0.22621.3593" } ] } @@ -126,7 +126,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.19045.4291" + "version_value": "10.0.19045.4412" } ] } @@ -138,7 +138,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22631.3447" + "version_value": "10.0.22631.3593" } ] } @@ -150,7 +150,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22631.3447" + "version_value": "10.0.22631.3593" } ] } @@ -162,7 +162,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.25398.830" + "version_value": "10.0.25398.887" } ] } @@ -174,7 +174,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.10240.20596" + "version_value": "10.0.10240.20651" } ] } @@ -186,7 +186,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -198,7 +198,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -210,7 +210,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -222,7 +222,7 @@ { "version_affected": "<", "version_name": "6.3.0", - "version_value": "6.3.9600.21924" + "version_value": "6.3.9600.21972" } ] } @@ -234,7 +234,7 @@ { "version_affected": "<", "version_name": "6.3.0", - "version_value": "6.3.9600.21924" + "version_value": "6.3.9600.21972" } ] } diff --git a/2024/26xxx/CVE-2024-26217.json b/2024/26xxx/CVE-2024-26217.json index f7751210ab6..e4e500f7c99 100644 --- a/2024/26xxx/CVE-2024-26217.json +++ b/2024/26xxx/CVE-2024-26217.json @@ -42,7 +42,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -54,7 +54,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -66,7 +66,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -78,7 +78,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.20348.2402" + "version_value": "10.0.20348.2461" } ] } @@ -102,7 +102,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.19044.4291" + "version_value": "10.0.19044.4412" } ] } @@ -114,7 +114,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22621.3447" + "version_value": "10.0.22621.3593" } ] } @@ -126,7 +126,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.19045.4291" + "version_value": "10.0.19045.4412" } ] } @@ -138,7 +138,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22631.3447" + "version_value": "10.0.22631.3593" } ] } @@ -150,7 +150,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22631.3447" + "version_value": "10.0.22631.3593" } ] } @@ -162,7 +162,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.25398.830" + "version_value": "10.0.25398.887" } ] } @@ -174,7 +174,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.10240.20596" + "version_value": "10.0.10240.20651" } ] } @@ -186,7 +186,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -198,7 +198,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -210,7 +210,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -222,7 +222,7 @@ { "version_affected": "<", "version_name": "6.3.0", - "version_value": "6.3.9600.21924" + "version_value": "6.3.9600.21972" } ] } @@ -234,7 +234,7 @@ { "version_affected": "<", "version_name": "6.3.0", - "version_value": "6.3.9600.21924" + "version_value": "6.3.9600.21972" } ] } diff --git a/2024/26xxx/CVE-2024-26238.json b/2024/26xxx/CVE-2024-26238.json index bb18c91886e..bc85cb33ee6 100644 --- a/2024/26xxx/CVE-2024-26238.json +++ b/2024/26xxx/CVE-2024-26238.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26238", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", + "cweId": "CWE-59" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26238", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26238" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/26xxx/CVE-2024-26367.json b/2024/26xxx/CVE-2024-26367.json index 32a5654d92d..03a7f53f5c4 100644 --- a/2024/26xxx/CVE-2024-26367.json +++ b/2024/26xxx/CVE-2024-26367.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-26367", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-26367", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firmware 8.6.5, XPS-EDGE-* Build 1467, evEDGE-EO-* Build 0029, MMA10G-* Build 0498, 570IPG-X19-10G Build 0691 allows a remote attacker to execute arbitrary code via a crafted payload to the login parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://cc.com", + "refsource": "MISC", + "name": "http://cc.com" + }, + { + "url": "http://evertz.com", + "refsource": "MISC", + "name": "http://evertz.com" + }, + { + "refsource": "MISC", + "name": "https://wiki.notveg.ninja/blog/CVE-2024-26367/", + "url": "https://wiki.notveg.ninja/blog/CVE-2024-26367/" } ] } diff --git a/2024/28xxx/CVE-2024-28900.json b/2024/28xxx/CVE-2024-28900.json index 0a0e96d89f5..7c099a74ee3 100644 --- a/2024/28xxx/CVE-2024-28900.json +++ b/2024/28xxx/CVE-2024-28900.json @@ -42,7 +42,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -54,7 +54,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -66,7 +66,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -78,7 +78,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.20348.2402" + "version_value": "10.0.20348.2461" } ] } @@ -102,7 +102,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.19044.4291" + "version_value": "10.0.19044.4412" } ] } @@ -114,7 +114,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22621.3447" + "version_value": "10.0.22621.3593" } ] } @@ -126,7 +126,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.19045.4291" + "version_value": "10.0.19045.4412" } ] } @@ -138,7 +138,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22631.3447" + "version_value": "10.0.22631.3593" } ] } @@ -150,7 +150,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22631.3447" + "version_value": "10.0.22631.3593" } ] } @@ -162,7 +162,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.25398.830" + "version_value": "10.0.25398.887" } ] } @@ -174,7 +174,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.10240.20596" + "version_value": "10.0.10240.20651" } ] } @@ -186,7 +186,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -198,7 +198,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -210,7 +210,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -222,7 +222,7 @@ { "version_affected": "<", "version_name": "6.3.0", - "version_value": "6.3.9600.21924" + "version_value": "6.3.9600.21972" } ] } @@ -234,7 +234,7 @@ { "version_affected": "<", "version_name": "6.3.0", - "version_value": "6.3.9600.21924" + "version_value": "6.3.9600.21972" } ] } diff --git a/2024/28xxx/CVE-2024-28902.json b/2024/28xxx/CVE-2024-28902.json index f399f552dd5..0625c654c3c 100644 --- a/2024/28xxx/CVE-2024-28902.json +++ b/2024/28xxx/CVE-2024-28902.json @@ -42,7 +42,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -54,7 +54,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -66,7 +66,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.5696" + "version_value": "10.0.17763.5820" } ] } @@ -78,7 +78,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.20348.2402" + "version_value": "10.0.20348.2461" } ] } @@ -102,7 +102,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.19044.4291" + "version_value": "10.0.19044.4412" } ] } @@ -114,7 +114,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22621.3447" + "version_value": "10.0.22621.3593" } ] } @@ -126,7 +126,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.19045.4291" + "version_value": "10.0.19045.4412" } ] } @@ -138,7 +138,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22631.3447" + "version_value": "10.0.22631.3593" } ] } @@ -150,7 +150,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22631.3447" + "version_value": "10.0.22631.3593" } ] } @@ -162,7 +162,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.25398.830" + "version_value": "10.0.25398.887" } ] } @@ -174,7 +174,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.10240.20596" + "version_value": "10.0.10240.20651" } ] } @@ -186,7 +186,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -198,7 +198,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -210,7 +210,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.6897" + "version_value": "10.0.14393.6981" } ] } @@ -222,7 +222,7 @@ { "version_affected": "<", "version_name": "6.3.0", - "version_value": "6.3.9600.21924" + "version_value": "6.3.9600.21972" } ] } @@ -234,7 +234,7 @@ { "version_affected": "<", "version_name": "6.3.0", - "version_value": "6.3.9600.21924" + "version_value": "6.3.9600.21972" } ] } diff --git a/2024/29xxx/CVE-2024-29994.json b/2024/29xxx/CVE-2024-29994.json index e1b7294d06b..00c0e210b22 100644 --- a/2024/29xxx/CVE-2024-29994.json +++ b/2024/29xxx/CVE-2024-29994.json @@ -1,17 +1,194 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29994", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2960" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.3593" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29994", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29994" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/29xxx/CVE-2024-29996.json b/2024/29xxx/CVE-2024-29996.json index d2c9d90ecf3..47d59f7e061 100644 --- a/2024/29xxx/CVE-2024-29996.json +++ b/2024/29xxx/CVE-2024-29996.json @@ -1,17 +1,350 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29996", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Common Log File System Driver Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2960" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.3593" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.10240.20651" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.6981" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.6981" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.6981" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22668" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22668" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22668" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.0", + "version_value": "6.1.7601.27117" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.27117" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.0", + "version_value": "6.2.9200.24868" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.0", + "version_value": "6.2.9200.24868" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.9600.21972" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.9600.21972" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29996", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29996" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/29xxx/CVE-2024-29997.json b/2024/29xxx/CVE-2024-29997.json index 7e4a6569fa1..d7ec50f82ec 100644 --- a/2024/29xxx/CVE-2024-29997.json +++ b/2024/29xxx/CVE-2024-29997.json @@ -1,17 +1,194 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29997", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Mobile Broadband Driver Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2960" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.3593" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29997", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29997" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.8, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/29xxx/CVE-2024-29998.json b/2024/29xxx/CVE-2024-29998.json index 2c9f32d3b5d..e43ced8905a 100644 --- a/2024/29xxx/CVE-2024-29998.json +++ b/2024/29xxx/CVE-2024-29998.json @@ -1,17 +1,194 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Mobile Broadband Driver Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2960" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.3593" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29998", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29998" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.8, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/29xxx/CVE-2024-29999.json b/2024/29xxx/CVE-2024-29999.json index 714c9063bfd..cbe80b23918 100644 --- a/2024/29xxx/CVE-2024-29999.json +++ b/2024/29xxx/CVE-2024-29999.json @@ -1,17 +1,194 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29999", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Mobile Broadband Driver Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2960" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.3593" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29999", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29999" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.8, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/30xxx/CVE-2024-30000.json b/2024/30xxx/CVE-2024-30000.json index 7e2170bb0d6..b3e18da3196 100644 --- a/2024/30xxx/CVE-2024-30000.json +++ b/2024/30xxx/CVE-2024-30000.json @@ -1,17 +1,194 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30000", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Mobile Broadband Driver Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2960" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.3593" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30000", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30000" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.8, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/30xxx/CVE-2024-30001.json b/2024/30xxx/CVE-2024-30001.json index 2a9b3015837..00e6bf9b4e6 100644 --- a/2024/30xxx/CVE-2024-30001.json +++ b/2024/30xxx/CVE-2024-30001.json @@ -1,17 +1,194 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30001", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Mobile Broadband Driver Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2960" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.3593" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30001", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30001" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.8, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/30xxx/CVE-2024-30002.json b/2024/30xxx/CVE-2024-30002.json index 59b55f00bea..996c92b35fd 100644 --- a/2024/30xxx/CVE-2024-30002.json +++ b/2024/30xxx/CVE-2024-30002.json @@ -1,17 +1,194 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Mobile Broadband Driver Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2960" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.3593" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30002", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30002" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.8, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/30xxx/CVE-2024-30003.json b/2024/30xxx/CVE-2024-30003.json index 8197cc4705d..6d8e84570c5 100644 --- a/2024/30xxx/CVE-2024-30003.json +++ b/2024/30xxx/CVE-2024-30003.json @@ -1,17 +1,194 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30003", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Mobile Broadband Driver Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2960" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.3593" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30003", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30003" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.8, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/30xxx/CVE-2024-30004.json b/2024/30xxx/CVE-2024-30004.json index c92f1f552bf..2a4fcea924e 100644 --- a/2024/30xxx/CVE-2024-30004.json +++ b/2024/30xxx/CVE-2024-30004.json @@ -1,17 +1,194 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Mobile Broadband Driver Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2960" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.3593" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30004", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30004" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.8, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/30xxx/CVE-2024-30005.json b/2024/30xxx/CVE-2024-30005.json index c03087b8ee6..9e58c6ddd15 100644 --- a/2024/30xxx/CVE-2024-30005.json +++ b/2024/30xxx/CVE-2024-30005.json @@ -1,17 +1,194 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30005", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Mobile Broadband Driver Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound", + "cweId": "CWE-190" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2960" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.3593" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30005", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30005" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 6.8, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/30xxx/CVE-2024-30006.json b/2024/30xxx/CVE-2024-30006.json index acf1df67d63..a195cb10322 100644 --- a/2024/30xxx/CVE-2024-30006.json +++ b/2024/30xxx/CVE-2024-30006.json @@ -1,17 +1,350 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30006", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2960" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.3593" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.10240.20651" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.6981" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.6981" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.6981" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22668" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22668" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22668" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.0", + "version_value": "6.1.7601.27117" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.27117" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.0", + "version_value": "6.2.9200.24868" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.0", + "version_value": "6.2.9200.24868" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.9600.21972" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.9600.21972" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30006", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30006" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/30xxx/CVE-2024-30007.json b/2024/30xxx/CVE-2024-30007.json index 51af8302095..7e5aeb7637b 100644 --- a/2024/30xxx/CVE-2024-30007.json +++ b/2024/30xxx/CVE-2024-30007.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microsoft Brokering File System Elevation of Privilege Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30007", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30007" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/30xxx/CVE-2024-30008.json b/2024/30xxx/CVE-2024-30008.json index 48862125b13..3e218b91fb2 100644 --- a/2024/30xxx/CVE-2024-30008.json +++ b/2024/30xxx/CVE-2024-30008.json @@ -1,17 +1,242 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30008", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows DWM Core Library Information Disclosure Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-191: Integer Underflow (Wrap or Wraparound)", + "cweId": "CWE-191" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2960" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.3593" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.10240.20651" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.6981" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.6981" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.6981" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30008", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30008" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "MEDIUM", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2024/30xxx/CVE-2024-30009.json b/2024/30xxx/CVE-2024-30009.json index 95f0f3b57cd..06a2433b40c 100644 --- a/2024/30xxx/CVE-2024-30009.json +++ b/2024/30xxx/CVE-2024-30009.json @@ -1,17 +1,350 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30009", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-197: Numeric Truncation Error", + "cweId": "CWE-197" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1809", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows 11 version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22000.2960" + } + ] + } + }, + { + "product_name": "Windows 10 Version 21H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19044.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22621.3593" + } + ] + } + }, + { + "product_name": "Windows 10 Version 22H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.19045.4412" + } + ] + } + }, + { + "product_name": "Windows 11 version 22H3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows 11 Version 23H2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.22631.3593" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1507", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.10240.20651" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1607", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.6981" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.6981" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.6981" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22668" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22668" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22668" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.0", + "version_value": "6.1.7601.27117" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.27117" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.0", + "version_value": "6.2.9200.24868" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.0", + "version_value": "6.2.9200.24868" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.9600.21972" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.9600.21972" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30009", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30009" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/30xxx/CVE-2024-30010.json b/2024/30xxx/CVE-2024-30010.json index f84d3292189..d346338677f 100644 --- a/2024/30xxx/CVE-2024-30010.json +++ b/2024/30xxx/CVE-2024-30010.json @@ -1,17 +1,182 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30010", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Windows Hyper-V Remote Code Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23: Relative Path Traversal", + "cweId": "CWE-23" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.17763.5820" + } + ] + } + }, + { + "product_name": "Windows Server 2022", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.20348.2461" + } + ] + } + }, + { + "product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.25398.887" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.6981" + } + ] + } + }, + { + "product_name": "Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.0.0", + "version_value": "10.0.14393.6981" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.0", + "version_value": "6.2.9200.24868" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.0", + "version_value": "6.2.9200.24868" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.9600.21972" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.9600.21972" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30010", + "refsource": "MISC", + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30010" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" } ] } diff --git a/2024/31xxx/CVE-2024-31079.json b/2024/31xxx/CVE-2024-31079.json new file mode 100644 index 00000000000..328fa27d37e --- /dev/null +++ b/2024/31xxx/CVE-2024-31079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31488.json b/2024/31xxx/CVE-2024-31488.json index ca53e5ddc55..0ba693d10f1 100644 --- a/2024/31xxx/CVE-2024-31488.json +++ b/2024/31xxx/CVE-2024-31488.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31488", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiNAC", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "9.4.0", + "version_value": "9.4.3" + }, + { + "version_affected": "<=", + "version_name": "9.2.0", + "version_value": "9.2.8" + }, + { + "version_affected": "<=", + "version_name": "9.1.0", + "version_value": "9.1.10" + }, + { + "version_affected": "<=", + "version_name": "8.8.0", + "version_value": "8.8.11" + }, + { + "version_affected": "<=", + "version_name": "8.7.0", + "version_value": "8.7.6" + }, + { + "version_affected": "<=", + "version_name": "7.2.0", + "version_value": "7.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-24-040", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-24-040" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiNAC version 9.4.5 or above \nPlease upgrade to FortiNAC version 7.4.0 or above \nPlease upgrade to FortiNAC version 7.2.4 or above \n" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C" } ] } diff --git a/2024/31xxx/CVE-2024-31491.json b/2024/31xxx/CVE-2024-31491.json index cbe47a6fde3..cb18d710ec2 100644 --- a/2024/31xxx/CVE-2024-31491.json +++ b/2024/31xxx/CVE-2024-31491.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31491", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-602" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiSandbox", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.4.0", + "version_value": "4.4.4" + }, + { + "version_affected": "<=", + "version_name": "4.2.0", + "version_value": "4.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-24-054", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-24-054" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiSandbox version 4.4.5 or above \nPlease upgrade to FortiSandbox version 4.2.7 or above \n" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X" } ] } diff --git a/2024/32xxx/CVE-2024-32355.json b/2024/32xxx/CVE-2024-32355.json index 63d1190eb5c..5e86921e8e0 100644 --- a/2024/32xxx/CVE-2024-32355.json +++ b/2024/32xxx/CVE-2024-32355.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-32355", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-32355", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.totolink.net/", + "refsource": "MISC", + "name": "https://www.totolink.net/" + }, + { + "refsource": "MISC", + "name": "https://github.com/1s1and123/Vulnerabilities/blob/main/device/ToToLink/X5000R/TOTOLink_X5000R_RCE.md", + "url": "https://github.com/1s1and123/Vulnerabilities/blob/main/device/ToToLink/X5000R/TOTOLink_X5000R_RCE.md" } ] } diff --git a/2024/32xxx/CVE-2024-32760.json b/2024/32xxx/CVE-2024-32760.json new file mode 100644 index 00000000000..49af062261a --- /dev/null +++ b/2024/32xxx/CVE-2024-32760.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-32760", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34161.json b/2024/34xxx/CVE-2024-34161.json new file mode 100644 index 00000000000..d548e49e22a --- /dev/null +++ b/2024/34xxx/CVE-2024-34161.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34161", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35200.json b/2024/35xxx/CVE-2024-35200.json new file mode 100644 index 00000000000..268596b405a --- /dev/null +++ b/2024/35xxx/CVE-2024-35200.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-35200", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4875.json b/2024/4xxx/CVE-2024-4875.json new file mode 100644 index 00000000000..3ee470bd9ff --- /dev/null +++ b/2024/4xxx/CVE-2024-4875.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4875", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file