From e2ea77b9aba9cef902bcbbfea6de98cb968cd015 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 3 May 2024 01:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/34xxx/CVE-2024-34031.json | 97 ++++++++++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34032.json | 97 ++++++++++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34033.json | 97 ++++++++++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34398.json | 18 +++++++ 2024/34xxx/CVE-2024-34399.json | 18 +++++++ 2024/34xxx/CVE-2024-34400.json | 18 +++++++ 2024/34xxx/CVE-2024-34401.json | 62 ++++++++++++++++++++++ 2024/34xxx/CVE-2024-34402.json | 67 +++++++++++++++++++++++ 2024/34xxx/CVE-2024-34403.json | 67 +++++++++++++++++++++++ 2024/34xxx/CVE-2024-34404.json | 76 ++++++++++++++++++++++++++ 2024/34xxx/CVE-2024-34405.json | 18 +++++++ 2024/34xxx/CVE-2024-34406.json | 18 +++++++ 2024/4xxx/CVE-2024-4455.json | 18 +++++++ 13 files changed, 659 insertions(+), 12 deletions(-) create mode 100644 2024/34xxx/CVE-2024-34398.json create mode 100644 2024/34xxx/CVE-2024-34399.json create mode 100644 2024/34xxx/CVE-2024-34400.json create mode 100644 2024/34xxx/CVE-2024-34401.json create mode 100644 2024/34xxx/CVE-2024-34402.json create mode 100644 2024/34xxx/CVE-2024-34403.json create mode 100644 2024/34xxx/CVE-2024-34404.json create mode 100644 2024/34xxx/CVE-2024-34405.json create mode 100644 2024/34xxx/CVE-2024-34406.json create mode 100644 2024/4xxx/CVE-2024-4455.json diff --git a/2024/34xxx/CVE-2024-34031.json b/2024/34xxx/CVE-2024-34031.json index 194d0de9bd3..959ce764ceb 100644 --- a/2024/34xxx/CVE-2024-34031.json +++ b/2024/34xxx/CVE-2024-34031.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34031", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDelta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the script Handler_CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-89", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Delta Electronics", + "product": { + "product_data": [ + { + "product_name": "DIAEnergie ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.10.00.005" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nDelta Electronics recommends users update to DIAEnergie v1.10.01.004 to mitigate these vulnerabilities. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
" + } + ], + "value": "\nDelta Electronics recommends users update to DIAEnergie v1.10.01.004 to mitigate these vulnerabilities. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/34xxx/CVE-2024-34032.json b/2024/34xxx/CVE-2024-34032.json index 14b4347e94d..eeca6f24556 100644 --- a/2024/34xxx/CVE-2024-34032.json +++ b/2024/34xxx/CVE-2024-34032.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34032", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDelta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-89", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Delta Electronics", + "product": { + "product_data": [ + { + "product_name": "DIAEnergie ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.10.00.005" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nDelta Electronics recommends users update to DIAEnergie v1.10.01.004 to mitigate these vulnerabilities. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
" + } + ], + "value": "\nDelta Electronics recommends users update to DIAEnergie v1.10.01.004 to mitigate these vulnerabilities. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/34xxx/CVE-2024-34033.json b/2024/34xxx/CVE-2024-34033.json index b672c9b29ba..f5769a84e83 100644 --- a/2024/34xxx/CVE-2024-34033.json +++ b/2024/34xxx/CVE-2024-34033.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34033", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nDelta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Delta Electronics", + "product": { + "product_data": [ + { + "product_name": "DIAEnergie ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.10.00.005" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nDelta Electronics recommends users update to DIAEnergie v1.10.01.004 to mitigate these vulnerabilities. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n
" + } + ], + "value": "\nDelta Electronics recommends users update to DIAEnergie v1.10.01.004 to mitigate these vulnerabilities. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/34xxx/CVE-2024-34398.json b/2024/34xxx/CVE-2024-34398.json new file mode 100644 index 00000000000..ba0335c1ab5 --- /dev/null +++ b/2024/34xxx/CVE-2024-34398.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34398", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34399.json b/2024/34xxx/CVE-2024-34399.json new file mode 100644 index 00000000000..a15b3e3beb5 --- /dev/null +++ b/2024/34xxx/CVE-2024-34399.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34399", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34400.json b/2024/34xxx/CVE-2024-34400.json new file mode 100644 index 00000000000..2b2aec8959b --- /dev/null +++ b/2024/34xxx/CVE-2024-34400.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34400", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34401.json b/2024/34xxx/CVE-2024-34401.json new file mode 100644 index 00000000000..c1d553353b1 --- /dev/null +++ b/2024/34xxx/CVE-2024-34401.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-34401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ quiz_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/51988", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/51988" + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34402.json b/2024/34xxx/CVE-2024-34402.json new file mode 100644 index 00000000000..4886aa3829b --- /dev/null +++ b/2024/34xxx/CVE-2024-34402.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-34402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uriparser/uriparser/pull/185", + "refsource": "MISC", + "name": "https://github.com/uriparser/uriparser/pull/185" + }, + { + "url": "https://github.com/uriparser/uriparser/issues/183", + "refsource": "MISC", + "name": "https://github.com/uriparser/uriparser/issues/183" + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34403.json b/2024/34xxx/CVE-2024-34403.json new file mode 100644 index 00000000000..391fa70c6c3 --- /dev/null +++ b/2024/34xxx/CVE-2024-34403.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-34403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uriparser/uriparser/issues/183", + "refsource": "MISC", + "name": "https://github.com/uriparser/uriparser/issues/183" + }, + { + "url": "https://github.com/uriparser/uriparser/pull/186", + "refsource": "MISC", + "name": "https://github.com/uriparser/uriparser/pull/186" + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34404.json b/2024/34xxx/CVE-2024-34404.json new file mode 100644 index 00000000000..310211997b6 --- /dev/null +++ b/2024/34xxx/CVE-2024-34404.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-34404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was discovered in the Alta Recovery Vault feature of Veritas NetBackup before 10.4 and NetBackup Appliance before 5.4. By design, only the cloud administrator should be able to disable the retention lock of Governance mode images. This vulnerability allowed a NetBackup administrator to modify the expiration of backups under Governance mode (which could cause premature deletion)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.veritas.com/support/en_US/security/VTS24-004", + "refsource": "MISC", + "name": "https://www.veritas.com/support/en_US/security/VTS24-004" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:H/PR:H/S:C/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34405.json b/2024/34xxx/CVE-2024-34405.json new file mode 100644 index 00000000000..7043f51fe85 --- /dev/null +++ b/2024/34xxx/CVE-2024-34405.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34405", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34406.json b/2024/34xxx/CVE-2024-34406.json new file mode 100644 index 00000000000..41fbf73e645 --- /dev/null +++ b/2024/34xxx/CVE-2024-34406.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34406", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4455.json b/2024/4xxx/CVE-2024-4455.json new file mode 100644 index 00000000000..5053dad56a3 --- /dev/null +++ b/2024/4xxx/CVE-2024-4455.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4455", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file