diff --git a/2024/48xxx/CVE-2024-48119.json b/2024/48xxx/CVE-2024-48119.json
index 75ff3c1a0ec..83b535ebd62 100644
--- a/2024/48xxx/CVE-2024-48119.json
+++ b/2024/48xxx/CVE-2024-48119.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-48119",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-48119",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://okankurtulus.com.tr/2024/09/12/vtiger-crm-v8-2-0-html-injection-authenticated/",
+ "refsource": "MISC",
+ "name": "https://okankurtulus.com.tr/2024/09/12/vtiger-crm-v8-2-0-html-injection-authenticated/"
}
]
}
diff --git a/2024/48xxx/CVE-2024-48120.json b/2024/48xxx/CVE-2024-48120.json
index 50292aef06b..ebf7efc69e3 100644
--- a/2024/48xxx/CVE-2024-48120.json
+++ b/2024/48xxx/CVE-2024-48120.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-48120",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-48120",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the \"Opportunities\" module. An attacker can inject malicious JavaScript code into the \"Name\" field when creating a list."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://okankurtulus.com.tr/2024/09/12/x2crm-v8-5-stored-cross-site-scripting-xss-authenticated/",
+ "refsource": "MISC",
+ "name": "https://okankurtulus.com.tr/2024/09/12/x2crm-v8-5-stored-cross-site-scripting-xss-authenticated/"
}
]
}
diff --git a/2024/48xxx/CVE-2024-48253.json b/2024/48xxx/CVE-2024-48253.json
index 5056a4e1af0..25093e4591c 100644
--- a/2024/48xxx/CVE-2024-48253.json
+++ b/2024/48xxx/CVE-2024-48253.json
@@ -1,17 +1,71 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-48253",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-48253",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/magicbug/Cloudlog",
+ "refsource": "MISC",
+ "name": "https://github.com/magicbug/Cloudlog"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.magicbug.co.uk/cloudlog/",
+ "url": "https://www.magicbug.co.uk/cloudlog/"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://chiggerlor.substack.com/p/unauthenticated-sql-injection-in-9a3",
+ "url": "https://chiggerlor.substack.com/p/unauthenticated-sql-injection-in-9a3"
}
]
}
diff --git a/2024/49xxx/CVE-2024-49356.json b/2024/49xxx/CVE-2024-49356.json
new file mode 100644
index 00000000000..ca8144575dc
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49356.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49356",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49357.json b/2024/49xxx/CVE-2024-49357.json
new file mode 100644
index 00000000000..b8960364a65
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49357.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49357",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49358.json b/2024/49xxx/CVE-2024-49358.json
new file mode 100644
index 00000000000..c7b44e20c8b
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49358.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49358",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49359.json b/2024/49xxx/CVE-2024-49359.json
new file mode 100644
index 00000000000..c5c54ec7c0c
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49359.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49359",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49360.json b/2024/49xxx/CVE-2024-49360.json
new file mode 100644
index 00000000000..5051660eaa2
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49360.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49360",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49361.json b/2024/49xxx/CVE-2024-49361.json
new file mode 100644
index 00000000000..e41b3a229a7
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49361.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49361",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49362.json b/2024/49xxx/CVE-2024-49362.json
new file mode 100644
index 00000000000..5f75b93cee5
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49362.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49362",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49363.json b/2024/49xxx/CVE-2024-49363.json
new file mode 100644
index 00000000000..64a9b1fd290
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49363.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49363",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49364.json b/2024/49xxx/CVE-2024-49364.json
new file mode 100644
index 00000000000..e3a566e7800
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49364.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49364",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49365.json b/2024/49xxx/CVE-2024-49365.json
new file mode 100644
index 00000000000..8882d424780
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49365.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49365",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49366.json b/2024/49xxx/CVE-2024-49366.json
new file mode 100644
index 00000000000..19481942c26
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49366.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49366",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49367.json b/2024/49xxx/CVE-2024-49367.json
new file mode 100644
index 00000000000..293ad99dc8f
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49367.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49367",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49368.json b/2024/49xxx/CVE-2024-49368.json
new file mode 100644
index 00000000000..bb5d46bfdcf
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49368.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49368",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49369.json b/2024/49xxx/CVE-2024-49369.json
new file mode 100644
index 00000000000..5ce3ec04a0d
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49369.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49369",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49370.json b/2024/49xxx/CVE-2024-49370.json
new file mode 100644
index 00000000000..6985c210c66
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49370.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49370",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49371.json b/2024/49xxx/CVE-2024-49371.json
new file mode 100644
index 00000000000..a7d341689c4
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49371.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49371",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49372.json b/2024/49xxx/CVE-2024-49372.json
new file mode 100644
index 00000000000..1e04ea3b836
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49372.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49372",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49373.json b/2024/49xxx/CVE-2024-49373.json
new file mode 100644
index 00000000000..82148471d52
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49373.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49373",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49374.json b/2024/49xxx/CVE-2024-49374.json
new file mode 100644
index 00000000000..dd666ed41de
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49374.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49374",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49375.json b/2024/49xxx/CVE-2024-49375.json
new file mode 100644
index 00000000000..5c3b5f45634
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49375.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49375",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49376.json b/2024/49xxx/CVE-2024-49376.json
new file mode 100644
index 00000000000..70a14dc080f
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49376.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49376",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49377.json b/2024/49xxx/CVE-2024-49377.json
new file mode 100644
index 00000000000..e120280bcc5
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49377.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49377",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49378.json b/2024/49xxx/CVE-2024-49378.json
new file mode 100644
index 00000000000..008c2f82338
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49378.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49378",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49379.json b/2024/49xxx/CVE-2024-49379.json
new file mode 100644
index 00000000000..54371e8baea
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49379.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49379",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49380.json b/2024/49xxx/CVE-2024-49380.json
new file mode 100644
index 00000000000..cb5e8cc8b34
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49380.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49380",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/49xxx/CVE-2024-49381.json b/2024/49xxx/CVE-2024-49381.json
new file mode 100644
index 00000000000..836c9f6e316
--- /dev/null
+++ b/2024/49xxx/CVE-2024-49381.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-49381",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/7xxx/CVE-2024-7847.json b/2024/7xxx/CVE-2024-7847.json
index f20eeede40c..ae97f18b263 100644
--- a/2024/7xxx/CVE-2024-7847.json
+++ b/2024/7xxx/CVE-2024-7847.json
@@ -1,17 +1,128 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7847",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "PSIRT@rockwellautomation.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "VULNERABILITY DETAILS\n\nRockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. \n\nA feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. Connected devices may also be impacted by exploitation of this vulnerability."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-345 Insufficient Verification of Data Authenticity",
+ "cweId": "CWE-345"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Rockwell Automation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "RSLogix 500\u00ae",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "All"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "RSLogix\u2122 Micro Developer and Starter",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "All"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "RSLogix\u2122 5",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "All"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.html",
+ "refsource": "MISC",
+ "name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Mitigations and Workarounds
Users using the affected software are encouraged to apply the following mitigations and security best practices, where possible.
\u00b7 Deny the execution feature in FactoryTalk\u00ae Administration Console, when not needed, by navigating to \u201cPolicies\u201d, selecting \u2018\u201dEnable/Disable VBA\u201d, and then checking the \u201cDeny\u201d box to block VBA code execution.
\u00b7 Save project files in a Trusted\u00ae location where only administrators can modify it and verify file integrity.
\u00b7 Utilize the VBA editor protection feature, which locks the VBA code from viewing and editing by setting a password.
"
+ }
+ ],
+ "value": "Mitigations and Workarounds \n\nUsers using the affected software are encouraged to apply the following mitigations and security best practices, where possible. \n\n\u00b7 \u00a0 \u00a0 \u00a0 Deny the execution feature in FactoryTalk\u00ae Administration Console, when not needed, by navigating to \u201cPolicies\u201d, selecting \u2018\u201dEnable/Disable VBA\u201d, and then checking the \u201cDeny\u201d box to block VBA code execution.\n\n\u00b7 \u00a0 \u00a0 \u00a0 Save project files in a Trusted\u00ae location where only administrators can modify it and verify file integrity.\n\n\u00b7 \u00a0 \u00a0 \u00a0 Utilize the VBA editor protection feature, which locks the VBA code from viewing and editing by setting a password."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Sharon Brizinov of Claroty Research - Team82"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.7,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2024/8xxx/CVE-2024-8602.json b/2024/8xxx/CVE-2024-8602.json
index d5ba1f8e94f..308dd51b45c 100644
--- a/2024/8xxx/CVE-2024-8602.json
+++ b/2024/8xxx/CVE-2024-8602.json
@@ -1,18 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8602",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vulnerability@ncsc.ch",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE (XML External Entity) attack. Further information on this can be found on the website of the Open Worldwide Application Security Project (OWASP). An attacker could theoretically leverage this by delivering a manipulated PDF file to the target, and depending on the environment, various actions can be executed. These actions include:\n\n * Reading files from the operating system\n * Crashing the thread handling the parsing or causing it to enter an infinite loop\n * Executing HTTP requests\n * Loading additional DTDs or XML files\n * Under certain conditions, executing OS commands"
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-611 Improper Restriction of XML External Entity Reference",
+ "cweId": "CWE-611"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Schweizerische Steuerkonferenz",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Library taxstatement.jar",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2.2.2"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "2.2.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://esteuer.ewv-ete.ch/fileadmin/esta/2024-10-09-update/24_09_esta_newsletter_de.pdf",
+ "refsource": "MISC",
+ "name": "https://esteuer.ewv-ete.ch/fileadmin/esta/2024-10-09-update/24_09_esta_newsletter_de.pdf"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Upgrade the used version of the library to 2.2.4.1"
+ }
+ ],
+ "value": "Upgrade the used version of the library to 2.2.4.1"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Manuel Kiesel - cyllective AG"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9934.json b/2024/9xxx/CVE-2024-9934.json
new file mode 100644
index 00000000000..ac949085f5c
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9934.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9934",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9935.json b/2024/9xxx/CVE-2024-9935.json
new file mode 100644
index 00000000000..a5bdaae6918
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9935.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9935",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2024/9xxx/CVE-2024-9936.json b/2024/9xxx/CVE-2024-9936.json
new file mode 100644
index 00000000000..09e4a6d4e39
--- /dev/null
+++ b/2024/9xxx/CVE-2024-9936.json
@@ -0,0 +1,75 @@
+{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2024-9936",
+ "ASSIGNER": "security@mozilla.org",
+ "STATE": "PUBLIC"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Undefined behavior in selection node cache"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Mozilla",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Firefox",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "unspecified",
+ "version_value": "131.0.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1920381",
+ "refsource": "MISC",
+ "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1920381"
+ },
+ {
+ "url": "https://www.mozilla.org/security/advisories/mfsa2024-53/",
+ "refsource": "MISC",
+ "name": "https://www.mozilla.org/security/advisories/mfsa2024-53/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Atte Kettunen"
+ }
+ ]
+}
\ No newline at end of file