From e73ef791c983a3e393d84604faa83e5daa3833c0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 16 May 2024 18:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/47xxx/CVE-2023-47717.json | 86 +++++++++++++++++++++++++-- 2024/1xxx/CVE-2024-1417.json | 79 +++++++++++++++++++++++-- 2024/27xxx/CVE-2024-27260.json | 16 ++++++ 2024/30xxx/CVE-2024-30378.json | 4 +- 2024/35xxx/CVE-2024-35304.json | 18 ++++++ 2024/35xxx/CVE-2024-35305.json | 18 ++++++ 2024/35xxx/CVE-2024-35306.json | 18 ++++++ 2024/35xxx/CVE-2024-35307.json | 18 ++++++ 2024/35xxx/CVE-2024-35308.json | 18 ++++++ 2024/3xxx/CVE-2024-3286.json | 102 +++++++++++++++++++++++++++++++-- 2024/5xxx/CVE-2024-5021.json | 18 ++++++ 2024/5xxx/CVE-2024-5022.json | 18 ++++++ 2024/5xxx/CVE-2024-5023.json | 18 ++++++ 13 files changed, 417 insertions(+), 14 deletions(-) create mode 100644 2024/35xxx/CVE-2024-35304.json create mode 100644 2024/35xxx/CVE-2024-35305.json create mode 100644 2024/35xxx/CVE-2024-35306.json create mode 100644 2024/35xxx/CVE-2024-35307.json create mode 100644 2024/35xxx/CVE-2024-35308.json create mode 100644 2024/5xxx/CVE-2024-5021.json create mode 100644 2024/5xxx/CVE-2024-5022.json create mode 100644 2024/5xxx/CVE-2024-5023.json diff --git a/2023/47xxx/CVE-2023-47717.json b/2023/47xxx/CVE-2023-47717.json index 3016eb9819c..a5889fed355 100644 --- a/2023/47xxx/CVE-2023-47717.json +++ b/2023/47xxx/CVE-2023-47717.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Guardium 12.0 could allow a privileged user to perform unauthorized actions that could lead to a denial of service. IBM X-Force ID: 271690." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVE-770 Allocation of Resources Without Limits or Throttling" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Guardium", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0" + }, + { + "version_affected": "=", + "version_value": "cpe:2.3:a:ibm:security_guardium:12.0:*:*:*:*:*:*:*" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7152469", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7152469" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271690", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271690" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/1xxx/CVE-2024-1417.json b/2024/1xxx/CVE-2024-1417.json index 847bf42630f..897ce22f0d0 100644 --- a/2024/1xxx/CVE-2024-1417.json +++ b/2024/1xxx/CVE-2024-1417.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1417", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@watchguard.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application.\nThis issue affects AuthPoint Password Manager for MacOS versions before 1.0.6.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WatchGuard", + "product": { + "product_data": [ + { + "product_name": "AuthPoint Password Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.0.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00006", + "refsource": "MISC", + "name": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00006" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/27xxx/CVE-2024-27260.json b/2024/27xxx/CVE-2024-27260.json index 7584ad1bb45..74d417aaeb0 100644 --- a/2024/27xxx/CVE-2024-27260.json +++ b/2024/27xxx/CVE-2024-27260.json @@ -42,6 +42,22 @@ { "version_affected": "=", "version_value": "7.2, 7.3, VIOS 3.1, VIOS 4.1" + }, + { + "version_affected": "=", + "version_value": "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*" + }, + { + "version_affected": "=", + "version_value": "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*" + }, + { + "version_affected": "=", + "version_value": "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*" + }, + { + "version_affected": "=", + "version_value": "cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*" } ] } diff --git a/2024/30xxx/CVE-2024-30378.json b/2024/30xxx/CVE-2024-30378.json index 79ea6ac64a8..4dbef9e64e9 100644 --- a/2024/30xxx/CVE-2024-30378.json +++ b/2024/30xxx/CVE-2024-30378.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition.\u00a0 The process crashes and restarts automatically.\n\nWhen specific CLI commands are executed, the bbe-smgd daemon attempts to write into an area of memory (mgd socket) that was already closed, causing the process to crash.\u00a0 This process manages and controls the configuration of broadband subscriber sessions and services.\u00a0 While the process is unavailable, additional subscribers will not be able to connect to the device, causing a temporary Denial of Service condition.\n\nThis issue only occurs if\u00a0Graceful Routing Engine Switchover (GRES) and Subscriber Management are enabled.\nThis issue affects Junos OS:\n\n\n * All versions before 20.4R3-S5, \n * from 21.1 before 21.1R3-S4, \n * from 21.2 before 21.2R3-S3, \n * from 21.3 before 21.3R3-S5, \n * from 21.4 before 21.4R3-S5, \n * from 22.1 before 22.1R3, \n * from 22.2 before 22.2R3, \n * from 22.3 before 22.3R2;\n\n\n\n\n\n\n\n\n\n" + "value": "A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition.\u00a0 The process crashes and restarts automatically.\n\nWhen specific CLI commands are executed, the bbe-smgd daemon attempts to write into an area of memory (mgd socket) that was already closed, causing the process to crash.\u00a0 This process manages and controls the configuration of broadband subscriber sessions and services.\u00a0 While the process is unavailable, additional subscribers will not be able to connect to the device, causing a temporary Denial of Service condition.\n\nThis issue only occurs if\u00a0Graceful Routing Engine Switchover (GRES) and Subscriber Management are enabled.\nThis issue affects Junos OS:\n\n\n * All versions before 20.4R3-S5, \n * from 21.1 before 21.1R3-S4, \n * from 21.2 before 21.2R3-S3, \n * from 21.3 before 21.3R3-S5, \n * from 21.4 before 21.4R3-S5, \n * from 22.1 before 22.1R3, \n * from 22.2 before 22.2R3, \n * from 22.3 before 22.3R2;" } ] }, @@ -169,7 +169,7 @@ "value": "The following software releases have been updated to resolve this specific issue: Junos OS: 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S5, 21.4R3-S5, 22.1R3, 22.2R3, 22.3R2, 22.4R1, and all subsequent releases.
" } ], - "value": "The following software releases have been updated to resolve this specific issue: Junos OS: 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S5, 21.4R3-S5, 22.1R3, 22.2R3, 22.3R2, 22.4R1, and all subsequent releases.\n" + "value": "The following software releases have been updated to resolve this specific issue: Junos OS: 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S5, 21.4R3-S5, 22.1R3, 22.2R3, 22.3R2, 22.4R1, and all subsequent releases." } ], "impact": { diff --git a/2024/35xxx/CVE-2024-35304.json b/2024/35xxx/CVE-2024-35304.json new file mode 100644 index 00000000000..c572c2c06ea --- /dev/null +++ b/2024/35xxx/CVE-2024-35304.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-35304", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35305.json b/2024/35xxx/CVE-2024-35305.json new file mode 100644 index 00000000000..5a427e4fab1 --- /dev/null +++ b/2024/35xxx/CVE-2024-35305.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-35305", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35306.json b/2024/35xxx/CVE-2024-35306.json new file mode 100644 index 00000000000..7b241b5a9b1 --- /dev/null +++ b/2024/35xxx/CVE-2024-35306.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-35306", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35307.json b/2024/35xxx/CVE-2024-35307.json new file mode 100644 index 00000000000..289cc5905d3 --- /dev/null +++ b/2024/35xxx/CVE-2024-35307.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-35307", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/35xxx/CVE-2024-35308.json b/2024/35xxx/CVE-2024-35308.json new file mode 100644 index 00000000000..1c2deed6409 --- /dev/null +++ b/2024/35xxx/CVE-2024-35308.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-35308", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3286.json b/2024/3xxx/CVE-2024-3286.json index 903bcb894e2..33d3503c513 100644 --- a/2024/3xxx/CVE-2024-3286.json +++ b/2024/3xxx/CVE-2024-3286.json @@ -1,17 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3286", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@lenovo.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nA buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request.\n\n\n\n\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lenovo", + "product": { + "product_data": [ + { + "product_name": "Printers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "various" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://iknow.lenovo.com.cn/detail/421500", + "refsource": "MISC", + "name": "https://iknow.lenovo.com.cn/detail/421500" + }, + { + "url": "https://www.lenovoimage.com/psirt/notice/158605.html", + "refsource": "MISC", + "name": "https://www.lenovoimage.com/psirt/notice/158605.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n

Update the printer firmware version (or higher) listed in the Customer Mitigation section of LEN-158605: \n\nhttps://iknow.lenovo.com.cn/detail/421500\n\n

\n" + } + ], + "value": "\nUpdate the printer firmware version (or higher) listed in the Customer Mitigation section of LEN-158605:\u00a0\n\n https://iknow.lenovo.com.cn/detail/421500 \n\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Lenovo thanks China Information Technology Innovation Vulnerability Database (CITIVD) and Chaitin for reporting this issue. " + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/5xxx/CVE-2024-5021.json b/2024/5xxx/CVE-2024-5021.json new file mode 100644 index 00000000000..0fa15be67f4 --- /dev/null +++ b/2024/5xxx/CVE-2024-5021.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5021", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5022.json b/2024/5xxx/CVE-2024-5022.json new file mode 100644 index 00000000000..43af63e1f66 --- /dev/null +++ b/2024/5xxx/CVE-2024-5022.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5022", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/5xxx/CVE-2024-5023.json b/2024/5xxx/CVE-2024-5023.json new file mode 100644 index 00000000000..328ce204de0 --- /dev/null +++ b/2024/5xxx/CVE-2024-5023.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-5023", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file