From e81242cda9eff86a8f70d6263f2beaba0ee4a685 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 Jun 2024 16:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/30xxx/CVE-2023-30430.json | 84 ++++++++++++++++++++++++++++-- 2024/28xxx/CVE-2024-28820.json | 61 +++++++++++++++++++--- 2024/31xxx/CVE-2024-31883.json | 84 ++++++++++++++++++++++++++++-- 2024/37xxx/CVE-2024-37694.json | 2 +- 2024/39xxx/CVE-2024-39373.json | 94 ++++++++++++++++++++++++++++++++-- 2024/39xxx/CVE-2024-39669.json | 56 +++++++++++++++++--- 2024/6xxx/CVE-2024-6388.json | 89 ++++++++++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6389.json | 18 +++++++ 2024/6xxx/CVE-2024-6390.json | 18 +++++++ 2024/6xxx/CVE-2024-6391.json | 18 +++++++ 10 files changed, 494 insertions(+), 30 deletions(-) create mode 100644 2024/6xxx/CVE-2024-6389.json create mode 100644 2024/6xxx/CVE-2024-6390.json create mode 100644 2024/6xxx/CVE-2024-6391.json diff --git a/2023/30xxx/CVE-2023-30430.json b/2023/30xxx/CVE-2023-30430.json index e51e8fdea3a..96922bfdce4 100644 --- a/2023/30xxx/CVE-2023-30430.json +++ b/2023/30xxx/CVE-2023-30430.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30430", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: 252183." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532 Insertion of Sensitive Information into Log File", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Access", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "10.0.0.0", + "version_value": "10.0.7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7158789", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7158789" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252183", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/252183" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28820.json b/2024/28xxx/CVE-2024-28820.json index 26936d92276..9b0f6dea514 100644 --- a/2024/28xxx/CVE-2024-28820.json +++ b/2024/28xxx/CVE-2024-28820.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28820", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28820", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/threerings/openvpn-auth-ldap/tags", + "refsource": "MISC", + "name": "https://github.com/threerings/openvpn-auth-ldap/tags" + }, + { + "refsource": "MISC", + "name": "https://github.com/threerings/openvpn-auth-ldap/pull/92", + "url": "https://github.com/threerings/openvpn-auth-ldap/pull/92" } ] } diff --git a/2024/31xxx/CVE-2024-31883.json b/2024/31xxx/CVE-2024-31883.json index 351d7f882aa..b23710f880b 100644 --- a/2024/31xxx/CVE-2024-31883.json +++ b/2024/31xxx/CVE-2024-31883.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31883", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-703 Improper Check or Handling of Exceptional Conditions", + "cweId": "CWE-703" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Access", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "10.0.0.0", + "version_value": "10.0.7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7158789", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7158789" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287615", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287615" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/37xxx/CVE-2024-37694.json b/2024/37xxx/CVE-2024-37694.json index cefc1aa7b5b..75010726228 100644 --- a/2024/37xxx/CVE-2024-37694.json +++ b/2024/37xxx/CVE-2024-37694.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sensitive information because /arcgis/rest/services does not require authentication." + "value": "** DISPUTED ** ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sensitive information because /arcgis/rest/services does not require authentication. NOTE: the supplier disputes the vulnerability information, and also objects to the assignment process (unsupported when assigned from incorrect CNA)." } ] }, diff --git a/2024/39xxx/CVE-2024-39373.json b/2024/39xxx/CVE-2024-39373.json index 5a44a2d4cb9..881e10042e9 100644 --- a/2024/39xxx/CVE-2024-39373.json +++ b/2024/39xxx/CVE-2024-39373.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39373", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with administrative privileges." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "marKoni", + "product": { + "product_data": [ + { + "product_name": "Markoni-D (Compact) FM Transmitters", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.0.1" + } + ] + } + }, + { + "product_name": "Markoni-DH (Exciter+Amplifiers) FM Transmitters", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Markoni has released the following version to remediate these vulnerabilities:

TELSAT marKoni FM Transmitter: Version 2.0.1.

For more information, contact Markoni.

\n\n
" + } + ], + "value": "Markoni has released the following version to remediate these vulnerabilities:\n\nTELSAT marKoni FM Transmitter: Version 2.0.1.\n\nFor more information, contact Markoni https://www.markoni.it/contacts/ ." + } + ], + "credits": [ + { + "lang": "en", + "value": "CISA discovered a public Proof of Concept (PoC) as authored by Gjoko Krstic and reported it to marKoni." + } + ] } \ No newline at end of file diff --git a/2024/39xxx/CVE-2024-39669.json b/2024/39xxx/CVE-2024-39669.json index 85dac2a81be..aa0de2872da 100644 --- a/2024/39xxx/CVE-2024-39669.json +++ b/2024/39xxx/CVE-2024-39669.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-39669", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-39669", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bookstack.soffid.com/books/security-advisories/page/cve-2024-39669", + "url": "https://bookstack.soffid.com/books/security-advisories/page/cve-2024-39669" } ] } diff --git a/2024/6xxx/CVE-2024-6388.json b/2024/6xxx/CVE-2024-6388.json index 6a67c26a272..3634b7eedd9 100644 --- a/2024/6xxx/CVE-2024-6388.json +++ b/2024/6xxx/CVE-2024-6388.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6388", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@ubuntu.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-497", + "cweId": "CWE-497" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Canonical Ltd.", + "product": { + "product_data": [ + { + "product_name": "Ubuntu Advantage Desktop Pro", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2024-6388", + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2024-6388" + }, + { + "url": "https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24", + "refsource": "MISC", + "name": "https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Marco Trevisan" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/6xxx/CVE-2024-6389.json b/2024/6xxx/CVE-2024-6389.json new file mode 100644 index 00000000000..479041d6e29 --- /dev/null +++ b/2024/6xxx/CVE-2024-6389.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6389", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6390.json b/2024/6xxx/CVE-2024-6390.json new file mode 100644 index 00000000000..eb5f989a81b --- /dev/null +++ b/2024/6xxx/CVE-2024-6390.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6390", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6391.json b/2024/6xxx/CVE-2024-6391.json new file mode 100644 index 00000000000..e9056a65aef --- /dev/null +++ b/2024/6xxx/CVE-2024-6391.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6391", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file