admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-11 17:00:36 +00:00
parent 7cbce61bc8
commit f1eccad4a1
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
37 changed files with 4758 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
2017/15xxx/CVE-2017-15587.json
View File

@ -71,6 +71,21 @@
"name": "http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8"
},
{
"refsource": "CONFIRM",
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698605",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698605"
},
{
"refsource": "CONFIRM",
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698704",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698704"
},
{
"refsource": "MISC",
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=d18bc728e46c5a5708f14d27c2b6c44e1d0c3232",
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=d18bc728e46c5a5708f14d27c2b6c44e1d0c3232"
}
]
}

10
2017/6xxx/CVE-2017-6060.json
View File

@ -81,6 +81,16 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210923 [SECURITY] [DLA 2765-1] mupdf security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00013.html"
},
{
"refsource": "MISC",
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=06a012a42c9884e3cd653e7826cff1ddec04eb6e",
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=06a012a42c9884e3cd653e7826cff1ddec04eb6e"
},
{
"refsource": "MISC",
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=e089b2e2c1d38c5696c7dfd741e21f8f3ef22b14",
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=e089b2e2c1d38c5696c7dfd741e21f8f3ef22b14"
}
]
}

5
2017/9xxx/CVE-2017-9216.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211028 [SECURITY] [DLA 2796-1] jbig2dec security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00023.html"
},
{
"refsource": "MISC",
"name": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ebffb1d96ba0cacec23016eccb4047dab365853",
"url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ebffb1d96ba0cacec23016eccb4047dab365853"
}
]
}

5
2018/6xxx/CVE-2018-6187.json
View File

@ -71,6 +71,11 @@
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698908",
"refsource": "MISC",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698908"
},
{
"refsource": "MISC",
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=3e30fbb7bf5efd88df431e366492356e7eb969ec",
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=3e30fbb7bf5efd88df431e366492356e7eb969ec"
}
]
}

5
2018/6xxx/CVE-2018-6192.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190628 [SECURITY] [DLA 1838-1] mupdf security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html"
},
{
"refsource": "MISC",
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=5e411a99604ff6be5db9e273ee84737204113299",
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=5e411a99604ff6be5db9e273ee84737204113299"
}
]
}

6
2023/3xxx/CVE-2023-3640.json
View File

@ -131,6 +131,12 @@
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank 77pray (Syclover Security Team) for reporting this issue."
}
],
"impact": {
"cvss": [
{

153
2024/20xxx/CVE-2024-20304.json
View File

@ -1,17 +1,162 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20304",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device.\r\n\r\nThis vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition.\r\nNote: This vulnerability can be exploited using IPv4 or IPv6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Release of Memory after Effective Lifetime",
"cweId": "CWE-401"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.8.1"
},
{
"version_affected": "=",
"version_value": "7.8.12"
},
{
"version_affected": "=",
"version_value": "7.7.1"
},
{
"version_affected": "=",
"version_value": "7.7.2"
},
{
"version_affected": "=",
"version_value": "7.9.1"
},
{
"version_affected": "=",
"version_value": "7.10.1"
},
{
"version_affected": "=",
"version_value": "7.8.2"
},
{
"version_affected": "=",
"version_value": "7.8.22"
},
{
"version_affected": "=",
"version_value": "7.7.21"
},
{
"version_affected": "=",
"version_value": "7.9.2"
},
{
"version_affected": "=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.9.21"
},
{
"version_affected": "=",
"version_value": "7.10.2"
},
{
"version_affected": "=",
"version_value": "24.1.1"
},
{
"version_affected": "=",
"version_value": "7.11.2"
},
{
"version_affected": "=",
"version_value": "24.2.1"
},
{
"version_affected": "=",
"version_value": "24.1.2"
},
{
"version_affected": "=",
"version_value": "24.2.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy"
}
]
},
"source": {
"advisory": "cisco-sa-pak-mem-exhst-3ke9FeFy",
"discovery": "EXTERNAL",
"defects": [
"CSCwk63828"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

121
2024/20xxx/CVE-2024-20317.json
View File

@ -1,17 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20317",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface. An attacker could exploit this vulnerability by sending specific types of Ethernet frames to or through the affected device. A successful exploit could allow the attacker to cause control plane protocol relationships to fail, resulting in a DoS condition. For more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Provision of Specified Functionality",
"cweId": "CWE-684"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.7.1"
},
{
"version_affected": "=",
"version_value": "7.8.1"
},
{
"version_affected": "=",
"version_value": "7.7.2"
},
{
"version_affected": "=",
"version_value": "7.9.1"
},
{
"version_affected": "=",
"version_value": "7.8.2"
},
{
"version_affected": "=",
"version_value": "7.8.22"
},
{
"version_affected": "=",
"version_value": "7.10.1"
},
{
"version_affected": "=",
"version_value": "7.7.21"
},
{
"version_affected": "=",
"version_value": "7.9.2"
},
{
"version_affected": "=",
"version_value": "7.9.21"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC"
}
]
},
"source": {
"advisory": "cisco-sa-l2services-2mvHdNuC",
"discovery": "EXTERNAL",
"defects": [
"CSCwh30122"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

345
2024/20xxx/CVE-2024-20343.json
View File

@ -1,17 +1,354 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20343",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device.\r\n\r\nThis vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.5.3"
},
{
"version_affected": "=",
"version_value": "6.6.1"
},
{
"version_affected": "=",
"version_value": "6.5.2"
},
{
"version_affected": "=",
"version_value": "6.5.92"
},
{
"version_affected": "=",
"version_value": "6.5.1"
},
{
"version_affected": "=",
"version_value": "6.5.15"
},
{
"version_affected": "=",
"version_value": "6.6.2"
},
{
"version_affected": "=",
"version_value": "7.0.1"
},
{
"version_affected": "=",
"version_value": "6.6.25"
},
{
"version_affected": "=",
"version_value": "6.6.11"
},
{
"version_affected": "=",
"version_value": "6.5.93"
},
{
"version_affected": "=",
"version_value": "6.6.12"
},
{
"version_affected": "=",
"version_value": "7.0.0"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.0.90"
},
{
"version_affected": "=",
"version_value": "6.6.3"
},
{
"version_affected": "=",
"version_value": "7.0.2"
},
{
"version_affected": "=",
"version_value": "7.1.15"
},
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "=",
"version_value": "7.2.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "7.0.11"
},
{
"version_affected": "=",
"version_value": "7.0.12"
},
{
"version_affected": "=",
"version_value": "7.0.14"
},
{
"version_affected": "=",
"version_value": "7.1.25"
},
{
"version_affected": "=",
"version_value": "6.6.4"
},
{
"version_affected": "=",
"version_value": "7.2.12"
},
{
"version_affected": "=",
"version_value": "7.3.1"
},
{
"version_affected": "=",
"version_value": "7.1.3"
},
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.2.2"
},
{
"version_affected": "=",
"version_value": "7.3.15"
},
{
"version_affected": "=",
"version_value": "7.3.16"
},
{
"version_affected": "=",
"version_value": "7.4.15"
},
{
"version_affected": "=",
"version_value": "7.3.2"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.4.16"
},
{
"version_affected": "=",
"version_value": "7.3.27"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.8.1"
},
{
"version_affected": "=",
"version_value": "7.6.15"
},
{
"version_affected": "=",
"version_value": "7.5.12"
},
{
"version_affected": "=",
"version_value": "7.8.12"
},
{
"version_affected": "=",
"version_value": "7.3.3"
},
{
"version_affected": "=",
"version_value": "7.7.1"
},
{
"version_affected": "=",
"version_value": "7.3.4"
},
{
"version_affected": "=",
"version_value": "7.4.2"
},
{
"version_affected": "=",
"version_value": "7.6.2"
},
{
"version_affected": "=",
"version_value": "7.5.3"
},
{
"version_affected": "=",
"version_value": "7.7.2"
},
{
"version_affected": "=",
"version_value": "7.9.1"
},
{
"version_affected": "=",
"version_value": "7.10.1"
},
{
"version_affected": "=",
"version_value": "7.8.2"
},
{
"version_affected": "=",
"version_value": "7.5.4"
},
{
"version_affected": "=",
"version_value": "7.8.22"
},
{
"version_affected": "=",
"version_value": "7.7.21"
},
{
"version_affected": "=",
"version_value": "7.9.2"
},
{
"version_affected": "=",
"version_value": "7.3.5"
},
{
"version_affected": "=",
"version_value": "7.5.5"
},
{
"version_affected": "=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.9.21"
},
{
"version_affected": "=",
"version_value": "7.10.2"
},
{
"version_affected": "=",
"version_value": "24.1.1"
},
{
"version_affected": "=",
"version_value": "7.3.6"
},
{
"version_affected": "=",
"version_value": "7.5.52"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-shellutil-HCb278wD",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-shellutil-HCb278wD"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-shellutil-HCb278wD",
"discovery": "EXTERNAL",
"defects": [
"CSCwi71881"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
}
]
}

1211
2024/20xxx/CVE-2024-20381.json
View File

File diff suppressed because it is too large Load Diff

425
2024/20xxx/CVE-2024-20390.json
View File

@ -1,17 +1,434 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20390",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751.\r\n\r\nThis vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Verification of Source of a Communication Channel",
"cweId": "CWE-940"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.5.3"
},
{
"version_affected": "=",
"version_value": "6.5.29"
},
{
"version_affected": "=",
"version_value": "6.5.1"
},
{
"version_affected": "=",
"version_value": "6.6.1"
},
{
"version_affected": "=",
"version_value": "6.5.2"
},
{
"version_affected": "=",
"version_value": "6.5.92"
},
{
"version_affected": "=",
"version_value": "6.5.15"
},
{
"version_affected": "=",
"version_value": "6.6.2"
},
{
"version_affected": "=",
"version_value": "7.0.1"
},
{
"version_affected": "=",
"version_value": "6.6.25"
},
{
"version_affected": "=",
"version_value": "6.5.26"
},
{
"version_affected": "=",
"version_value": "6.6.11"
},
{
"version_affected": "=",
"version_value": "6.5.25"
},
{
"version_affected": "=",
"version_value": "6.5.28"
},
{
"version_affected": "=",
"version_value": "6.5.93"
},
{
"version_affected": "=",
"version_value": "6.6.12"
},
{
"version_affected": "=",
"version_value": "6.5.90"
},
{
"version_affected": "=",
"version_value": "7.0.0"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.0.90"
},
{
"version_affected": "=",
"version_value": "6.6.3"
},
{
"version_affected": "=",
"version_value": "6.7.1"
},
{
"version_affected": "=",
"version_value": "7.0.2"
},
{
"version_affected": "=",
"version_value": "7.1.15"
},
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "=",
"version_value": "7.2.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "6.7.2"
},
{
"version_affected": "=",
"version_value": "7.0.11"
},
{
"version_affected": "=",
"version_value": "7.0.12"
},
{
"version_affected": "=",
"version_value": "7.0.14"
},
{
"version_affected": "=",
"version_value": "7.1.25"
},
{
"version_affected": "=",
"version_value": "6.6.4"
},
{
"version_affected": "=",
"version_value": "7.2.12"
},
{
"version_affected": "=",
"version_value": "7.3.1"
},
{
"version_affected": "=",
"version_value": "7.1.3"
},
{
"version_affected": "=",
"version_value": "6.7.3"
},
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.2.2"
},
{
"version_affected": "=",
"version_value": "6.7.4"
},
{
"version_affected": "=",
"version_value": "6.5.31"
},
{
"version_affected": "=",
"version_value": "7.3.15"
},
{
"version_affected": "=",
"version_value": "7.3.16"
},
{
"version_affected": "=",
"version_value": "6.8.1"
},
{
"version_affected": "=",
"version_value": "7.4.15"
},
{
"version_affected": "=",
"version_value": "6.5.32"
},
{
"version_affected": "=",
"version_value": "7.3.2"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.4.16"
},
{
"version_affected": "=",
"version_value": "7.3.27"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.8.1"
},
{
"version_affected": "=",
"version_value": "7.6.15"
},
{
"version_affected": "=",
"version_value": "7.5.12"
},
{
"version_affected": "=",
"version_value": "7.8.12"
},
{
"version_affected": "=",
"version_value": "7.3.3"
},
{
"version_affected": "=",
"version_value": "7.7.1"
},
{
"version_affected": "=",
"version_value": "6.8.2"
},
{
"version_affected": "=",
"version_value": "7.3.4"
},
{
"version_affected": "=",
"version_value": "7.4.2"
},
{
"version_affected": "=",
"version_value": "6.7.35"
},
{
"version_affected": "=",
"version_value": "6.9.1"
},
{
"version_affected": "=",
"version_value": "7.6.2"
},
{
"version_affected": "=",
"version_value": "7.5.3"
},
{
"version_affected": "=",
"version_value": "7.7.2"
},
{
"version_affected": "=",
"version_value": "6.9.2"
},
{
"version_affected": "=",
"version_value": "7.9.1"
},
{
"version_affected": "=",
"version_value": "7.10.1"
},
{
"version_affected": "=",
"version_value": "7.8.2"
},
{
"version_affected": "=",
"version_value": "7.5.4"
},
{
"version_affected": "=",
"version_value": "6.5.33"
},
{
"version_affected": "=",
"version_value": "7.8.22"
},
{
"version_affected": "=",
"version_value": "7.7.21"
},
{
"version_affected": "=",
"version_value": "7.9.2"
},
{
"version_affected": "=",
"version_value": "7.3.5"
},
{
"version_affected": "=",
"version_value": "7.5.5"
},
{
"version_affected": "=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.9.21"
},
{
"version_affected": "=",
"version_value": "7.10.2"
},
{
"version_affected": "=",
"version_value": "24.1.1"
},
{
"version_affected": "=",
"version_value": "7.6.3"
},
{
"version_affected": "=",
"version_value": "7.3.6"
},
{
"version_affected": "=",
"version_value": "7.5.52"
},
{
"version_affected": "=",
"version_value": "7.11.2"
},
{
"version_affected": "=",
"version_value": "24.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-xml-tcpdos-ZEXvrU2S",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-xml-tcpdos-ZEXvrU2S"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-xml-tcpdos-ZEXvrU2S",
"discovery": "EXTERNAL",
"defects": [
"CSCwj39201"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
}
]
}

385
2024/20xxx/CVE-2024-20398.json
View File

@ -1,17 +1,394 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20398",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.5.3"
},
{
"version_affected": "=",
"version_value": "6.5.29"
},
{
"version_affected": "=",
"version_value": "6.5.1"
},
{
"version_affected": "=",
"version_value": "6.6.1"
},
{
"version_affected": "=",
"version_value": "6.5.2"
},
{
"version_affected": "=",
"version_value": "6.5.92"
},
{
"version_affected": "=",
"version_value": "6.5.15"
},
{
"version_affected": "=",
"version_value": "6.6.2"
},
{
"version_affected": "=",
"version_value": "7.0.1"
},
{
"version_affected": "=",
"version_value": "6.6.25"
},
{
"version_affected": "=",
"version_value": "6.5.26"
},
{
"version_affected": "=",
"version_value": "6.6.11"
},
{
"version_affected": "=",
"version_value": "6.5.25"
},
{
"version_affected": "=",
"version_value": "6.5.28"
},
{
"version_affected": "=",
"version_value": "6.5.93"
},
{
"version_affected": "=",
"version_value": "6.6.12"
},
{
"version_affected": "=",
"version_value": "6.5.90"
},
{
"version_affected": "=",
"version_value": "7.0.0"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.0.90"
},
{
"version_affected": "=",
"version_value": "6.6.3"
},
{
"version_affected": "=",
"version_value": "7.0.2"
},
{
"version_affected": "=",
"version_value": "7.1.15"
},
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "=",
"version_value": "7.2.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "7.0.11"
},
{
"version_affected": "=",
"version_value": "7.0.12"
},
{
"version_affected": "=",
"version_value": "7.0.14"
},
{
"version_affected": "=",
"version_value": "7.1.25"
},
{
"version_affected": "=",
"version_value": "6.6.4"
},
{
"version_affected": "=",
"version_value": "7.2.12"
},
{
"version_affected": "=",
"version_value": "7.3.1"
},
{
"version_affected": "=",
"version_value": "7.1.3"
},
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "7.2.2"
},
{
"version_affected": "=",
"version_value": "6.5.31"
},
{
"version_affected": "=",
"version_value": "7.3.15"
},
{
"version_affected": "=",
"version_value": "7.3.16"
},
{
"version_affected": "=",
"version_value": "7.4.15"
},
{
"version_affected": "=",
"version_value": "6.5.32"
},
{
"version_affected": "=",
"version_value": "7.3.2"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.4.16"
},
{
"version_affected": "=",
"version_value": "7.3.27"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.8.1"
},
{
"version_affected": "=",
"version_value": "7.6.15"
},
{
"version_affected": "=",
"version_value": "7.5.12"
},
{
"version_affected": "=",
"version_value": "7.8.12"
},
{
"version_affected": "=",
"version_value": "7.3.3"
},
{
"version_affected": "=",
"version_value": "7.7.1"
},
{
"version_affected": "=",
"version_value": "7.3.4"
},
{
"version_affected": "=",
"version_value": "7.4.2"
},
{
"version_affected": "=",
"version_value": "7.6.2"
},
{
"version_affected": "=",
"version_value": "7.5.3"
},
{
"version_affected": "=",
"version_value": "7.7.2"
},
{
"version_affected": "=",
"version_value": "7.9.1"
},
{
"version_affected": "=",
"version_value": "7.10.1"
},
{
"version_affected": "=",
"version_value": "7.8.2"
},
{
"version_affected": "=",
"version_value": "7.5.4"
},
{
"version_affected": "=",
"version_value": "6.5.33"
},
{
"version_affected": "=",
"version_value": "7.8.22"
},
{
"version_affected": "=",
"version_value": "7.7.21"
},
{
"version_affected": "=",
"version_value": "7.9.2"
},
{
"version_affected": "=",
"version_value": "7.3.5"
},
{
"version_affected": "=",
"version_value": "7.5.5"
},
{
"version_affected": "=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.9.21"
},
{
"version_affected": "=",
"version_value": "7.10.2"
},
{
"version_affected": "=",
"version_value": "24.1.1"
},
{
"version_affected": "=",
"version_value": "7.6.3"
},
{
"version_affected": "=",
"version_value": "7.3.6"
},
{
"version_affected": "=",
"version_value": "7.5.52"
},
{
"version_affected": "=",
"version_value": "7.11.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-priv-esc-CrG5vhCq",
"discovery": "EXTERNAL",
"defects": [
"CSCwj25248"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

201
2024/20xxx/CVE-2024-20406.json
View File

@ -1,17 +1,210 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20406",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending specific IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process on all affected devices that are participating in the Flexible Algorithm to crash and restart, resulting in a DoS condition.\r\nNote: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency. This vulnerability affects segment routing for IS-IS over IPv4 and IPv6 control planes as well as devices that are configured as level 1, level 2, or multi-level routing IS-IS type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.4.1"
},
{
"version_affected": "=",
"version_value": "6.8.1"
},
{
"version_affected": "=",
"version_value": "7.4.15"
},
{
"version_affected": "=",
"version_value": "7.5.1"
},
{
"version_affected": "=",
"version_value": "7.4.16"
},
{
"version_affected": "=",
"version_value": "7.6.1"
},
{
"version_affected": "=",
"version_value": "7.5.2"
},
{
"version_affected": "=",
"version_value": "7.8.1"
},
{
"version_affected": "=",
"version_value": "7.6.15"
},
{
"version_affected": "=",
"version_value": "7.5.12"
},
{
"version_affected": "=",
"version_value": "7.7.1"
},
{
"version_affected": "=",
"version_value": "6.8.2"
},
{
"version_affected": "=",
"version_value": "7.4.2"
},
{
"version_affected": "=",
"version_value": "6.9.1"
},
{
"version_affected": "=",
"version_value": "7.6.2"
},
{
"version_affected": "=",
"version_value": "7.5.3"
},
{
"version_affected": "=",
"version_value": "7.7.2"
},
{
"version_affected": "=",
"version_value": "6.9.2"
},
{
"version_affected": "=",
"version_value": "7.9.1"
},
{
"version_affected": "=",
"version_value": "7.10.1"
},
{
"version_affected": "=",
"version_value": "7.8.2"
},
{
"version_affected": "=",
"version_value": "7.5.4"
},
{
"version_affected": "=",
"version_value": "7.8.22"
},
{
"version_affected": "=",
"version_value": "7.7.21"
},
{
"version_affected": "=",
"version_value": "7.9.2"
},
{
"version_affected": "=",
"version_value": "7.5.5"
},
{
"version_affected": "=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.9.21"
},
{
"version_affected": "=",
"version_value": "7.10.2"
},
{
"version_affected": "=",
"version_value": "7.6.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-xehpbVNe",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-xehpbVNe"
}
]
},
"source": {
"advisory": "cisco-sa-isis-xehpbVNe",
"discovery": "EXTERNAL",
"defects": [
"CSCwi39542"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

101
2024/20xxx/CVE-2024-20483.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20483",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root.\r\n\r\nThese vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. An attacker could exploit these vulnerabilities by including crafted input as the argument of an affected configuration command. A successful exploit could allow the attacker to execute arbitrary commands as root on the PON controller."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "24.1.1"
},
{
"version_affected": "=",
"version_value": "24.2.1"
},
{
"version_affected": "=",
"version_value": "24.1.2"
},
{
"version_affected": "=",
"version_value": "24.2.11"
},
{
"version_affected": "=",
"version_value": "24.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-ponctlr-ci-OHcHmsFL",
"discovery": "INTERNAL",
"defects": [
"CSCwi81011"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

101
2024/20xxx/CVE-2024-20489.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20489",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.\r\n\r\nThis vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unprotected Storage of Credentials",
"cweId": "CWE-256"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "24.1.1"
},
{
"version_affected": "=",
"version_value": "24.2.1"
},
{
"version_affected": "=",
"version_value": "24.1.2"
},
{
"version_affected": "=",
"version_value": "24.2.11"
},
{
"version_affected": "=",
"version_value": "24.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL"
}
]
},
"source": {
"advisory": "cisco-sa-iosxr-ponctlr-ci-OHcHmsFL",
"discovery": "INTERNAL",
"defects": [
"CSCwi81017"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

103
2024/39xxx/CVE-2024-39378.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39378",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@adobe.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Adobe",
"product": {
"product_data": [
{
"product_name": "Audition",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "23.6.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://helpx.adobe.com/security/products/audition/apsb24-54.html",
"refsource": "MISC",
"name": "https://helpx.adobe.com/security/products/audition/apsb24-54.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

103
2024/41xxx/CVE-2024-41868.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41868",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@adobe.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Adobe",
"product": {
"product_data": [
{
"product_name": "Audition",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "23.6.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://helpx.adobe.com/security/products/audition/apsb24-54.html",
"refsource": "MISC",
"name": "https://helpx.adobe.com/security/products/audition/apsb24-54.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

61
2024/44xxx/CVE-2024-44570.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44570",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.relyum.com/web/support/vulnerability-report/",
"url": "https://www.relyum.com/web/support/vulnerability-report/"
},
{
"url": "http://system-on-chip.com",
"refsource": "MISC",
"name": "http://system-on-chip.com"
}
]
}

61
2024/44xxx/CVE-2024-44571.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44571",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.relyum.com/web/support/vulnerability-report/",
"url": "https://www.relyum.com/web/support/vulnerability-report/"
},
{
"url": "http://system-on-chip.com",
"refsource": "MISC",
"name": "http://system-on-chip.com"
}
]
}

110
2024/8xxx/CVE-2024-8097.json
View File

@ -1,18 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8097",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@payara.fish",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.191.0 before 4.1.2.191.50."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Payara Platform",
"product": {
"product_data": [
{
"product_name": "Payara Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.0.0",
"version_value": "6.18.0"
},
{
"version_affected": "<",
"version_name": "6.2022.1",
"version_value": "6.2024.9"
},
{
"version_affected": "<",
"version_name": "5.20.0",
"version_value": "5.67.0"
},
{
"version_affected": "<",
"version_name": "5.2020.2",
"version_value": "5.2022.5"
},
{
"version_affected": "<",
"version_name": "4.1.2.191.0",
"version_value": "4.1.2.191.50"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2024.9.html",
"refsource": "MISC",
"name": "https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2024.9.html"
},
{
"url": "https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html",
"refsource": "MISC",
"name": "https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UPSTREAM"
},
"credits": [
{
"lang": "en",
"value": "Marco Ventura"
},
{
"lang": "en",
"value": "Claudia Bartolini"
},
{
"lang": "en",
"value": "Andrea Carlo Maria Dattola"
},
{
"lang": "en",
"value": "Debora Esposito"
},
{
"lang": "en",
"value": "Massimiliano Brolli"
}
]
}

165
2024/8xxx/CVE-2024-8686.json
View File

@ -1,18 +1,173 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8686",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "11.2.2",
"status": "unaffected",
"version": "11.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "11.2.2"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"status": "unaffected",
"version": "11.0.0"
},
{
"status": "unaffected",
"version": "10.2.0"
},
{
"status": "unaffected",
"version": "10.1.0"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Cloud NGFW",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Prisma Access",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-8686",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-8686"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"PAN-263321"
],
"discovery": "EXTERNAL"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 11.2.3 and all later PAN-OS versions.<br>"
}
],
"value": "This issue is fixed in PAN-OS 11.2.3 and all later PAN-OS versions."
}
],
"credits": [
{
"lang": "en",
"value": "Louis Lingg"
}
]
}

345
2024/8xxx/CVE-2024-8687.json
View File

@ -1,18 +1,353 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8687",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the GlobalProtect app configuration would not normally permit them to do so."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"cweId": "CWE-497"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "11.1.0"
},
{
"status": "unaffected",
"version": "11.2.0"
},
{
"changes": [
{
"at": "11.0.1",
"status": "unaffected"
}
],
"lessThan": "11.0.1",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.4",
"status": "unaffected"
}
],
"lessThan": "10.2.4",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.9",
"status": "unaffected"
}
],
"lessThan": "10.1.9",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.0.12",
"status": "unaffected"
}
],
"lessThan": "10.0.12",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "9.1.16",
"status": "unaffected"
}
],
"lessThan": "9.1.16",
"status": "affected",
"version": "9.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "9.0.17",
"status": "unaffected"
}
],
"lessThan": "9.0.17",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.1.25",
"status": "unaffected"
}
],
"lessThan": "8.1.25",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "5.1.12",
"status": "unaffected"
}
],
"lessThan": "5.1.12",
"status": "affected",
"version": "5.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.2.13",
"status": "unaffected"
}
],
"lessThan": "5.2.13",
"status": "affected",
"version": "5.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.0.7",
"status": "unaffected"
}
],
"lessThan": "6.0.7",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.1.2",
"status": "unaffected"
}
],
"lessThan": "6.1.2",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.2.1",
"status": "unaffected"
}
],
"lessThan": "6.2.1",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.3.0"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Cloud NGFW",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Prisma Access",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "10.2.9 on PAN-OS",
"status": "unaffected"
}
],
"lessThan": "10.2.9 on PAN-OS",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-8687",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-8687"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"PAN-204689",
"GPC-16848"
],
"discovery": "EXTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Impacted systems are those on which any of the following features are enabled:<br>* Network &gt; GlobalProtect &gt; Portals &gt; &gt; Agent &gt; &gt; App &gt; Allow User to Disable GlobalProtect App &gt; Allow with Passcode<br>* Network &gt; GlobalProtect &gt; Portals &gt; &gt; Agent &gt; &gt; App &gt; Allow user to disconnect GlobalProtect App &gt; Allow with Passcode<br>* Network &gt; GlobalProtect &gt; Portals &gt; &gt; Agent &gt; &gt; App &gt; Allow User to Uninstall GlobalProtect App &gt; Allow with Password"
}
],
"value": "Impacted systems are those on which any of the following features are enabled:\n* Network > GlobalProtect > Portals > > Agent > > App > Allow User to Disable GlobalProtect App > Allow with Passcode\n* Network > GlobalProtect > Portals > > Agent > > App > Allow user to disconnect GlobalProtect App > Allow with Passcode\n* Network > GlobalProtect > Portals > > Agent > > App > Allow User to Uninstall GlobalProtect App > Allow with Password"
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Change the following two settings (if enabled) to \"Allow with Ticket\":<br>* Network &gt; GlobalProtect &gt; Portals &gt; &gt; Agent &gt; &gt; App &gt; Allow User to Disable GlobalProtect App<br>* Network &gt; GlobalProtect &gt; Portals &gt; &gt; Agent &gt; &gt; App &gt; Allow user to disconnect GlobalProtect App<br><br>Change the following setting (if enabled) to \"Disallow\":<br>* Network &gt; GlobalProtect &gt; Portals &gt; &gt; Agent &gt; &gt; App &gt; Allow User to Uninstall GlobalProtect App<br>"
}
],
"value": "Change the following two settings (if enabled) to \"Allow with Ticket\":\n* Network > GlobalProtect > Portals > > Agent > > App > Allow User to Disable GlobalProtect App\n* Network > GlobalProtect > Portals > > Agent > > App > Allow user to disconnect GlobalProtect App\n\nChange the following setting (if enabled) to \"Disallow\":\n* Network > GlobalProtect > Portals > > Agent > > App > Allow User to Uninstall GlobalProtect App"
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions. It is also fixed in Prisma Access 10.2.9 and all later Prisma Access versions. To maintain GlobalProtect app functionality for the vulnerable features, we released a corresponding software update for GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.7, GlobalProtect app 6.1.2, and GlobalProtect app 6.2.1, and all later GlobalProtect app versions.<br><br>To maintain the ability for end users to use the uninstall password feature and the disable or disconnect passcode feature, you must ensure that you upgrade all GlobalProtect app deployments to a fixed version before you upgrade your PAN-OS software to a fixed version.<br><br>All fixed versions of GlobalProtect are backwards compatible with vulnerable versions of PAN-OS software. However, fixed versions of PAN-OS software are not backwards compatible with vulnerable versions of GlobalProtect.<br><br>You can find additional information for PAN-204689 here: <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-0-known-and-addressed-issues/pan-os-11-1-0-known-issues\">https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-0-known-and-addressed-issues/pan-os-11-1-0-known-issues</a>\n\nPrisma Access customers can open a support case to request an upgrade.<br>"
}
],
"value": "This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.9, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions. It is also fixed in Prisma Access 10.2.9 and all later Prisma Access versions. To maintain GlobalProtect app functionality for the vulnerable features, we released a corresponding software update for GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.7, GlobalProtect app 6.1.2, and GlobalProtect app 6.2.1, and all later GlobalProtect app versions.\n\nTo maintain the ability for end users to use the uninstall password feature and the disable or disconnect passcode feature, you must ensure that you upgrade all GlobalProtect app deployments to a fixed version before you upgrade your PAN-OS software to a fixed version.\n\nAll fixed versions of GlobalProtect are backwards compatible with vulnerable versions of PAN-OS software. However, fixed versions of PAN-OS software are not backwards compatible with vulnerable versions of GlobalProtect.\n\nYou can find additional information for PAN-204689 here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-0-known-and-addressed-issues/pan-os-11-1-0-known-issues \n\nPrisma Access customers can open a support case to request an upgrade."
}
],
"credits": [
{
"lang": "en",
"value": "Claudiu Pancotan"
}
]
}

196
2024/8xxx/CVE-2024-8688.json
View File

@ -1,18 +1,204 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8688",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-155 Improper Neutralization of Wildcards or Matching Symbols",
"cweId": "CWE-155"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "9.1.15",
"status": "unaffected"
}
],
"lessThan": "9.1.15",
"status": "affected",
"version": "9.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.0.10",
"status": "unaffected"
}
],
"lessThan": "10.0.10",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.1",
"status": "unaffected"
}
],
"lessThan": "10.1.1",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.2.0"
},
{
"status": "unaffected",
"version": "11.0.0"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"status": "unaffected",
"version": "11.2.0"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Cloud NGFW",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Prisma Access",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-8688",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-8688"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"PAN-151792",
"PAN-82874"
],
"discovery": "EXTERNAL"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 9.1.15, PAN-OS 10.0.10, PAN-OS 10.1.1, and all later PAN-OS versions.<br>"
}
],
"value": "This issue is fixed in PAN-OS 9.1.15, PAN-OS 10.0.10, PAN-OS 10.1.1, and all later PAN-OS versions."
}
],
"credits": [
{
"lang": "en",
"value": "Matei \"Mal\" Badanoiu of Deloitte"
},
{
"lang": "en",
"value": "Martin Smid of Palo Alto Networks"
}
]
}

113
2024/8xxx/CVE-2024-8689.json
View File

@ -1,18 +1,121 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8689",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312 Cleartext Storage of Sensitive Information",
"cweId": "CWE-312"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "ActiveMQ Content Pack",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "1.1.15",
"status": "unaffected"
}
],
"lessThan": "1.1.15",
"status": "affected",
"version": "1.1.0",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-8689",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-8689"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"CRTX-105751"
],
"discovery": "EXTERNAL"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in ActiveMQ Content Pack 1.1.15 and all later versions. You can download the content pack from <a target=\"_blank\" rel=\"nofollow\" href=\"https://cortex.marketplace.pan.dev/marketplace/details/ActiveMQ/\">https://cortex.marketplace.pan.dev/marketplace/details/ActiveMQ/</a>.<br><br>You should use new ActiveMQ credentials for ActiveMQ integration only after you upgrade it to a fixed version. You should also revoke the previously existing credentials to prevent the misuse of exposed credentials.<br>"
}
],
"value": "This issue is fixed in ActiveMQ Content Pack 1.1.15 and all later versions. You can download the content pack from https://cortex.marketplace.pan.dev/marketplace/details/ActiveMQ/ .\n\nYou should use new ActiveMQ credentials for ActiveMQ integration only after you upgrade it to a fixed version. You should also revoke the previously existing credentials to prevent the misuse of exposed credentials."
}
],
"credits": [
{
"lang": "en",
"value": "Marcel Maeder of Swisscom (Schweiz) AG"
}
]
}

125
2024/8xxx/CVE-2024-8690.json
View File

@ -1,18 +1,133 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8690",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-440: Expected Behavior Violation",
"cweId": "CWE-440"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "8.5"
},
{
"status": "unaffected",
"version": "8.4"
},
{
"status": "unaffected",
"version": "8.3"
},
{
"status": "unaffected",
"version": "8.3-CE"
},
{
"status": "unaffected",
"version": "8.2"
},
{
"status": "affected",
"version": "7.9.102-CE"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-8690",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-8690"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"CPATR-20644"
],
"discovery": "EXTERNAL"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions.<br>"
}
],
"value": "This issue is fixed in Cortex XDR Agent 8.2, and all later Cortex XDR Agent versions."
}
],
"credits": [
{
"lang": "en",
"value": "Ayman Sagy of CyberCX"
}
]
}

180
2024/8xxx/CVE-2024-8691.json
View File

@ -1,18 +1,188 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8691",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "9.1.17",
"status": "unaffected"
}
],
"lessThan": "9.1.17",
"status": "affected",
"version": "9.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.11",
"status": "unaffected"
}
],
"lessThan": "10.1.11",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.2.0"
},
{
"status": "unaffected",
"version": "11.0.0"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"status": "unaffected",
"version": "11.2.0"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Cloud NGFW",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Prisma Access",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-8691",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-8691"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"PAN-219031",
"PAN-192893"
],
"discovery": "EXTERNAL"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 9.1.17, PAN-OS 10.1.11, and all later PAN-OS versions.<br>"
}
],
"value": "This issue is fixed in PAN-OS 9.1.17, PAN-OS 10.1.11, and all later PAN-OS versions."
}
],
"credits": [
{
"lang": "en",
"value": "Claudiu Pancotan"
}
]
}

18
2024/8xxx/CVE-2024-8704.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8704",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8705.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8705",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8706.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8706",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8707.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8707",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8708.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8708",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8709.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8709",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8710.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8710",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8711.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8711",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8712.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8712",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8713.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8713",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8714.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8714",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}