admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-12 17:00:36 +00:00
parent e6afb8fa03
commit f3a19a0c17
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
28 changed files with 2064 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2024/22xxx/CVE-2024-22855.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22855",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-22855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.exploit-db.com/exploits/52025",
"url": "https://www.exploit-db.com/exploits/52025"
}
]
}

2
2024/28xxx/CVE-2024-28021.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message \nqueueing mechanism\u2019s certificate validation. If exploited an at\u0002tacker could spoof a trusted entity causing a loss of confidentiality \nand integrity."
"value": "A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message \nqueueing mechanism\u2019s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality \nand integrity."
}
]
},

2
2024/28xxx/CVE-2024-28023.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in the message queueing mechanism that if \nexploited can lead to the exposure of resources or functionality to \nunintended actors, possibly providing attackers with sensitive infor\u0002mation or even execute arbitrary code."
"value": "A vulnerability exists in the message queueing mechanism that if \nexploited can lead to the exposure of resources or functionality to \nunintended actors, possibly providing attackers with sensitive information or even execute arbitrary code."
}
]
},

2
2024/28xxx/CVE-2024-28024.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is \nstored in cleartext within a resource that might be accessible to an\u0002other control sphere."
"value": "A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is \nstored in cleartext within a resource that might be accessible to another control sphere."
}
]
},

133
2024/37xxx/CVE-2024-37036.json
View File

@ -1,17 +1,142 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37036",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass\nwhen sending a malformed POST request and particular configuration parameters are set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schneider Electric",
"product": {
"product_data": [
{
"product_name": "Sage 1410",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 1430",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 1450",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 2400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 3030 Magnum",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 4400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf",
"refsource": "MISC",
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

133
2024/37xxx/CVE-2024-37037.json
View File

@ -1,17 +1,142 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37037",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u2018Path\nTraversal\u2019) vulnerability exists that could allow an authenticated user with access to the device\u2019s\nweb interface to corrupt files and impact device functionality when sending a crafted HTTP\nrequest."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schneider Electric",
"product": {
"product_data": [
{
"product_name": "Sage 1410",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 1430",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 1450",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 2400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 3030 Magnum",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 4400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf",
"refsource": "MISC",
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
]
}

133
2024/37xxx/CVE-2024-37038.json
View File

@ -1,17 +1,142 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37038",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated\nuser with access to the device\u2019s web interface to perform unauthorized file and firmware\nuploads when crafting custom web requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schneider Electric",
"product": {
"product_data": [
{
"product_name": "Sage 1410",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 1430",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 1450",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 2400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 3030 Magnum",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 4400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf",
"refsource": "MISC",
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

133
2024/37xxx/CVE-2024-37039.json
View File

@ -1,17 +1,142 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37039",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the\ndevice when an attacker sends a specially crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-252 Unchecked Return Value",
"cweId": "CWE-252"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schneider Electric",
"product": {
"product_data": [
{
"product_name": "Sage 1410",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 1430",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 1450",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 2400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 3030 Magnum",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 4400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf",
"refsource": "MISC",
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

133
2024/37xxx/CVE-2024-37040.json
View File

@ -1,17 +1,142 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37040",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u2018Classic Buffer Overflow\u2019) vulnerability\nexists that could allow a user with access to the device\u2019s web interface to cause a fault on the\ndevice when sending a malformed HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schneider Electric",
"product": {
"product_data": [
{
"product_name": "Sage 1410",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 1430",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 1450",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 2400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 3030 Magnum",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 4400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf",
"refsource": "MISC",
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

56
2024/37xxx/CVE-2024-37878.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37878",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-37878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php\" PHP directly echoes parameters input from external sources"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://gist.github.com/sylvieverykawaii/243f1756151bee027725c6961d8c1ba9",
"url": "https://gist.github.com/sylvieverykawaii/243f1756151bee027725c6961d8c1ba9"
}
]
}

18
2024/38xxx/CVE-2024-38279.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38279",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/38xxx/CVE-2024-38280.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38280",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/38xxx/CVE-2024-38281.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38281",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/38xxx/CVE-2024-38282.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38282",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/38xxx/CVE-2024-38283.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38283",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/38xxx/CVE-2024-38284.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38284",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/38xxx/CVE-2024-38285.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38285",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/38xxx/CVE-2024-38286.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38286",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

89
2024/5xxx/CVE-2024-5557.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5557",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause\nexposure of SNMP credentials when an attacker has access to the controller logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schneider Electric",
"product": {
"product_data": [
{
"product_name": "SpaceLogic AS-P",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V5.0.3 and prior"
}
]
}
},
{
"product_name": "SpaceLogic AS-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V5.0.3 and prior"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf",
"refsource": "MISC",
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

89
2024/5xxx/CVE-2024-5558.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5558",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could\ncause escalation of privileges when an attacker abuses a limited admin account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"cweId": "CWE-367"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schneider Electric",
"product": {
"product_data": [
{
"product_name": "SpaceLogic AS-P",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V5.0.3 and prior"
}
]
}
},
{
"product_name": "SpaceLogic AS-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V5.0.3 and prior"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf",
"refsource": "MISC",
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

133
2024/5xxx/CVE-2024-5560.json
View File

@ -1,17 +1,142 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5560",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@schneider-electric.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the\ndevice\u2019s web interface when an attacker sends a specially crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schneider Electric",
"product": {
"product_data": [
{
"product_name": "Sage 1410",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 1430",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 1450",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 2400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 3030 Magnum",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
},
{
"product_name": "Sage 4400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions C3414-500-S02K5_P8 and prior"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf",
"refsource": "MISC",
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

108
2024/5xxx/CVE-2024-5759.json
View File

@ -1,17 +1,117 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5759",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenable",
"product": {
"product_data": [
{
"product_name": "Security Center",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "6.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.tenable.com/security/tns-2024-10",
"refsource": "MISC",
"name": "https://www.tenable.com/security/tns-2024-10"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TNS-2024-10",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nTenable has released Security Center 6.4.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/security-center\">https://www.tenable.com/downloads/security-center</a>\n\n<br>"
}
],
"value": "Tenable has released Security Center 6.4.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/security-center"
}
],
"credits": [
{
"lang": "en",
"value": "Anggi Saputra"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
]
}

100
2024/5xxx/CVE-2024-5898.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5898",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file print_payroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268142 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in itsourcecode Payroll Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei print_payroll.php. Mittels Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "itsourcecode",
"product": {
"product_data": [
{
"product_name": "Payroll Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.268142",
"refsource": "MISC",
"name": "https://vuldb.com/?id.268142"
},
{
"url": "https://vuldb.com/?ctiid.268142",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.268142"
},
{
"url": "https://vuldb.com/?submit.354926",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.354926"
},
{
"url": "https://github.com/guiyxli/cve/issues/1",
"refsource": "MISC",
"name": "https://github.com/guiyxli/cve/issues/1"
}
]
},
"credits": [
{
"lang": "en",
"value": "netcat (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

145
2024/5xxx/CVE-2024-5905.json
View File

@ -1,18 +1,153 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5905",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346 Origin Validation Error",
"cweId": "CWE-346"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.1.2",
"status": "unaffected"
}
],
"lessThan": "8.1.2",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.2.1",
"status": "unaffected"
}
],
"lessThan": "8.2.1",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3.0"
},
{
"status": "unaffected",
"version": "8.4.0"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-5905",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-5905"
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"source": {
"defect": [
"CPATR-21727"
],
"discovery": "EXTERNAL"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.</p>"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
]
}

113
2024/5xxx/CVE-2024-5906.json
View File

@ -1,18 +1,121 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5906",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "Prisma Cloud Compute",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "32.05 (O\u2019Neal - Update 5)",
"status": "unaffected"
}
],
"lessThan": "32.05 (O\u2019Neal - Update 5)",
"status": "affected",
"version": "32",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-5906",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-5906"
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"source": {
"defect": [
"CWP-56273"
],
"discovery": "EXTERNAL"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>This issue is fixed in Prisma Cloud Compute 32.05 (O'Neal - Update 5) and all later versions.</p>"
}
],
"value": "This issue is fixed in Prisma Cloud Compute 32.05 (O'Neal - Update 5) and all later versions."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Tomasz Stachowicz for discovering and reporting this issue."
}
]
}

145
2024/5xxx/CVE-2024-5907.json
View File

@ -1,18 +1,153 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5907",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.1.0"
},
{
"changes": [
{
"at": "8.2.3",
"status": "unaffected"
}
],
"lessThan": "8.2.3",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.3.1",
"status": "unaffected"
}
],
"lessThan": "8.3.1",
"status": "affected",
"version": "8.3.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.4.0"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-5907",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-5907"
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"source": {
"defect": [
"CPATR-23348"
],
"discovery": "EXTERNAL"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.</p>"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Orange Cyberdefense Switzerland's Research Team for discovering and reporting this issue."
}
]
}

149
2024/5xxx/CVE-2024-5908.json
View File

@ -1,18 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5908",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "5.1.12",
"status": "unaffected"
}
],
"lessThan": "5.1.12",
"status": "affected",
"version": "5.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.0.8",
"status": "unaffected"
}
],
"lessThan": "6.0.8",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.1.3",
"status": "unaffected"
}
],
"lessThan": "6.1.3",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "6.2.3",
"status": "unaffected"
}
],
"lessThan": "6.2.3",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-5908",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-5908"
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"source": {
"defect": [
"GPC-18597"
],
"discovery": "EXTERNAL"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.3, GlobalProtect app 6.2.3, and all later GlobalProtect app versions.</p><p>Customers looking to protect against the impact of this encrypted password disclosure should first delete PanGPS.log files from the GlobalProtect installation directory on all endpoints and then force a rotation of user passwords that are used to connect to GlobalProtect.</p>"
}
],
"value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.3, GlobalProtect app 6.2.3, and all later GlobalProtect app versions.\n\nCustomers looking to protect against the impact of this encrypted password disclosure should first delete PanGPS.log files from the GlobalProtect installation directory on all endpoints and then force a rotation of user passwords that are used to connect to GlobalProtect."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Denis Faiustov and Ruslan Sayfiev of GMO Cybersecurity by IERAE for discovering and reporting this issue."
}
]
}

146
2024/5xxx/CVE-2024-5909.json
View File

@ -1,18 +1,154 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5909",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "8.4.0"
},
{
"status": "unaffected",
"version": "8.3.0"
},
{
"changes": [
{
"at": "8.2.1",
"status": "unaffected"
}
],
"lessThan": "8.2.1",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.1.2",
"status": "unaffected"
}
],
"lessThan": "8.1.2",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-5909",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-5909"
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"source": {
"defect": [
"CPATR-21835",
"CPATR-21826"
],
"discovery": "EXTERNAL"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.</p>"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
}
]
}