From f65d2956dab9e4839e7f8a60f0c90dc5dd3e5696 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 25 Jan 2024 23:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/36xxx/CVE-2023-36851.json | 37 +++++-- 2023/4xxx/CVE-2023-4001.json | 10 +- 2024/0xxx/CVE-2024-0646.json | 13 --- 2024/0xxx/CVE-2024-0889.json | 95 +++++++++++++++++- 2024/0xxx/CVE-2024-0890.json | 95 +++++++++++++++++- 2024/0xxx/CVE-2024-0891.json | 95 +++++++++++++++++- 2024/0xxx/CVE-2024-0914.json | 18 ++++ 2024/0xxx/CVE-2024-0915.json | 18 ++++ 2024/21xxx/CVE-2024-21619.json | 176 ++++++++++++++++++++++++++++++++- 2024/21xxx/CVE-2024-21620.json | 167 ++++++++++++++++++++++++++++++- 2024/24xxx/CVE-2024-24585.json | 18 ++++ 2024/24xxx/CVE-2024-24586.json | 18 ++++ 2024/24xxx/CVE-2024-24587.json | 18 ++++ 2024/24xxx/CVE-2024-24588.json | 18 ++++ 2024/24xxx/CVE-2024-24589.json | 18 ++++ 2024/24xxx/CVE-2024-24590.json | 18 ++++ 2024/24xxx/CVE-2024-24591.json | 18 ++++ 2024/24xxx/CVE-2024-24592.json | 18 ++++ 2024/24xxx/CVE-2024-24593.json | 18 ++++ 2024/24xxx/CVE-2024-24594.json | 18 ++++ 2024/24xxx/CVE-2024-24595.json | 18 ++++ 2024/24xxx/CVE-2024-24596.json | 18 ++++ 2024/24xxx/CVE-2024-24597.json | 18 ++++ 2024/24xxx/CVE-2024-24598.json | 18 ++++ 2024/24xxx/CVE-2024-24599.json | 18 ++++ 25 files changed, 950 insertions(+), 44 deletions(-) create mode 100644 2024/0xxx/CVE-2024-0914.json create mode 100644 2024/0xxx/CVE-2024-0915.json create mode 100644 2024/24xxx/CVE-2024-24585.json create mode 100644 2024/24xxx/CVE-2024-24586.json create mode 100644 2024/24xxx/CVE-2024-24587.json create mode 100644 2024/24xxx/CVE-2024-24588.json create mode 100644 2024/24xxx/CVE-2024-24589.json create mode 100644 2024/24xxx/CVE-2024-24590.json create mode 100644 2024/24xxx/CVE-2024-24591.json create mode 100644 2024/24xxx/CVE-2024-24592.json create mode 100644 2024/24xxx/CVE-2024-24593.json create mode 100644 2024/24xxx/CVE-2024-24594.json create mode 100644 2024/24xxx/CVE-2024-24595.json create mode 100644 2024/24xxx/CVE-2024-24596.json create mode 100644 2024/24xxx/CVE-2024-24597.json create mode 100644 2024/24xxx/CVE-2024-24598.json create mode 100644 2024/24xxx/CVE-2024-24599.json diff --git a/2023/36xxx/CVE-2023-36851.json b/2023/36xxx/CVE-2023-36851.json index 2dfc2c881d0..63550c9f590 100644 --- a/2023/36xxx/CVE-2023-36851.json +++ b/2023/36xxx/CVE-2023-36851.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to \n\nwebauth_operation.php\n\nthat doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain\u00a0part of the\u00a0file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * 22.4 versions prior to 22,4R2-S2, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\n" + "value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to \n\nwebauth_operation.php\n\nthat doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of \n\nintegrity\u00a0or confidentiality, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * \n\n21.2 versions prior to 21.2R3-S8;\n * 21.4 \n\nversions prior to \n\n21.4R3-S6;\n * 22.1 \n\nversions prior to \n\n22.1R3-S5;\n * 22.2 \n\nversions prior to \n\n22.2R3-S3;\n * 22.3 \n\nversions prior to \n\n22.3R3-S2;\n * 22.4 versions prior to 22,4R2-S2, 22.4R3;\n * 23.2 versions prior to \n\n23.2R1-S2,\u00a023.2R2.\n\n\n" } ] }, @@ -41,13 +41,38 @@ "version_data": [ { "version_affected": "<", - "version_name": "22.4R1", + "version_name": "21.2", + "version_value": "21.2R3-S8" + }, + { + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4R3-S6" + }, + { + "version_affected": "<", + "version_name": "22.1", + "version_value": "22.1R3-S5" + }, + { + "version_affected": "<", + "version_name": "22.2", + "version_value": "22.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "22.3", + "version_value": "22.3R3-S2" + }, + { + "version_affected": "<", + "version_name": "22.4", "version_value": "22.4R2-S2, 22.4R3" }, { "version_affected": "<", "version_name": "23.2", - "version_value": "23.2R2" + "version_value": "23.2R1-S2, 23.2R2" } ] } @@ -123,16 +148,16 @@ { "base64": false, "type": "text/html", - "value": "The following software releases have been updated to resolve this specific issue: 22.4R2-S2*, 22.4R3*, 23.2R2*, 23.4R1*, and all subsequent releases.
*Pending Publication
" + "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8*, 21.4R3-S6*, 22.1R3-S5*, 22.2R3-S3*, 22.3R3-S2*, 22.4R2-S2, 22.4R3*, 23.2R1-S2, 23.2R2*, 23.4R1, and all subsequent releases.
*Pending Publication
" } ], - "value": "The following software releases have been updated to resolve this specific issue:\u00a022.4R2-S2*,\u00a022.4R3*,\u00a023.2R2*,\u00a023.4R1*,\u00a0and all subsequent releases.\n*Pending Publication\n" + "value": "The following software releases have been updated to resolve this specific issue:\u00a021.2R3-S8*, 21.4R3-S6*, 22.1R3-S5*, 22.2R3-S3*, 22.3R3-S2*, 22.4R2-S2, 22.4R3*, 23.2R1-S2, 23.2R2*, 23.4R1,\u00a0and all subsequent releases.\n*Pending Publication\n" } ], "credits": [ { "lang": "en", - "value": "watchtowr" + "value": "The Juniper SIRT would like to acknowledge and thank watchtowr for responsibly reporting this vulnerability." } ], "impact": { diff --git a/2023/4xxx/CVE-2023-4001.json b/2023/4xxx/CVE-2023-4001.json index 07b5915d098..ede7f8c3dec 100644 --- a/2023/4xxx/CVE-2023-4001.json +++ b/2023/4xxx/CVE-2023-4001.json @@ -205,17 +205,17 @@ "impact": { "cvss": [ { - "attackComplexity": "HIGH", + "attackComplexity": "LOW", "attackVector": "PHYSICAL", - "availabilityImpact": "NONE", - "baseScore": 5.6, + "availabilityImpact": "HIGH", + "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "privilegesRequired": "LOW", + "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ] diff --git a/2024/0xxx/CVE-2024-0646.json b/2024/0xxx/CVE-2024-0646.json index 421df455496..4c493754390 100644 --- a/2024/0xxx/CVE-2024-0646.json +++ b/2024/0xxx/CVE-2024-0646.json @@ -134,19 +134,6 @@ } ] } - }, - { - "product_name": "Red Hat Virtualization 4", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - } - ] - } } ] } diff --git a/2024/0xxx/CVE-2024-0889.json b/2024/0xxx/CVE-2024-0889.json index 37bb390349f..1fe29120a5a 100644 --- a/2024/0xxx/CVE-2024-0889.json +++ b/2024/0xxx/CVE-2024-0889.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0889", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as problematic. This issue affects some unknown processing of the component PASV Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252041 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Kmint21 Golden FTP Server 2.02b gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Komponente PASV Command Handler. Durch das Beeinflussen mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-404 Denial of Service", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kmint21", + "product": { + "product_data": [ + { + "product_name": "Golden FTP Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.02b" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.252041", + "refsource": "MISC", + "name": "https://vuldb.com/?id.252041" + }, + { + "url": "https://vuldb.com/?ctiid.252041", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.252041" + }, + { + "url": "https://packetstormsecurity.com/files/176661/Golden-FTP-Server-2.02b-Denial-Of-Service.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/176661/Golden-FTP-Server-2.02b-Denial-Of-Service.html" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "fernando.mengali (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ] } diff --git a/2024/0xxx/CVE-2024-0890.json b/2024/0xxx/CVE-2024-0890.json index 5f26dd46611..6dcd0539108 100644 --- a/2024/0xxx/CVE-2024-0890.json +++ b/2024/0xxx/CVE-2024-0890.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0890", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-252042 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in hongmaple octopus 1.0 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /system/dept/edit. Durch Beeinflussen des Arguments ancestors mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "hongmaple", + "product": { + "product_data": [ + { + "product_name": "octopus", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.252042", + "refsource": "MISC", + "name": "https://vuldb.com/?id.252042" + }, + { + "url": "https://vuldb.com/?ctiid.252042", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.252042" + }, + { + "url": "https://github.com/biantaibao/octopus_SQL2/blob/main/report.md", + "refsource": "MISC", + "name": "https://github.com/biantaibao/octopus_SQL2/blob/main/report.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "biantaibao (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/0xxx/CVE-2024-0891.json b/2024/0xxx/CVE-2024-0891.json index 2b54b938472..10ab3ab0140 100644 --- a/2024/0xxx/CVE-2024-0891.json +++ b/2024/0xxx/CVE-2024-0891.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0891", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-252043." + }, + { + "lang": "deu", + "value": "In hongmaple octopus 1.0 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion. Dank der Manipulation des Arguments description mit der Eingabe mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "hongmaple", + "product": { + "product_data": [ + { + "product_name": "octopus", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.252043", + "refsource": "MISC", + "name": "https://vuldb.com/?id.252043" + }, + { + "url": "https://vuldb.com/?ctiid.252043", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.252043" + }, + { + "url": "https://github.com/biantaibao/octopus_XSS/blob/main/report.md", + "refsource": "MISC", + "name": "https://github.com/biantaibao/octopus_XSS/blob/main/report.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "biantaibao (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2024/0xxx/CVE-2024-0914.json b/2024/0xxx/CVE-2024-0914.json new file mode 100644 index 00000000000..6b451d8996c --- /dev/null +++ b/2024/0xxx/CVE-2024-0914.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0914", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/0xxx/CVE-2024-0915.json b/2024/0xxx/CVE-2024-0915.json new file mode 100644 index 00000000000..0bfbd62205b --- /dev/null +++ b/2024/0xxx/CVE-2024-0915.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-0915", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/21xxx/CVE-2024-21619.json b/2024/21xxx/CVE-2024-21619.json index 534ee4d0a73..833b693696f 100644 --- a/2024/21xxx/CVE-2024-21619.json +++ b/2024/21xxx/CVE-2024-21619.json @@ -1,17 +1,185 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@juniper.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information.\n\nWhen a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information.\n\nThis issue affects Juniper Networks Junos OS on SRX Series and EX Series:\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S5;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-209 Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Juniper Networks", + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "20.4R3-S9" + }, + { + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R3-S7" + }, + { + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R3-S5" + }, + { + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4R3-S6" + }, + { + "version_affected": "<", + "version_name": "22.1", + "version_value": "22.1R3-S5" + }, + { + "version_affected": "<", + "version_name": "22.2", + "version_value": "22.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "22.3", + "version_value": "22.3R3-S2" + }, + { + "version_affected": "<", + "version_name": "22.4", + "version_value": "22.4R3" + }, + { + "version_affected": "<", + "version_name": "23.2", + "version_value": "23.2R1-S2, 23.2R2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://supportportal.juniper.net/JSA76390", + "refsource": "MISC", + "name": "https://supportportal.juniper.net/JSA76390" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-av217" + }, + "source": { + "defect": [ + "1763260" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Disable J-Web, or limit access to only trusted hosts.

" + } + ], + "value": "Disable J-Web, or limit access to only trusted hosts.\n\n" + } + ], + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

" + } + ], + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

The following software releases have been updated to resolve this specific issue: 20.4R3-S9, 21.2R3-S7*, 21.3R3-S5, 21.4R3-S6*, 22.1R3-S5*, 22.2R3-S3*, 22.3R3-S2*, 22.4R2-S2, 22.4R3*, 23.2R1-S2, 23.2R2*, 23.4R1, and all subsequent releases.

*Pending Publication

" + } + ], + "value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S9, 21.2R3-S7*, 21.3R3-S5, 21.4R3-S6*, 22.1R3-S5*, 22.2R3-S3*, 22.3R3-S2*, 22.4R2-S2, 22.4R3*, 23.2R1-S2, 23.2R2*, 23.4R1, and all subsequent releases.\n\n*Pending Publication\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "The Juniper SIRT would like to acknowledge and thank watchtowr for responsibly reporting this vulnerability." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/21xxx/CVE-2024-21620.json b/2024/21xxx/CVE-2024-21620.json index 1c812753c0b..010ff59c55d 100644 --- a/2024/21xxx/CVE-2024-21620.json +++ b/2024/21xxx/CVE-2024-21620.json @@ -1,17 +1,176 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21620", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@juniper.net", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator.\n\nA specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives.\n\nThis issue affects Juniper Networks Junos OS on SRX Series and EX Series:\n * All versions earlier than 20.4R3-S10;\n * 21.2 versions earlier than 21.2R3-S8;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S5;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3-S1;\n * 23.2 versions earlier than 23.2R2;\n * 23.4 versions earlier than 23.4R2.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Juniper Networks", + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "20.4R3-S10" + }, + { + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R3-S8" + }, + { + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4R3-S6" + }, + { + "version_affected": "<", + "version_name": "22.1", + "version_value": "22.1R3-S5" + }, + { + "version_affected": "<", + "version_name": "22.2", + "version_value": "22.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "22.3", + "version_value": "22.3R3-S2" + }, + { + "version_affected": "<", + "version_name": "22.4", + "version_value": "22.4R3-S1" + }, + { + "version_affected": "<", + "version_name": "23.2", + "version_value": "23.2R2" + }, + { + "version_affected": "<", + "version_name": "23.4", + "version_value": "23.4R2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://supportportal.juniper.net/JSA76390", + "refsource": "MISC", + "name": "https://supportportal.juniper.net/JSA76390" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-av217" + }, + "source": { + "defect": [ + "1779376" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Disable J-Web, or limit access to only trusted hosts and users.

" + } + ], + "value": "Disable J-Web, or limit access to only trusted hosts and users.\n\n" + } + ], + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

" + } + ], + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

The following software releases have been updated to resolve this specific issue: 20.4R3-S10*, 21.2R3-S8*, 21.4R3-S6*, 22.1R3-S5*, 22.2R3-S3*, 22.3R3-S2*, 22.4R3-S1*, 23.2R2*, 23.4R2*, 24.2R1*, and all subsequent releases.

* Pending Publication

" + } + ], + "value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S10*, 21.2R3-S8*, 21.4R3-S6*, 22.1R3-S5*, 22.2R3-S3*, 22.3R3-S2*, 22.4R3-S1*, 23.2R2*, 23.4R2*, 24.2R1*, and all subsequent releases.\n\n* Pending Publication\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "The Juniper SIRT would like to acknowledge and thank watchtowr for responsibly reporting this vulnerability." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/24xxx/CVE-2024-24585.json b/2024/24xxx/CVE-2024-24585.json new file mode 100644 index 00000000000..0ffd5fe7bc8 --- /dev/null +++ b/2024/24xxx/CVE-2024-24585.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24585", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24586.json b/2024/24xxx/CVE-2024-24586.json new file mode 100644 index 00000000000..8cba15a5525 --- /dev/null +++ b/2024/24xxx/CVE-2024-24586.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24586", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24587.json b/2024/24xxx/CVE-2024-24587.json new file mode 100644 index 00000000000..102ac7719c1 --- /dev/null +++ b/2024/24xxx/CVE-2024-24587.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24587", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24588.json b/2024/24xxx/CVE-2024-24588.json new file mode 100644 index 00000000000..429325fd257 --- /dev/null +++ b/2024/24xxx/CVE-2024-24588.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24588", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24589.json b/2024/24xxx/CVE-2024-24589.json new file mode 100644 index 00000000000..38c28842dda --- /dev/null +++ b/2024/24xxx/CVE-2024-24589.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24589", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24590.json b/2024/24xxx/CVE-2024-24590.json new file mode 100644 index 00000000000..f8e7e359718 --- /dev/null +++ b/2024/24xxx/CVE-2024-24590.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24590", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24591.json b/2024/24xxx/CVE-2024-24591.json new file mode 100644 index 00000000000..e80031acdfb --- /dev/null +++ b/2024/24xxx/CVE-2024-24591.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24591", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24592.json b/2024/24xxx/CVE-2024-24592.json new file mode 100644 index 00000000000..593a58902a2 --- /dev/null +++ b/2024/24xxx/CVE-2024-24592.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24592", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24593.json b/2024/24xxx/CVE-2024-24593.json new file mode 100644 index 00000000000..227c56087c1 --- /dev/null +++ b/2024/24xxx/CVE-2024-24593.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24593", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24594.json b/2024/24xxx/CVE-2024-24594.json new file mode 100644 index 00000000000..62e49228087 --- /dev/null +++ b/2024/24xxx/CVE-2024-24594.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24594", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24595.json b/2024/24xxx/CVE-2024-24595.json new file mode 100644 index 00000000000..95fb14aa2bb --- /dev/null +++ b/2024/24xxx/CVE-2024-24595.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24595", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24596.json b/2024/24xxx/CVE-2024-24596.json new file mode 100644 index 00000000000..a875d90ca31 --- /dev/null +++ b/2024/24xxx/CVE-2024-24596.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24596", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24597.json b/2024/24xxx/CVE-2024-24597.json new file mode 100644 index 00000000000..10f4308f8a8 --- /dev/null +++ b/2024/24xxx/CVE-2024-24597.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24597", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24598.json b/2024/24xxx/CVE-2024-24598.json new file mode 100644 index 00000000000..3b05934577a --- /dev/null +++ b/2024/24xxx/CVE-2024-24598.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24598", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/24xxx/CVE-2024-24599.json b/2024/24xxx/CVE-2024-24599.json new file mode 100644 index 00000000000..85768095500 --- /dev/null +++ b/2024/24xxx/CVE-2024-24599.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24599", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file