From c8cd97fa58979925d126045572111da4e0904c19 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 25 Jan 2025 15:03:46 +0000 Subject: [PATCH] Auto-Update: 2025-01-25T15:00:19.952095+00:00 --- CVE-2023/CVE-2023-380xx/CVE-2023-38012.json | 56 +++++++++++++++++++++ CVE-2023/CVE-2023-380xx/CVE-2023-38013.json | 56 +++++++++++++++++++++ CVE-2023/CVE-2023-382xx/CVE-2023-38271.json | 56 +++++++++++++++++++++ CVE-2023/CVE-2023-387xx/CVE-2023-38713.json | 56 +++++++++++++++++++++ CVE-2023/CVE-2023-387xx/CVE-2023-38714.json | 56 +++++++++++++++++++++ CVE-2023/CVE-2023-387xx/CVE-2023-38716.json | 56 +++++++++++++++++++++ CVE-2024/CVE-2024-351xx/CVE-2024-35111.json | 56 +++++++++++++++++++++ CVE-2024/CVE-2024-351xx/CVE-2024-35112.json | 56 +++++++++++++++++++++ CVE-2024/CVE-2024-351xx/CVE-2024-35113.json | 56 +++++++++++++++++++++ CVE-2024/CVE-2024-351xx/CVE-2024-35114.json | 56 +++++++++++++++++++++ CVE-2024/CVE-2024-351xx/CVE-2024-35134.json | 56 +++++++++++++++++++++ CVE-2024/CVE-2024-397xx/CVE-2024-39750.json | 56 +++++++++++++++++++++ README.md | 21 ++++++-- _state.csv | 14 +++++- 14 files changed, 701 insertions(+), 6 deletions(-) create mode 100644 CVE-2023/CVE-2023-380xx/CVE-2023-38012.json create mode 100644 CVE-2023/CVE-2023-380xx/CVE-2023-38013.json create mode 100644 CVE-2023/CVE-2023-382xx/CVE-2023-38271.json create mode 100644 CVE-2023/CVE-2023-387xx/CVE-2023-38713.json create mode 100644 CVE-2023/CVE-2023-387xx/CVE-2023-38714.json create mode 100644 CVE-2023/CVE-2023-387xx/CVE-2023-38716.json create mode 100644 CVE-2024/CVE-2024-351xx/CVE-2024-35111.json create mode 100644 CVE-2024/CVE-2024-351xx/CVE-2024-35112.json create mode 100644 CVE-2024/CVE-2024-351xx/CVE-2024-35113.json create mode 100644 CVE-2024/CVE-2024-351xx/CVE-2024-35114.json create mode 100644 CVE-2024/CVE-2024-351xx/CVE-2024-35134.json create mode 100644 CVE-2024/CVE-2024-397xx/CVE-2024-39750.json diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38012.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38012.json new file mode 100644 index 00000000000..6596efa273a --- /dev/null +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38012.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2023-38012", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-01-25T14:15:27.337", + "lastModified": "2025-01-25T14:15:27.337", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7148474", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38013.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38013.json new file mode 100644 index 00000000000..188bc815a0f --- /dev/null +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38013.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2023-38013", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-01-25T14:15:27.977", + "lastModified": "2025-01-25T14:15:27.977", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-201" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7159533", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38271.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38271.json new file mode 100644 index 00000000000..30723e6e8b9 --- /dev/null +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38271.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2023-38271", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-01-25T14:15:28.123", + "lastModified": "2025-01-25T14:15:28.123", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could allow an authenticated user to obtain sensitive information from log files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7159533", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38713.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38713.json new file mode 100644 index 00000000000..a15ffda6a9f --- /dev/null +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38713.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2023-38713", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-01-25T14:15:28.273", + "lastModified": "2025-01-25T14:15:28.273", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could disclose sensitive information about the system that could aid in further attacks against the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7159533", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38714.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38714.json new file mode 100644 index 00000000000..02a9fa4f480 --- /dev/null +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38714.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2023-38714", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-01-25T14:15:28.437", + "lastModified": "2025-01-25T14:15:28.437", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1\u00a0could disclose sensitive information about the system that could aid in further attacks against the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7159533", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38716.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38716.json new file mode 100644 index 00000000000..e50d7c3ef61 --- /dev/null +++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38716.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2023-38716", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-01-25T14:15:28.580", + "lastModified": "2025-01-25T14:15:28.580", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7148474", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35111.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35111.json new file mode 100644 index 00000000000..5ef8666b9f8 --- /dev/null +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35111.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-35111", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-01-25T14:15:28.747", + "lastModified": "2025-01-25T14:15:28.747", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7174806", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35112.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35112.json new file mode 100644 index 00000000000..4e517dfb673 --- /dev/null +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35112.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-35112", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-01-25T14:15:28.910", + "lastModified": "2025-01-25T14:15:28.910", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Control Center 6.2.1 and 6.3.1 \n\ncould allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7174794", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35113.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35113.json new file mode 100644 index 00000000000..fbb2d21dc01 --- /dev/null +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35113.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-35113", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-01-25T14:15:29.077", + "lastModified": "2025-01-25T14:15:29.077", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Control Center 6.2.1 and 6.3.1 \n\n\n\ncould allow an authenticated user to obtain sensitive information exposed through a directory listing." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-548" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7174796", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35114.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35114.json new file mode 100644 index 00000000000..7657e8ddc8d --- /dev/null +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35114.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-35114", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-01-25T14:15:29.233", + "lastModified": "2025-01-25T14:15:29.233", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Control Center 6.2.1 and 6.3.1 \n\n\n\n\n\ncould allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-204" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7174842", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35134.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35134.json new file mode 100644 index 00000000000..72760fede0b --- /dev/null +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35134.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-35134", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-01-25T14:15:29.377", + "lastModified": "2025-01-25T14:15:29.377", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7172787", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-397xx/CVE-2024-39750.json b/CVE-2024/CVE-2024-397xx/CVE-2024-39750.json new file mode 100644 index 00000000000..610b97ea270 --- /dev/null +++ b/CVE-2024/CVE-2024-397xx/CVE-2024-39750.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-39750", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2025-01-25T14:15:29.517", + "lastModified": "2025-01-25T14:15:29.517", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7172787", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 32048e3b3a1..8c315305a57 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-25T13:00:19.817590+00:00 +2025-01-25T15:00:19.952095+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-25T12:15:26.570000+00:00 +2025-01-25T14:15:29.517000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -278960 +278972 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `12` -- [CVE-2024-13562](CVE-2024/CVE-2024-135xx/CVE-2024-13562.json) (`2025-01-25T12:15:26.570`) +- [CVE-2023-38012](CVE-2023/CVE-2023-380xx/CVE-2023-38012.json) (`2025-01-25T14:15:27.337`) +- [CVE-2023-38013](CVE-2023/CVE-2023-380xx/CVE-2023-38013.json) (`2025-01-25T14:15:27.977`) +- [CVE-2023-38271](CVE-2023/CVE-2023-382xx/CVE-2023-38271.json) (`2025-01-25T14:15:28.123`) +- [CVE-2023-38713](CVE-2023/CVE-2023-387xx/CVE-2023-38713.json) (`2025-01-25T14:15:28.273`) +- [CVE-2023-38714](CVE-2023/CVE-2023-387xx/CVE-2023-38714.json) (`2025-01-25T14:15:28.437`) +- [CVE-2023-38716](CVE-2023/CVE-2023-387xx/CVE-2023-38716.json) (`2025-01-25T14:15:28.580`) +- [CVE-2024-35111](CVE-2024/CVE-2024-351xx/CVE-2024-35111.json) (`2025-01-25T14:15:28.747`) +- [CVE-2024-35112](CVE-2024/CVE-2024-351xx/CVE-2024-35112.json) (`2025-01-25T14:15:28.910`) +- [CVE-2024-35113](CVE-2024/CVE-2024-351xx/CVE-2024-35113.json) (`2025-01-25T14:15:29.077`) +- [CVE-2024-35114](CVE-2024/CVE-2024-351xx/CVE-2024-35114.json) (`2025-01-25T14:15:29.233`) +- [CVE-2024-35134](CVE-2024/CVE-2024-351xx/CVE-2024-35134.json) (`2025-01-25T14:15:29.377`) +- [CVE-2024-39750](CVE-2024/CVE-2024-397xx/CVE-2024-39750.json) (`2025-01-25T14:15:29.517`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 1a0e65afdc6..f77f067fca6 100644 --- a/_state.csv +++ b/_state.csv @@ -229423,6 +229423,8 @@ CVE-2023-38001,0,0,59813676e2bd0245d088be67c0815fc9c634dbc57499cf0f051205236327d CVE-2023-38002,0,0,11fb0758eaa7b961a3a0df91d9a00e7b42b3bcc5f411b51796ef1a318b38f981,2024-11-21T08:12:40.637000 CVE-2023-38003,0,0,d84005b22fbc5b577419dd725bee31341bd9f0980a498ef6647a0b9e648a0922,2024-11-21T08:12:40.753000 CVE-2023-3801,0,0,07bd937a546b791f41c481c78de785e3d588a94a54cf897593eeef06fcdda9b2,2024-11-21T08:18:05.833000 +CVE-2023-38012,1,1,e9f842a877c7f1d25f0849adca9295f08cf6211c5370f958bc0b22e8d604ec96,2025-01-25T14:15:27.337000 +CVE-2023-38013,1,1,32d8e0e2fc229f4abe79c04a9f5fb5656b17774982d04ef0693f0825e989f2a7,2025-01-25T14:15:27.977000 CVE-2023-38018,0,0,613fb6d1a07a1ef1ca1802adefecd8ca76b326251ab62f1bfd46ed1d01c64b8b,2024-08-29T14:36:06.443000 CVE-2023-38019,0,0,04c4ad5d34313874834351a06c111dc8e966773523ece788269e1628306c54dc,2024-11-21T08:12:40.967000 CVE-2023-3802,0,0,c831c5d84ef21c70c2fb092c4d32caee6e73af414faf6f260071cefc31c7e1da,2024-11-21T08:18:05.993000 @@ -229682,6 +229684,7 @@ CVE-2023-38264,0,0,69fec526bc04dafd94aa9d55c534d1f2dc5220ab7efc0e2e5709e1498fe13 CVE-2023-38267,0,0,c2fcd29445458ac35c1d832e8a2059ebc40ca0cc0a0c87290f8df923a88d8a6a,2024-11-21T08:13:12.750000 CVE-2023-38268,0,0,d933dfd659e14f431ff87f8646f7047159596c73501d930045054065bb2e8936,2024-11-21T08:13:12.910000 CVE-2023-3827,0,0,8dea99078cb1b2564223dae8712f2b6213cef9595285e781fdf0c5b249bed06f,2024-11-21T08:18:09.530000 +CVE-2023-38271,1,1,c86ecfe1a04e754856edf97254fa51f976abd603dfd3810ee733b39b5574c7b4,2025-01-25T14:15:28.123000 CVE-2023-38273,0,0,3feb51fea08f716ddcb1d667a9154095016823ee6be4b709f047cd14310e71de,2024-11-21T08:13:13.053000 CVE-2023-38275,0,0,f230aec202c4cd33174bdc1218621d5d7a6ece56066ab25aab85bfe453826f64,2024-11-21T08:13:13.200000 CVE-2023-38276,0,0,ba9fab32a121dc0ef42130086f4b44807496059dba59bbea2f2970476887b688,2024-11-21T08:13:13.343000 @@ -230100,6 +230103,9 @@ CVE-2023-3871,0,0,619fcd09963920ae565ec6ea9bc1f787ed2dddae07824ae8d5d73b12a4f195 CVE-2023-38710,0,0,21848b106387b265322a05ef4d640ffbe5e8d84390c24f8ad588ec4ca1e48ac6,2024-11-21T08:14:06.133000 CVE-2023-38711,0,0,cf367ee1f4cf567c5b790639f924494ec18e04ff5ec59b1d2c41057e2d06ad1f,2024-11-21T08:14:06.280000 CVE-2023-38712,0,0,7ec3b2f4be6ed93a037f2c9daf04eb137c84c3b9e3ea4addeb7b3312163ae931,2024-11-21T08:14:06.427000 +CVE-2023-38713,1,1,156273e9b35b72a5423695aaa4919ee2a17a4c33d4099a2bc27d713098a8e816,2025-01-25T14:15:28.273000 +CVE-2023-38714,1,1,fcd884b5cc2942b3fbb921c8c8389afcfb8cd38365930f1f1b8430449c445360,2025-01-25T14:15:28.437000 +CVE-2023-38716,1,1,9d4d9829350b125811bcd5b128558b794ca9158275fc6f56f589598159d45ea9,2025-01-25T14:15:28.580000 CVE-2023-38718,0,0,a4a60f69bd461c72006b06fc3e607b749a6d0fd88add748d217383d11a906cc2,2024-11-21T08:14:06.570000 CVE-2023-38719,0,0,77b39745154e6ee504b559f28d4696b8416718ff73f1ca18424720c014de2380,2024-11-21T08:14:06.727000 CVE-2023-3872,0,0,630771cb82fde72261f8806b2f1c4e7a76405d4dd05d22457d6469e158fa878e,2024-11-21T08:18:15.437000 @@ -246173,7 +246179,7 @@ CVE-2024-1355,0,0,6172baf85be4d7a27bbb49e6e2c61129e709fa636052c76496ed45a6120298 CVE-2024-13550,0,0,f9981f1deb805f2a60af3da03768fa1b757685b2867a3f144ba6c75ef5863a95,2025-01-25T08:15:09.847000 CVE-2024-13551,0,0,c0f32b47678190b67b060d76bcd33ea48dd01585e717a7e931b6ea219ab115cf,2025-01-25T08:15:10.007000 CVE-2024-1356,0,0,6cb6186c899ef9742e559deecf7de4862ea2bb78bef5eed0c472ae9df79196b1,2024-11-21T08:50:24.133000 -CVE-2024-13562,1,1,77e083f4cdf73b4ddbc324f348afd08346ceeabfc8f2f059cfdc83de8bce92a8,2025-01-25T12:15:26.570000 +CVE-2024-13562,0,0,77e083f4cdf73b4ddbc324f348afd08346ceeabfc8f2f059cfdc83de8bce92a8,2025-01-25T12:15:26.570000 CVE-2024-1357,0,0,25eaf5b978f8da82b4d3e5ed8aa890834adc21c061c9c9c169613a72fe6996b1,2024-11-21T08:50:24.283000 CVE-2024-13572,0,0,810ff57abb3e74e570a0f4342646c85283702b45afe741301e2f9c7354adbef4,2025-01-24T11:15:09.520000 CVE-2024-1358,0,0,c4ea31b36cfcd7f75873d740d9e38ca70692f76dad02370c8ddbe488b8025229,2025-01-17T19:52:41.687000 @@ -258336,6 +258342,10 @@ CVE-2024-35102,0,0,4196946a00a04b7c69ae95ddf5fb9fc451b286d51bb1e24cf4c5ffa0fe6eb CVE-2024-35108,0,0,b35293f68c398181aa7dd98d91bf19a5b66693652be25f91f159d41015bd2319,2024-11-21T09:19:47.853000 CVE-2024-35109,0,0,08011b7d41e2e2ee8e6b1b22a9480c987fe4602b83b318bd03fc38fd378b48af,2024-11-21T09:19:48.060000 CVE-2024-35110,0,0,f235fb8e69bced6be621e94a356e9ba742d873a5caa9dfedaa44c9bd587c6830,2024-11-21T09:19:48.270000 +CVE-2024-35111,1,1,cf8d011ec7b8ec011b96f8bcf0f187bb33a06a3661bed1d3c7837a3379331db5,2025-01-25T14:15:28.747000 +CVE-2024-35112,1,1,e1d14101f0ed6364fb562dd8c785d9013d288dd567b0810debc348e95e4839b7,2025-01-25T14:15:28.910000 +CVE-2024-35113,1,1,302995b6d059958fe4cc4c61e4940809495f10a461bfcb48dad6eaf99d5e4da2,2025-01-25T14:15:29.077000 +CVE-2024-35114,1,1,d05ab49bbf252bd4182f75e93e784cec839b4074326db7a082d0e9832dc7cdb3,2025-01-25T14:15:29.233000 CVE-2024-35116,0,0,d47935dd566afa46ad3df0ca0d4d923bfe978e4a5bbfa383efb6411adef9fe3f,2024-11-21T09:19:48.577000 CVE-2024-35117,0,0,775edc85fc6292ca975b97313cb5e23af42f4ca9689462af06c7300c98306e66,2024-12-11T02:15:05.140000 CVE-2024-35118,0,0,4324926efe207392a4ed876fb67f7b1d20226a5f3a177cb56ee4d7f8d8101687,2024-09-19T15:53:25.123000 @@ -258345,6 +258355,7 @@ CVE-2024-35122,0,0,de59a9b5e0157ef4689680697859cb84bcd3a44a0711e096a42fc3b28dff9 CVE-2024-35124,0,0,a922d1c3a3958629dbb0cd51b2de664bb7e7c9433c590d1267fd4128399d23a0,2024-08-22T13:31:16.353000 CVE-2024-3513,0,0,f3b60a2341228082c6b2c058a60950acb3fa7e0ac56c3c9b7f478ff2d11ae041,2024-11-21T09:29:45.410000 CVE-2024-35133,0,0,c27bb2f028f480c71f80a658c5187f1d60bf9d11ef3f138f496564d01c9e391f,2024-09-21T10:15:05.527000 +CVE-2024-35134,1,1,c5889df43bd7d942424c0734b9c36e14a4c248ae2061e800192b678835fb1675,2025-01-25T14:15:29.377000 CVE-2024-35136,0,0,7f9b2bcfec1e00e4c5448e8eb34d153823c83bc999a69fb0df8058180c228751,2024-09-21T10:15:05.673000 CVE-2024-35137,0,0,8a304cdbaf59bb986c8c3f32bdf1739c04b00c7f60b0a646c085f118d8cde7a8,2024-11-21T09:19:49.143000 CVE-2024-35139,0,0,be4c987cfcddfe8d90c735ee236dc1ac4502531a983ac5f6945739f9557c9cc3,2024-11-21T09:19:49.280000 @@ -262098,6 +262109,7 @@ CVE-2024-39744,0,0,caec515f987598fd4718ecc5ffd5b22d7109d39f0a90fab69c9fd087cf1a6 CVE-2024-39745,0,0,1aa4e653fb2cce7a3457432f2326cc5be8e01a20833a0744346693743e61ba37,2024-08-23T15:25:13.470000 CVE-2024-39746,0,0,f1afc11bc11a44838803dfd62593cc3e7a4249af2cc2a806a84825178dbd4ad9,2024-08-23T15:25:02.123000 CVE-2024-39747,0,0,2364c8f9f85ad03df91981b97454f0719e0ee4edb3b0df3002b45e0ad1d1a3e7,2024-09-16T17:13:47.497000 +CVE-2024-39750,1,1,23f3479b9d52653b61fdaced34eaa8cd1cddb49665313402c1a94ee8d8585ba1,2025-01-25T14:15:29.517000 CVE-2024-39751,0,0,b0c0aaf4fb5c9d1835036b5573daa4920c821bcc0ab31bb499aba831cb233595,2024-08-29T16:56:32.053000 CVE-2024-39753,0,0,9cf0ba8c0db0b89a70f7293ebcb08ff8ef168b9c804117157b5fc41c2f9b0584,2024-10-23T15:12:34.673000 CVE-2024-39754,0,0,643f5cbc7d034b0abc00cad0faf015845bc25f508bf6fa4d2d1e03d3c969d63d,2025-01-14T16:15:31.977000