diff --git a/cves/2024/52xxx/CVE-2024-52958.json b/cves/2024/52xxx/CVE-2024-52958.json new file mode 100644 index 00000000000..65cc742d745 --- /dev/null +++ b/cves/2024/52xxx/CVE-2024-52958.json @@ -0,0 +1,115 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-52958", + "assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88", + "state": "PUBLISHED", + "assignerShortName": "ZUSO ART", + "dateReserved": "2024-11-18T08:24:35.610Z", + "datePublished": "2024-11-27T05:22:47.950Z", + "dateUpdated": "2024-11-27T05:22:47.950Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "affected", + "product": "iota C.ai Conversational Platform", + "vendor": "Galaxy Software Services Corporation", + "versions": [ + { + "lessThanOrEqual": "2.1.3", + "status": "affected", + "version": "1.0.0", + "versionType": "custom" + } + ] + } + ], + "datePublic": "2024-11-27T04:00:00.000Z", + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function." + } + ], + "value": "A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function." + } + ], + "metrics": [ + { + "cvssV4_0": { + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "attackVector": "NETWORK", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "privilegesRequired": "HIGH", + "providerUrgency": "NOT_DEFINED", + "subAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "LOW", + "userInteraction": "NONE", + "valueDensity": "NOT_DEFINED", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H", + "version": "4.0", + "vulnAvailabilityImpact": "HIGH", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnerabilityResponseEffort": "NOT_DEFINED" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-347", + "description": "CWE-347: Improper Verification of Cryptographic Signature", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88", + "shortName": "ZUSO ART", + "dateUpdated": "2024-11-27T05:22:47.950Z" + }, + "references": [ + { + "tags": [ + "third-party-advisory" + ], + "url": "https://zuso.ai/advisory/za-2024-11" + } + ], + "source": { + "defect": [ + "ZA-2024-11" + ], + "discovery": "UNKNOWN" + }, + "title": "iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/52xxx/CVE-2024-52959.json b/cves/2024/52xxx/CVE-2024-52959.json new file mode 100644 index 00000000000..d4ba77ccd2d --- /dev/null +++ b/cves/2024/52xxx/CVE-2024-52959.json @@ -0,0 +1,115 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-52959", + "assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88", + "state": "PUBLISHED", + "assignerShortName": "ZUSO ART", + "dateReserved": "2024-11-18T08:24:35.611Z", + "datePublished": "2024-11-27T05:23:11.281Z", + "dateUpdated": "2024-11-27T05:23:11.281Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "affected", + "product": "iota C.ai Conversational Platform", + "vendor": "Galaxy Software Services Corporation", + "versions": [ + { + "lessThanOrEqual": "2.1.3", + "status": "affected", + "version": "1.0.0", + "versionType": "custom" + } + ] + } + ], + "datePublic": "2024-11-27T04:00:00.000Z", + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file." + } + ], + "value": "A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file." + } + ], + "metrics": [ + { + "cvssV4_0": { + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "attackVector": "NETWORK", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "privilegesRequired": "HIGH", + "providerUrgency": "NOT_DEFINED", + "subAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "LOW", + "userInteraction": "NONE", + "valueDensity": "NOT_DEFINED", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H", + "version": "4.0", + "vulnAvailabilityImpact": "HIGH", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnerabilityResponseEffort": "NOT_DEFINED" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-94", + "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88", + "shortName": "ZUSO ART", + "dateUpdated": "2024-11-27T05:23:11.281Z" + }, + "references": [ + { + "tags": [ + "third-party-advisory" + ], + "url": "https://zuso.ai/advisory/za-2024-12" + } + ], + "source": { + "defect": [ + "ZA-2024-12" + ], + "discovery": "UNKNOWN" + }, + "title": "iota C.ai Conversational Platform - Improper Control of Generation of Code ('Code Injection')", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index bb630c94c6e..ef8d8d0f1ff 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,26 +1,20 @@ { - "fetchTime": "2024-11-27T04:55:37.887Z", - "numberOfChanges": 3, - "new": [], - "updated": [ + "fetchTime": "2024-11-27T05:28:52.400Z", + "numberOfChanges": 2, + "new": [ { - "cveId": "CVE-2024-29014", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-29014", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/29xxx/CVE-2024-29014.json", - "dateUpdated": "2024-11-27T04:55:16.232Z" + "cveId": "CVE-2024-52958", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-52958", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/52xxx/CVE-2024-52958.json", + "dateUpdated": "2024-11-27T05:22:47.950Z" }, { - "cveId": "CVE-2024-5921", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5921", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5921.json", - "dateUpdated": "2024-11-27T04:55:16.253Z" - }, - { - "cveId": "CVE-2024-8932", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-8932", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/8xxx/CVE-2024-8932.json", - "dateUpdated": "2024-11-27T04:55:17.998Z" + "cveId": "CVE-2024-52959", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-52959", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/52xxx/CVE-2024-52959.json", + "dateUpdated": "2024-11-27T05:23:11.281Z" } ], + "updated": [], "error": [] } \ No newline at end of file diff --git a/cves/deltaLog.json b/cves/deltaLog.json index acb4aa87dd2..6151cd7dc9d 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,24 @@ [ + { + "fetchTime": "2024-11-27T05:28:52.400Z", + "numberOfChanges": 2, + "new": [ + { + "cveId": "CVE-2024-52958", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-52958", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/52xxx/CVE-2024-52958.json", + "dateUpdated": "2024-11-27T05:22:47.950Z" + }, + { + "cveId": "CVE-2024-52959", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-52959", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/52xxx/CVE-2024-52959.json", + "dateUpdated": "2024-11-27T05:23:11.281Z" + } + ], + "updated": [], + "error": [] + }, { "fetchTime": "2024-11-27T04:55:37.887Z", "numberOfChanges": 3,