Skip to content

Commit

Permalink
2 changes (2 new | 0 updated):
Browse files Browse the repository at this point in the history 
      - 2 new CVEs:  CVE-2024-52958, CVE-2024-52959
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Nov 27, 2024
1 parent d7b1149 commit 8280c40
Show file tree
Hide file tree
Showing 4 changed files with 262 additions and 18 deletions.
115 changes: 115 additions & 0 deletions cves/2024/52xxx/CVE-2024-52958.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-52958",
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"state": "PUBLISHED",
"assignerShortName": "ZUSO ART",
"dateReserved": "2024-11-18T08:24:35.610Z",
"datePublished": "2024-11-27T05:22:47.950Z",
"dateUpdated": "2024-11-27T05:22:47.950Z"
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "iota C.ai Conversational Platform",
"vendor": "Galaxy Software Services Corporation",
"versions": [
{
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-27T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function."
}
],
"value": "A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART",
"dateUpdated": "2024-11-27T05:22:47.950Z"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://zuso.ai/advisory/za-2024-11"
}
],
"source": {
"defect": [
"ZA-2024-11"
],
"discovery": "UNKNOWN"
},
"title": "iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
}
}
115 changes: 115 additions & 0 deletions cves/2024/52xxx/CVE-2024-52959.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-52959",
"assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"state": "PUBLISHED",
"assignerShortName": "ZUSO ART",
"dateReserved": "2024-11-18T08:24:35.611Z",
"datePublished": "2024-11-27T05:23:11.281Z",
"dateUpdated": "2024-11-27T05:23:11.281Z"
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "iota C.ai Conversational Platform",
"vendor": "Galaxy Software Services Corporation",
"versions": [
{
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-27T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file."
}
],
"value": "A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
"shortName": "ZUSO ART",
"dateUpdated": "2024-11-27T05:23:11.281Z"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://zuso.ai/advisory/za-2024-12"
}
],
"source": {
"defect": [
"ZA-2024-12"
],
"discovery": "UNKNOWN"
},
"title": "iota C.ai Conversational Platform - Improper Control of Generation of Code ('Code Injection')",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
}
}
30 changes: 12 additions & 18 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,20 @@
{
"fetchTime": "2024-11-27T04:55:37.887Z",
"numberOfChanges": 3,
"new": [],
"updated": [
"fetchTime": "2024-11-27T05:28:52.400Z",
"numberOfChanges": 2,
"new": [
{
"cveId": "CVE-2024-29014",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-29014",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/29xxx/CVE-2024-29014.json",
"dateUpdated": "2024-11-27T04:55:16.232Z"
"cveId": "CVE-2024-52958",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-52958",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/52xxx/CVE-2024-52958.json",
"dateUpdated": "2024-11-27T05:22:47.950Z"
},
{
"cveId": "CVE-2024-5921",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5921",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5921.json",
"dateUpdated": "2024-11-27T04:55:16.253Z"
},
{
"cveId": "CVE-2024-8932",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-8932",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/8xxx/CVE-2024-8932.json",
"dateUpdated": "2024-11-27T04:55:17.998Z"
"cveId": "CVE-2024-52959",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-52959",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/52xxx/CVE-2024-52959.json",
"dateUpdated": "2024-11-27T05:23:11.281Z"
}
],
"updated": [],
"error": []
}
20 changes: 20 additions & 0 deletions cves/deltaLog.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,24 @@
[
{
"fetchTime": "2024-11-27T05:28:52.400Z",
"numberOfChanges": 2,
"new": [
{
"cveId": "CVE-2024-52958",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-52958",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/52xxx/CVE-2024-52958.json",
"dateUpdated": "2024-11-27T05:22:47.950Z"
},
{
"cveId": "CVE-2024-52959",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-52959",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/52xxx/CVE-2024-52959.json",
"dateUpdated": "2024-11-27T05:23:11.281Z"
}
],
"updated": [],
"error": []
},
{
"fetchTime": "2024-11-27T04:55:37.887Z",
"numberOfChanges": 3,
Expand Down

0 comments on commit 8280c40

Please sign in to comment.