Skip to content

Commit

Permalink
1 changes (1 new | 0 updated):
Browse files Browse the repository at this point in the history 
      - 1 new CVEs:  CVE-2024-13040
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Dec 31, 2024
1 parent 404313b commit a2b9876
Show file tree
Hide file tree
Showing 3 changed files with 152 additions and 12 deletions.
132 changes: 132 additions & 0 deletions cves/2024/13xxx/CVE-2024-13040.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-13040",
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"state": "PUBLISHED",
"assignerShortName": "twcert",
"dateReserved": "2024-12-30T02:15:41.237Z",
"datePublished": "2024-12-31T01:35:20.576Z",
"dateUpdated": "2024-12-31T01:35:20.576Z"
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QOCA aim",
"vendor": "Quanta Computer",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2024-12-31T01:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to privilege escalation."
}
],
"value": "The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to privilege escalation."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert",
"dateUpdated": "2024-12-31T01:35:20.576Z"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8336-aa03b-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8337-7899f-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Contact the vendor to obtain an update.</span>\n\n<br>"
}
],
"value": "Contact the vendor to obtain an update."
}
],
"source": {
"advisory": "TVN-202412010",
"discovery": "EXTERNAL"
},
"title": "Quanta Computer QOCA aim - Authorization Bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
}
}
18 changes: 6 additions & 12 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,12 @@
{
"fetchTime": "2024-12-31T01:34:52.764Z",
"numberOfChanges": 2,
"fetchTime": "2024-12-31T02:06:46.757Z",
"numberOfChanges": 1,
"new": [
{
"cveId": "CVE-2024-12838",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12838",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12838.json",
"dateUpdated": "2024-12-31T01:24:48.680Z"
},
{
"cveId": "CVE-2024-12839",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12839",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12839.json",
"dateUpdated": "2024-12-31T01:32:11.422Z"
"cveId": "CVE-2024-13040",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13040",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13040.json",
"dateUpdated": "2024-12-31T01:35:20.576Z"
}
],
"updated": [],
Expand Down
14 changes: 14 additions & 0 deletions cves/deltaLog.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,18 @@
[
{
"fetchTime": "2024-12-31T02:06:46.757Z",
"numberOfChanges": 1,
"new": [
{
"cveId": "CVE-2024-13040",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13040",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13040.json",
"dateUpdated": "2024-12-31T01:35:20.576Z"
}
],
"updated": [],
"error": []
},
{
"fetchTime": "2024-12-31T01:34:52.764Z",
"numberOfChanges": 2,
Expand Down

0 comments on commit a2b9876

Please sign in to comment.