diff --git a/cves/2024/13xxx/CVE-2024-13040.json b/cves/2024/13xxx/CVE-2024-13040.json
new file mode 100644
index 000000000000..82f4bbb086fe
--- /dev/null
+++ b/cves/2024/13xxx/CVE-2024-13040.json
@@ -0,0 +1,132 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-13040",
+ "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
+ "state": "PUBLISHED",
+ "assignerShortName": "twcert",
+ "dateReserved": "2024-12-30T02:15:41.237Z",
+ "datePublished": "2024-12-31T01:35:20.576Z",
+ "dateUpdated": "2024-12-31T01:35:20.576Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "defaultStatus": "unaffected",
+ "product": "QOCA aim",
+ "vendor": "Quanta Computer",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0"
+ }
+ ]
+ }
+ ],
+ "datePublic": "2024-12-31T01:33:00.000Z",
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to privilege escalation."
+ }
+ ],
+ "value": "The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to privilege escalation."
+ }
+ ],
+ "impacts": [
+ {
+ "capecId": "CAPEC-233",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "CAPEC-233 Privilege Escalation"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-639",
+ "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
+ "shortName": "twcert",
+ "dateUpdated": "2024-12-31T01:35:20.576Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "third-party-advisory"
+ ],
+ "url": "https://www.twcert.org.tw/tw/cp-132-8336-aa03b-1.html"
+ },
+ {
+ "tags": [
+ "third-party-advisory"
+ ],
+ "url": "https://www.twcert.org.tw/en/cp-139-8337-7899f-2.html"
+ }
+ ],
+ "solutions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Contact the vendor to obtain an update.\n\n
"
+ }
+ ],
+ "value": "Contact the vendor to obtain an update."
+ }
+ ],
+ "source": {
+ "advisory": "TVN-202412010",
+ "discovery": "EXTERNAL"
+ },
+ "title": "Quanta Computer QOCA aim - Authorization Bypass",
+ "x_generator": {
+ "engine": "Vulnogram 0.2.0"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/delta.json b/cves/delta.json
index 00cea4ff07cd..55f429990bdd 100644
--- a/cves/delta.json
+++ b/cves/delta.json
@@ -1,18 +1,12 @@
{
- "fetchTime": "2024-12-31T01:34:52.764Z",
- "numberOfChanges": 2,
+ "fetchTime": "2024-12-31T02:06:46.757Z",
+ "numberOfChanges": 1,
"new": [
{
- "cveId": "CVE-2024-12838",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12838",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12838.json",
- "dateUpdated": "2024-12-31T01:24:48.680Z"
- },
- {
- "cveId": "CVE-2024-12839",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12839",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12839.json",
- "dateUpdated": "2024-12-31T01:32:11.422Z"
+ "cveId": "CVE-2024-13040",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13040",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13040.json",
+ "dateUpdated": "2024-12-31T01:35:20.576Z"
}
],
"updated": [],
diff --git a/cves/deltaLog.json b/cves/deltaLog.json
index b9b2972aa0dd..eb1b9f149b52 100644
--- a/cves/deltaLog.json
+++ b/cves/deltaLog.json
@@ -1,4 +1,18 @@
[
+ {
+ "fetchTime": "2024-12-31T02:06:46.757Z",
+ "numberOfChanges": 1,
+ "new": [
+ {
+ "cveId": "CVE-2024-13040",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13040",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13040.json",
+ "dateUpdated": "2024-12-31T01:35:20.576Z"
+ }
+ ],
+ "updated": [],
+ "error": []
+ },
{
"fetchTime": "2024-12-31T01:34:52.764Z",
"numberOfChanges": 2,