admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-17 12:00:34 +00:00
parent ca4e624890
commit 059b08a154
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 449 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2024/32xxx/CVE-2024-32735.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32735",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/32xxx/CVE-2024-32736.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32736",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/32xxx/CVE-2024-32737.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32737",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/32xxx/CVE-2024-32738.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32738",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/32xxx/CVE-2024-32739.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32739",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

75
2024/3xxx/CVE-2024-3333.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3333",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attributes of widgets in all versions up to, and including, 5.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpdevteam",
"product": {
"product_data": [
{
"product_name": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.9.14"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa5bdaf9-fbde-40d4-a72a-fd24489818b3?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa5bdaf9-fbde-40d4-a72a-fd24489818b3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3067596/essential-addons-for-elementor-lite",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3067596/essential-addons-for-elementor-lite"
}
]
},
"credits": [
{
"lang": "en",
"value": "Ng\u00f4 Thi\u00ean An"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

100
2024/3xxx/CVE-2024-3908.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3908",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261144. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in Tenda AC500 2.0.1.9(1307) entdeckt. Betroffen hiervon ist die Funktion formWriteFacMac der Datei /goform/WriteFacMac. Durch Manipulation des Arguments mac mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.1.9(1307)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.261144",
"refsource": "MISC",
"name": "https://vuldb.com/?id.261144"
},
{
"url": "https://vuldb.com/?ctiid.261144",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.261144"
},
{
"url": "https://vuldb.com/?submit.313803",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.313803"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formWriteFacMac.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formWriteFacMac.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "yhryhryhr_tu (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

100
2024/3xxx/CVE-2024-3909.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3909",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). Affected by this vulnerability is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In Tenda AC500 2.0.1.9(1307) wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion formexeCommand der Datei /goform/execCommand. Mittels dem Manipulieren des Arguments cmdinput mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.1.9(1307)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.261145",
"refsource": "MISC",
"name": "https://vuldb.com/?id.261145"
},
{
"url": "https://vuldb.com/?ctiid.261145",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.261145"
},
{
"url": "https://vuldb.com/?submit.313804",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.313804"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formexeCommand.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formexeCommand.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "yhryhryhr_tu (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}

100
2024/3xxx/CVE-2024-3910.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3910",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in Tenda AC500 2.0.1.9(1307). Affected by this issue is the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in Tenda AC500 2.0.1.9(1307) entdeckt. Es geht hierbei um die Funktion fromDhcpListClient der Datei /goform/DhcpListClient. Mittels Manipulieren des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.1.9(1307)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.261146",
"refsource": "MISC",
"name": "https://vuldb.com/?id.261146"
},
{
"url": "https://vuldb.com/?ctiid.261146",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.261146"
},
{
"url": "https://vuldb.com/?submit.313805",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.313805"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/fromDhcpListClient_page.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/fromDhcpListClient_page.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "yhryhryhr_tu (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}