diff --git a/2024/10xxx/CVE-2024-10658.json b/2024/10xxx/CVE-2024-10658.json index 359d7530367..00a3b263c17 100644 --- a/2024/10xxx/CVE-2024-10658.json +++ b/2024/10xxx/CVE-2024-10658.json @@ -1,17 +1,149 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10658", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in Tongda OA up to 11.10. Affected by this vulnerability is an unknown functionality of the file /pda/approve_center/check_seal.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In Tongda OA bis 11.10 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /pda/approve_center/check_seal.php. Mittels Manipulieren des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tongda", + "product": { + "product_data": [ + { + "product_name": "OA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0" + }, + { + "version_affected": "=", + "version_value": "11.1" + }, + { + "version_affected": "=", + "version_value": "11.2" + }, + { + "version_affected": "=", + "version_value": "11.3" + }, + { + "version_affected": "=", + "version_value": "11.4" + }, + { + "version_affected": "=", + "version_value": "11.5" + }, + { + "version_affected": "=", + "version_value": "11.6" + }, + { + "version_affected": "=", + "version_value": "11.7" + }, + { + "version_affected": "=", + "version_value": "11.8" + }, + { + "version_affected": "=", + "version_value": "11.9" + }, + { + "version_affected": "=", + "version_value": "11.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.282673", + "refsource": "MISC", + "name": "https://vuldb.com/?id.282673" + }, + { + "url": "https://vuldb.com/?ctiid.282673", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.282673" + }, + { + "url": "https://vuldb.com/?submit.433529", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.433529" + }, + { + "url": "https://github.com/LvZCh/td/issues/14", + "refsource": "MISC", + "name": "https://github.com/LvZCh/td/issues/14" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "LVZC2 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/10xxx/CVE-2024-10659.json b/2024/10xxx/CVE-2024-10659.json index 244384f79bf..178b9ea07a8 100644 --- a/2024/10xxx/CVE-2024-10659.json +++ b/2024/10xxx/CVE-2024-10659.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10659", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/document/CDGAuthoriseTempletService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in ESAFENET CDG 5 entdeckt. Hierbei geht es um die Funktion delSystemEncryptPolicy der Datei /com/esafenet/servlet/document/CDGAuthoriseTempletService.java. Durch das Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ESAFENET", + "product": { + "product_data": [ + { + "product_name": "CDG", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.282674", + "refsource": "MISC", + "name": "https://vuldb.com/?id.282674" + }, + { + "url": "https://vuldb.com/?ctiid.282674", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.282674" + }, + { + "url": "https://vuldb.com/?submit.434862", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.434862" + }, + { + "url": "https://flowus.cn/share/eaefcf21-6a72-48f8-bc18-a4889512bfe5?code=G8A6P3", + "refsource": "MISC", + "name": "https://flowus.cn/share/eaefcf21-6a72-48f8-bc18-a4889512bfe5?code=G8A6P3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "0menc (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/10xxx/CVE-2024-10660.json b/2024/10xxx/CVE-2024-10660.json index 63c5a22ac75..19ea792be9b 100644 --- a/2024/10xxx/CVE-2024-10660.json +++ b/2024/10xxx/CVE-2024-10660.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10660", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function deleteHook of the file /com/esafenet/servlet/policy/HookService.java. The manipulation of the argument hookId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in ESAFENET CDG 5 gefunden. Es betrifft die Funktion deleteHook der Datei /com/esafenet/servlet/policy/HookService.java. Durch Manipulieren des Arguments hookId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ESAFENET", + "product": { + "product_data": [ + { + "product_name": "CDG", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.282675", + "refsource": "MISC", + "name": "https://vuldb.com/?id.282675" + }, + { + "url": "https://vuldb.com/?ctiid.282675", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.282675" + }, + { + "url": "https://vuldb.com/?submit.434863", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.434863" + }, + { + "url": "https://flowus.cn/share/9d33a5d8-87b1-482b-8642-a8fcf27585ba?code=G8A6P3", + "refsource": "MISC", + "name": "https://flowus.cn/share/9d33a5d8-87b1-482b-8642-a8fcf27585ba?code=G8A6P3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "0menc (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2024/10xxx/CVE-2024-10687.json b/2024/10xxx/CVE-2024-10687.json new file mode 100644 index 00000000000..b856bded012 --- /dev/null +++ b/2024/10xxx/CVE-2024-10687.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10687", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10688.json b/2024/10xxx/CVE-2024-10688.json new file mode 100644 index 00000000000..38f39df7cbf --- /dev/null +++ b/2024/10xxx/CVE-2024-10688.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10688", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10689.json b/2024/10xxx/CVE-2024-10689.json new file mode 100644 index 00000000000..d1c0ec9652c --- /dev/null +++ b/2024/10xxx/CVE-2024-10689.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10689", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10690.json b/2024/10xxx/CVE-2024-10690.json new file mode 100644 index 00000000000..723cc42f037 --- /dev/null +++ b/2024/10xxx/CVE-2024-10690.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10690", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10691.json b/2024/10xxx/CVE-2024-10691.json new file mode 100644 index 00000000000..50c1d815974 --- /dev/null +++ b/2024/10xxx/CVE-2024-10691.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10691", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/22xxx/CVE-2024-22733.json b/2024/22xxx/CVE-2024-22733.json index c3a5402a967..721de5533fe 100644 --- a/2024/22xxx/CVE-2024-22733.json +++ b/2024/22xxx/CVE-2024-22733.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-22733", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-22733", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lenoctambule.dev/post/dos-on-tp-link-web-admin-panel", + "refsource": "MISC", + "name": "https://lenoctambule.dev/post/dos-on-tp-link-web-admin-panel" } ] } diff --git a/2024/28xxx/CVE-2024-28265.json b/2024/28xxx/CVE-2024-28265.json index 87c8bd9c109..955d377f00e 100644 --- a/2024/28xxx/CVE-2024-28265.json +++ b/2024/28xxx/CVE-2024-28265.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28265", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28265", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBOS v4.5.5 has an arbitrary file deletion vulnerability via \\system\\modules\\dashboard\\controllers\\LoginController.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitee.com/ibos/IBOS", + "url": "https://gitee.com/ibos/IBOS" + }, + { + "url": "https://github.com/A7cc/cve/issues/1", + "refsource": "MISC", + "name": "https://github.com/A7cc/cve/issues/1" } ] } diff --git a/2024/40xxx/CVE-2024-40490.json b/2024/40xxx/CVE-2024-40490.json index 63b9c51b062..45055eee9c3 100644 --- a/2024/40xxx/CVE-2024-40490.json +++ b/2024/40xxx/CVE-2024-40490.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-40490", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-40490", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Sourcebans++ before v.1.8.0 allows a remote attacker to obtain sensitive information via a crafted XAJAX call to the Forgot Password function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sbpp/sourcebans-pp/issues/975", + "refsource": "MISC", + "name": "https://github.com/sbpp/sourcebans-pp/issues/975" } ] } diff --git a/2024/43xxx/CVE-2024-43683.json b/2024/43xxx/CVE-2024-43683.json index bae3401be2a..5779031d3e9 100644 --- a/2024/43xxx/CVE-2024-43683.json +++ b/2024/43xxx/CVE-2024-43683.json @@ -56,9 +56,9 @@ "references": { "reference_data": [ { - "url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities", + "url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-improper-verification-of-host-header", "refsource": "MISC", - "name": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities" + "name": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-improper-verification-of-host-header" }, { "url": "https://www.gruppotim.it/it/footer/red-team.html", diff --git a/2024/51xxx/CVE-2024-51377.json b/2024/51xxx/CVE-2024-51377.json index 7d802c79ddd..94c64e61af9 100644 --- a/2024/51xxx/CVE-2024-51377.json +++ b/2024/51xxx/CVE-2024-51377.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-51377", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-51377", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Asadiqbal2/Vulnerabilities-Research/tree/main/CVE-2024-51377", + "url": "https://github.com/Asadiqbal2/Vulnerabilities-Research/tree/main/CVE-2024-51377" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/ladybirdweb/faveo-helpdesk/issues/8303", + "url": "https://github.com/ladybirdweb/faveo-helpdesk/issues/8303" } ] } diff --git a/2024/51xxx/CVE-2024-51398.json b/2024/51xxx/CVE-2024-51398.json index 62509815730..ed631c40e80 100644 --- a/2024/51xxx/CVE-2024-51398.json +++ b/2024/51xxx/CVE-2024-51398.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-51398", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-51398", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously threatening network security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/HuhaiOvO/Altai/blob/main/Altai%20IX500%20Indoor%202%C3%972%20802.11ac%20Wave%202%20AP%20wake%20password.docx", + "refsource": "MISC", + "name": "https://github.com/HuhaiOvO/Altai/blob/main/Altai%20IX500%20Indoor%202%C3%972%20802.11ac%20Wave%202%20AP%20wake%20password.docx" + }, + { + "refsource": "MISC", + "name": "https://github.com/HuhaiOvO/Altai/blob/main/Altai_IX500_Weak_Password.yaml", + "url": "https://github.com/HuhaiOvO/Altai/blob/main/Altai_IX500_Weak_Password.yaml" } ] } diff --git a/2024/51xxx/CVE-2024-51399.json b/2024/51xxx/CVE-2024-51399.json index 5ff8c45e78b..82f4e80eece 100644 --- a/2024/51xxx/CVE-2024-51399.json +++ b/2024/51xxx/CVE-2024-51399.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-51399", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-51399", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches and identity theft." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/HuhaiOvO/Altai/blob/main/Altai%20IX500%20Indoor%202%C3%972%20802.11ac%20Wave%202%20AP%20file%20read.docx", + "refsource": "MISC", + "name": "https://github.com/HuhaiOvO/Altai/blob/main/Altai%20IX500%20Indoor%202%C3%972%20802.11ac%20Wave%202%20AP%20file%20read.docx" } ] }