From 0c7e898c22a45098f21d61291e09a76f5318310a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 5 Nov 2024 08:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/10xxx/CVE-2024-10654.json | 31 +++++++++++++++++++++++++-- 2024/10xxx/CVE-2024-10840.json | 18 ++++++++++++++++ 2024/10xxx/CVE-2024-10841.json | 18 ++++++++++++++++ 2024/10xxx/CVE-2024-10842.json | 18 ++++++++++++++++ 2024/10xxx/CVE-2024-10843.json | 18 ++++++++++++++++ 2024/10xxx/CVE-2024-10844.json | 18 ++++++++++++++++ 2024/10xxx/CVE-2024-10845.json | 18 ++++++++++++++++ 2024/7xxx/CVE-2024-7006.json | 39 ++++++++++++++++++++++------------ 8 files changed, 163 insertions(+), 15 deletions(-) create mode 100644 2024/10xxx/CVE-2024-10840.json create mode 100644 2024/10xxx/CVE-2024-10841.json create mode 100644 2024/10xxx/CVE-2024-10842.json create mode 100644 2024/10xxx/CVE-2024-10843.json create mode 100644 2024/10xxx/CVE-2024-10844.json create mode 100644 2024/10xxx/CVE-2024-10845.json diff --git a/2024/10xxx/CVE-2024-10654.json b/2024/10xxx/CVE-2024-10654.json index 5bb3732a659..6f163c6483d 100644 --- a/2024/10xxx/CVE-2024-10654.json +++ b/2024/10xxx/CVE-2024-10654.json @@ -11,11 +11,11 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + "value": "A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component." }, { "lang": "deu", - "value": "In TOTOLINK LR350 bis 9.3.5u.6369 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /formLoginAuth.htm. Dank der Manipulation des Arguments authCode mit der Eingabe 1 mit unbekannten Daten kann eine authorization bypass-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + "value": "In TOTOLINK LR350 bis 9.3.5u.6369 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /formLoginAuth.htm. Dank der Manipulation des Arguments authCode mit der Eingabe 1 mit unbekannten Daten kann eine authorization bypass-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 9.3.5u.6698_B20230810 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." } ] }, @@ -29,6 +29,24 @@ "cweId": "CWE-639" } ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization", + "cweId": "CWE-285" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] } ] }, @@ -78,6 +96,11 @@ "refsource": "MISC", "name": "https://github.com/c0nyy/IoT_vuln/blob/main/TOTOLINK%20LR350%20Vuln.md" }, + { + "url": "https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/231/ids/36.html", + "refsource": "MISC", + "name": "https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/231/ids/36.html" + }, { "url": "https://www.totolink.net/", "refsource": "MISC", @@ -86,6 +109,10 @@ ] }, "credits": [ + { + "lang": "en", + "value": "c0nyy (VulDB User)" + }, { "lang": "en", "value": "c0nyy (VulDB User)" diff --git a/2024/10xxx/CVE-2024-10840.json b/2024/10xxx/CVE-2024-10840.json new file mode 100644 index 00000000000..34a6e2c33b9 --- /dev/null +++ b/2024/10xxx/CVE-2024-10840.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10840", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10841.json b/2024/10xxx/CVE-2024-10841.json new file mode 100644 index 00000000000..f5e8403d2e7 --- /dev/null +++ b/2024/10xxx/CVE-2024-10841.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10841", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10842.json b/2024/10xxx/CVE-2024-10842.json new file mode 100644 index 00000000000..698ea920ff7 --- /dev/null +++ b/2024/10xxx/CVE-2024-10842.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10842", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10843.json b/2024/10xxx/CVE-2024-10843.json new file mode 100644 index 00000000000..a0116ae5df0 --- /dev/null +++ b/2024/10xxx/CVE-2024-10843.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10843", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10844.json b/2024/10xxx/CVE-2024-10844.json new file mode 100644 index 00000000000..c84d96d4ea3 --- /dev/null +++ b/2024/10xxx/CVE-2024-10844.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10844", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/10xxx/CVE-2024-10845.json b/2024/10xxx/CVE-2024-10845.json new file mode 100644 index 00000000000..e31e9a2bb05 --- /dev/null +++ b/2024/10xxx/CVE-2024-10845.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-10845", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7006.json b/2024/7xxx/CVE-2024-7006.json index e4503dd1ede..57f66aa44f2 100644 --- a/2024/7xxx/CVE-2024-7006.json +++ b/2024/7xxx/CVE-2024-7006.json @@ -35,6 +35,27 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:4.0.9-33.el8_10", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "version": { @@ -82,19 +103,6 @@ ] } }, - { - "product_name": "Red Hat Enterprise Linux 8", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "affected" - } - } - ] - } - }, { "product_name": "Red Hat Enterprise Linux 9", "version": { @@ -121,6 +129,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:6360" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:8833", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:8833" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-7006", "refsource": "MISC",