From 0d0366ad436101c378ea63e7caa839917587d16e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 7 Oct 2024 16:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/26xxx/CVE-2022-26320.json | 6 +- 2023/6xxx/CVE-2023-6361.json | 101 +++++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6362.json | 101 +++++++++++++++++++++++++++++-- 2024/28xxx/CVE-2024-28709.json | 61 +++++++++++++++++-- 2024/28xxx/CVE-2024-28710.json | 61 +++++++++++++++++-- 2024/45xxx/CVE-2024-45932.json | 61 +++++++++++++++++-- 2024/46xxx/CVE-2024-46040.json | 61 +++++++++++++++++-- 2024/46xxx/CVE-2024-46041.json | 61 +++++++++++++++++-- 2024/46xxx/CVE-2024-46446.json | 61 +++++++++++++++++-- 2024/47xxx/CVE-2024-47948.json | 18 ++++++ 2024/47xxx/CVE-2024-47949.json | 18 ++++++ 2024/47xxx/CVE-2024-47950.json | 18 ++++++ 2024/47xxx/CVE-2024-47951.json | 18 ++++++ 2024/47xxx/CVE-2024-47952.json | 18 ++++++ 2024/47xxx/CVE-2024-47953.json | 18 ++++++ 2024/47xxx/CVE-2024-47954.json | 18 ++++++ 2024/47xxx/CVE-2024-47955.json | 18 ++++++ 2024/47xxx/CVE-2024-47956.json | 18 ++++++ 2024/47xxx/CVE-2024-47957.json | 18 ++++++ 2024/47xxx/CVE-2024-47958.json | 18 ++++++ 2024/47xxx/CVE-2024-47959.json | 18 ++++++ 2024/47xxx/CVE-2024-47960.json | 18 ++++++ 2024/47xxx/CVE-2024-47961.json | 18 ++++++ 2024/9xxx/CVE-2024-9569.json | 105 +++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9570.json | 105 +++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9582.json | 18 ++++++ 2024/9xxx/CVE-2024-9583.json | 18 ++++++ 27 files changed, 1017 insertions(+), 55 deletions(-) create mode 100644 2024/47xxx/CVE-2024-47948.json create mode 100644 2024/47xxx/CVE-2024-47949.json create mode 100644 2024/47xxx/CVE-2024-47950.json create mode 100644 2024/47xxx/CVE-2024-47951.json create mode 100644 2024/47xxx/CVE-2024-47952.json create mode 100644 2024/47xxx/CVE-2024-47953.json create mode 100644 2024/47xxx/CVE-2024-47954.json create mode 100644 2024/47xxx/CVE-2024-47955.json create mode 100644 2024/47xxx/CVE-2024-47956.json create mode 100644 2024/47xxx/CVE-2024-47957.json create mode 100644 2024/47xxx/CVE-2024-47958.json create mode 100644 2024/47xxx/CVE-2024-47959.json create mode 100644 2024/47xxx/CVE-2024-47960.json create mode 100644 2024/47xxx/CVE-2024-47961.json create mode 100644 2024/9xxx/CVE-2024-9582.json create mode 100644 2024/9xxx/CVE-2024-9583.json diff --git a/2022/26xxx/CVE-2022-26320.json b/2022/26xxx/CVE-2022-26320.json index 4b0634edcf9..4114b6036fc 100644 --- a/2022/26xxx/CVE-2022-26320.json +++ b/2022/26xxx/CVE-2022-26320.json @@ -68,9 +68,9 @@ "url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_announce.html" }, { - "refsource": "MISC", - "name": "https://safezoneswupdate.com", - "url": "https://safezoneswupdate.com" + "refsource": "CONFIRM", + "name": "https://www.rambus.com/security/response-center/advisories/rmbs-2021-01/", + "url": "https://www.rambus.com/security/response-center/advisories/rmbs-2021-01/" } ] } diff --git a/2023/6xxx/CVE-2023-6361.json b/2023/6xxx/CVE-2023-6361.json index 300772e359a..7bee480af0f 100644 --- a/2023/6xxx/CVE-2023-6361.json +++ b/2023/6xxx/CVE-2023-6361.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6361", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WinHex", + "product": { + "product_data": [ + { + "product_name": "WinHex", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "16.1 SR-1" + }, + { + "version_affected": "=", + "version_value": "20.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-winhex", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-winhex" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerabilities have been fixed in v20.8 SR-4 version." + } + ], + "value": "The vulnerabilities have been fixed in v20.8 SR-4 version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6362.json b/2023/6xxx/CVE-2023-6362.json index 0477219ebc1..df3ad51f1fe 100644 --- a/2023/6xxx/CVE-2023-6362.json +++ b/2023/6xxx/CVE-2023-6362.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6362", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WinHex", + "product": { + "product_data": [ + { + "product_name": "WinHex", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "16.1 SR-1" + }, + { + "version_affected": "=", + "version_value": "20.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-winhex", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-winhex" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The vulnerabilities have been fixed in v20.8 SR-4 version." + } + ], + "value": "The vulnerabilities have been fixed in v20.8 SR-4 version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafael Pedrero" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/28xxx/CVE-2024-28709.json b/2024/28xxx/CVE-2024-28709.json index 904b1917675..3bbd03eac54 100644 --- a/2024/28xxx/CVE-2024-28709.json +++ b/2024/28xxx/CVE-2024-28709.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28709", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28709", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://limesurvey.com", + "refsource": "MISC", + "name": "http://limesurvey.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/LimeSurvey/LimeSurvey/commit/c844c4fba81cc26ffe6544bf095bad6252910bc0", + "url": "https://github.com/LimeSurvey/LimeSurvey/commit/c844c4fba81cc26ffe6544bf095bad6252910bc0" } ] } diff --git a/2024/28xxx/CVE-2024-28710.json b/2024/28xxx/CVE-2024-28710.json index 6b053e38078..f646681607a 100644 --- a/2024/28xxx/CVE-2024-28710.json +++ b/2024/28xxx/CVE-2024-28710.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28710", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28710", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://limesurvey.com", + "refsource": "MISC", + "name": "http://limesurvey.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/LimeSurvey/LimeSurvey/commit/c2fd60f94bc1db275f20cbb27a3135a9bdfb7f10", + "url": "https://github.com/LimeSurvey/LimeSurvey/commit/c2fd60f94bc1db275f20cbb27a3135a9bdfb7f10" } ] } diff --git a/2024/45xxx/CVE-2024-45932.json b/2024/45xxx/CVE-2024-45932.json index 6679629b5c7..70fd89aeabf 100644 --- a/2024/45xxx/CVE-2024-45932.json +++ b/2024/45xxx/CVE-2024-45932.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-45932", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-45932", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://TobeReleased.com", + "refsource": "MISC", + "name": "http://TobeReleased.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/AslamMahi/CVE-Aslam-Mahi/blob/main/Laravel%20CRM%20v1.3.0/CVE-2024-45932.md", + "url": "https://github.com/AslamMahi/CVE-Aslam-Mahi/blob/main/Laravel%20CRM%20v1.3.0/CVE-2024-45932.md" } ] } diff --git a/2024/46xxx/CVE-2024-46040.json b/2024/46xxx/CVE-2024-46040.json index 6b869016c3c..05b28f4fb81 100644 --- a/2024/46xxx/CVE-2024-46040.json +++ b/2024/46xxx/CVE-2024-46040.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-46040", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-46040", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and forcefully turn off the access point after the authentication token has expired." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Anonymous120386/Anonymous", + "url": "https://github.com/Anonymous120386/Anonymous" + }, + { + "url": "https://www.iothaat.com/", + "refsource": "MISC", + "name": "https://www.iothaat.com/" } ] } diff --git a/2024/46xxx/CVE-2024-46041.json b/2024/46xxx/CVE-2024-46041.json index 2c235f0b36c..264abb07a57 100644 --- a/2024/46xxx/CVE-2024-46041.json +++ b/2024/46xxx/CVE-2024-46041.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-46041", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-46041", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Anonymous120386/Anonymous", + "url": "https://github.com/Anonymous120386/Anonymous" + }, + { + "url": "https://www.iothaat.com/", + "refsource": "MISC", + "name": "https://www.iothaat.com/" } ] } diff --git a/2024/46xxx/CVE-2024-46446.json b/2024/46xxx/CVE-2024-46446.json index 4a2f9a21b4f..06fc1ae4cf4 100644 --- a/2024/46xxx/CVE-2024-46446.json +++ b/2024/46xxx/CVE-2024-46446.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-46446", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-46446", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://mecha-cmscom.com", + "refsource": "MISC", + "name": "http://mecha-cmscom.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/Sp1d3rL1/Mecha-cms-Arbitrary-File-Deletion-Vulnerability", + "url": "https://github.com/Sp1d3rL1/Mecha-cms-Arbitrary-File-Deletion-Vulnerability" } ] } diff --git a/2024/47xxx/CVE-2024-47948.json b/2024/47xxx/CVE-2024-47948.json new file mode 100644 index 00000000000..951d7cd86ae --- /dev/null +++ b/2024/47xxx/CVE-2024-47948.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47948", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47949.json b/2024/47xxx/CVE-2024-47949.json new file mode 100644 index 00000000000..2e4a6848635 --- /dev/null +++ b/2024/47xxx/CVE-2024-47949.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47949", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47950.json b/2024/47xxx/CVE-2024-47950.json new file mode 100644 index 00000000000..fb9dcb76fd7 --- /dev/null +++ b/2024/47xxx/CVE-2024-47950.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47950", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47951.json b/2024/47xxx/CVE-2024-47951.json new file mode 100644 index 00000000000..b57cf223815 --- /dev/null +++ b/2024/47xxx/CVE-2024-47951.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47951", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47952.json b/2024/47xxx/CVE-2024-47952.json new file mode 100644 index 00000000000..efef23ee0e5 --- /dev/null +++ b/2024/47xxx/CVE-2024-47952.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47952", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47953.json b/2024/47xxx/CVE-2024-47953.json new file mode 100644 index 00000000000..07f1ee4a0c2 --- /dev/null +++ b/2024/47xxx/CVE-2024-47953.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47953", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47954.json b/2024/47xxx/CVE-2024-47954.json new file mode 100644 index 00000000000..7f9f684937d --- /dev/null +++ b/2024/47xxx/CVE-2024-47954.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47954", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47955.json b/2024/47xxx/CVE-2024-47955.json new file mode 100644 index 00000000000..c07b5b39915 --- /dev/null +++ b/2024/47xxx/CVE-2024-47955.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47955", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47956.json b/2024/47xxx/CVE-2024-47956.json new file mode 100644 index 00000000000..8f82a831b96 --- /dev/null +++ b/2024/47xxx/CVE-2024-47956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47957.json b/2024/47xxx/CVE-2024-47957.json new file mode 100644 index 00000000000..2df2402a56f --- /dev/null +++ b/2024/47xxx/CVE-2024-47957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47958.json b/2024/47xxx/CVE-2024-47958.json new file mode 100644 index 00000000000..6288cadbe06 --- /dev/null +++ b/2024/47xxx/CVE-2024-47958.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47958", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47959.json b/2024/47xxx/CVE-2024-47959.json new file mode 100644 index 00000000000..a2fcb9f4827 --- /dev/null +++ b/2024/47xxx/CVE-2024-47959.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47959", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47960.json b/2024/47xxx/CVE-2024-47960.json new file mode 100644 index 00000000000..b703c25e4b7 --- /dev/null +++ b/2024/47xxx/CVE-2024-47960.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47960", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/47xxx/CVE-2024-47961.json b/2024/47xxx/CVE-2024-47961.json new file mode 100644 index 00000000000..ffa5ded7b4d --- /dev/null +++ b/2024/47xxx/CVE-2024-47961.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-47961", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9569.json b/2024/9xxx/CVE-2024-9569.json index b9e293acfed..d9946bf7fb8 100644 --- a/2024/9xxx/CVE-2024-9569.json +++ b/2024/9xxx/CVE-2024-9569.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9569", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED ** In D-Link DIR-619L B1 2.06 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion formEasySetPassword der Datei /goform/formEasySetPassword. Durch Manipulieren des Arguments curTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "D-Link", + "product": { + "product_data": [ + { + "product_name": "DIR-619L B1", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.06" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.279463", + "refsource": "MISC", + "name": "https://vuldb.com/?id.279463" + }, + { + "url": "https://vuldb.com/?ctiid.279463", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.279463" + }, + { + "url": "https://vuldb.com/?submit.414547", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.414547" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formEasySetPassword.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formEasySetPassword.md" + }, + { + "url": "https://www.dlink.com/", + "refsource": "MISC", + "name": "https://www.dlink.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/9xxx/CVE-2024-9570.json b/2024/9xxx/CVE-2024-9570.json index cbc101b7ee3..cbd7fada482 100644 --- a/2024/9xxx/CVE-2024-9570.json +++ b/2024/9xxx/CVE-2024-9570.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9570", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "** UNSUPPPORTED WHEN ASSIGNED ** Eine Schwachstelle wurde in D-Link DIR-619L B1 2.06 gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion formEasySetTimezone der Datei /goform/formEasySetTimezone. Durch das Beeinflussen des Arguments curTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "D-Link", + "product": { + "product_data": [ + { + "product_name": "DIR-619L B1", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.06" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.279464", + "refsource": "MISC", + "name": "https://vuldb.com/?id.279464" + }, + { + "url": "https://vuldb.com/?ctiid.279464", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.279464" + }, + { + "url": "https://vuldb.com/?submit.414548", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.414548" + }, + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formEasySetTimezone.md", + "refsource": "MISC", + "name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formEasySetTimezone.md" + }, + { + "url": "https://www.dlink.com/", + "refsource": "MISC", + "name": "https://www.dlink.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "yhryhryhr_miemie (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 8.8, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 9, + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2024/9xxx/CVE-2024-9582.json b/2024/9xxx/CVE-2024-9582.json new file mode 100644 index 00000000000..0b00831013e --- /dev/null +++ b/2024/9xxx/CVE-2024-9582.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9582", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9583.json b/2024/9xxx/CVE-2024-9583.json new file mode 100644 index 00000000000..7b3803b1d83 --- /dev/null +++ b/2024/9xxx/CVE-2024-9583.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9583", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file