admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-11 08:00:33 +00:00
parent 7385569b50
commit 10b7102c16
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
12 changed files with 870 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2024/11xxx/CVE-2024-11016.json
View File

@ -41,12 +41,12 @@
"version_data": [
{
"version_affected": "<",
"version_name": "6.*",
"version_name": "6",
"version_value": "6.5.1"
},
{
"version_affected": "<",
"version_name": "7.*",
"version_name": "7",
"version_value": "7.2.3"
}
]

4
2024/11xxx/CVE-2024-11017.json
View File

@ -41,12 +41,12 @@
"version_data": [
{
"version_affected": "<",
"version_name": "6.*",
"version_name": "6",
"version_value": "6.5.1"
},
{
"version_affected": "<",
"version_name": "7.*",
"version_name": "7",
"version_value": "7.2.3"
}
]

103
2024/11xxx/CVE-2024-11018.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11018",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Grand Vice info",
"product": {
"product_data": [
{
"product_name": "Webopac",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6",
"version_value": "6.5.1"
},
{
"version_affected": "<",
"version_name": "7",
"version_value": "7.2.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8213-3413b-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8213-3413b-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8214-64fa2-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8214-64fa2-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202411003",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Update Webopac 6 to version 6.5.1 or later</span><br><span style=\"background-color: rgb(255, 255, 255);\">Update Webopac 7 to version 7.2.3 or later.</span>\n\n<br>"
}
],
"value": "Update Webopac 6 to version 6.5.1 or later\nUpdate Webopac 7 to version 7.2.3 or later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

103
2024/11xxx/CVE-2024-11019.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Grand Vice info",
"product": {
"product_data": [
{
"product_name": "Webopac7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6",
"version_value": "6.5.1"
},
{
"version_affected": "<",
"version_name": "7",
"version_value": "7.2.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8215-98582-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8215-98582-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8216-f7dbf-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8216-f7dbf-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202411004",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Update Webopac 6 to version 6.5.1 or later.</span><br><span style=\"background-color: rgb(255, 255, 255);\">Update Webopac 7 to version 7.2.3 or later.</span>\n\n<br>"
}
],
"value": "Update Webopac 6 to version 6.5.1 or later.\nUpdate Webopac 7 to version 7.2.3 or later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

103
2024/11xxx/CVE-2024-11020.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11020",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Grand Vice info",
"product": {
"product_data": [
{
"product_name": "Webopac7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6",
"version_value": "6.5.1"
},
{
"version_affected": "<",
"version_name": "7",
"version_value": "7.2.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8217-05b42-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8217-05b42-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8218-e238b-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8218-e238b-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202411005",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Update Webopac 6 to version 6.5.1 or later.</span><br><span style=\"background-color: rgb(255, 255, 255);\">Update Webopac 7 to version 7.2.3 or later.</span>\n\n<br>"
}
],
"value": "Update Webopac 6 to version 6.5.1 or later.\nUpdate Webopac 7 to version 7.2.3 or later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

103
2024/11xxx/CVE-2024-11021.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11021",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Grand Vice info",
"product": {
"product_data": [
{
"product_name": "Webopac",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6",
"version_value": "6.5.3"
},
{
"version_affected": "<",
"version_name": "7",
"version_value": "7.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8219-f12d0-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8219-f12d0-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8220-e75c2-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8220-e75c2-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202411006",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Update Webopac 6 to version 6.5.1 or later</span><br><span style=\"background-color: rgb(255, 255, 255);\">Update Webopac 7 to version 7.2.3 or later.</span>\n\n<br>"
}
],
"value": "Update Webopac 6 to version 6.5.1 or later\nUpdate Webopac 7 to version 7.2.3 or later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

97
2024/11xxx/CVE-2024-11062.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11062",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DSL6740C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8221-601c3-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8221-601c3-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8228-1fbb0-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8228-1fbb0-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202411007",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">The affected devices are no longer supported for updates. It is recommended to replace the devices.</span>\n\n<br>"
}
],
"value": "The affected devices are no longer supported for updates. It is recommended to replace the devices."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

97
2024/11xxx/CVE-2024-11063.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11063",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DSL6740C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8222-eb5bb-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8222-eb5bb-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8229-3c2ab-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8229-3c2ab-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202411008",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">The affected devices are no longer supported for updates. It is recommended to replace the devices.</span>\n\n<br>"
}
],
"value": "The affected devices are no longer supported for updates. It is recommended to replace the devices."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

97
2024/11xxx/CVE-2024-11064.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11064",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DSL6740C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8223-f6da0-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8223-f6da0-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8230-11430-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8230-11430-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202411009",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">The affected devices are no longer supported for updates. It is recommended to replace the devices.</span>\n\n<br>"
}
],
"value": "The affected devices are no longer supported for updates. It is recommended to replace the devices."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

97
2024/11xxx/CVE-2024-11065.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11065",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DSL6740C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8224-d939e-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8224-d939e-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8231-2432e-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8231-2432e-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202411010",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "&nbsp; The affected devices are no longer supported for updates. It is recommended to replace the devices.<br><br><br>"
}
],
"value": "The affected devices are no longer supported for updates. It is recommended to replace the devices."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

97
2024/11xxx/CVE-2024-11066.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11066",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DSL6740C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8225-3d882-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8225-3d882-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8232-5d94e-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8232-5d94e-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202411011",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">The affected devices are no longer supported for updates. It is recommended to replace the devices.</span>\n\n<br>"
}
],
"value": "The affected devices are no longer supported for updates. It is recommended to replace the devices."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

5
2024/47xxx/CVE-2024-47295.json
View File

@ -54,6 +54,11 @@
},
"references": {
"reference_data": [
{
"url": "https://epson.com/Support/wa00958",
"refsource": "MISC",
"name": "https://epson.com/Support/wa00958"
},
{
"url": "https://www.epson.jp/support/misc_t/240930_03_oshirase.htm",
"refsource": "MISC",