admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-24 06:00:53 +00:00
parent d0077863dd
commit 1fbf6107fc
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
13 changed files with 874 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
2024/11xxx/CVE-2024-11885.json
View File

@ -1,17 +1,85 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-11885", "ID": "CVE-2024-11885",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@wordfence.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'njtele_button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ninjateam",
"product": {
"product_data": [
{
"product_name": "NinjaTeam Chat for Telegram",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/338d9348-da24-44b9-ac97-a7a8a7376815?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/338d9348-da24-44b9-ac97-a7a8a7376815?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3209678%40ninjateam-telegram&new=3209678%40ninjateam-telegram",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3209678%40ninjateam-telegram&new=3209678%40ninjateam-telegram"
}
]
},
"credits": [
{
"lang": "en",
"value": "Peter Thaleikis"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
} }
] ]
} }

76
2024/12xxx/CVE-2024-12034.json
View File

@ -1,17 +1,85 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-12034", "ID": "CVE-2024-12034",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@wordfence.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password attempts"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-340 Generation of Predictable Numbers or Identifiers",
"cweId": "CWE-340"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "webfactory",
"product": {
"product_data": [
{
"product_name": "Advanced Google reCAPTCHA",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.25"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fa7e6f6-92b2-494b-8c7a-76ba8213b610?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fa7e6f6-92b2-494b-8c7a-76ba8213b610?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208704%40advanced-google-recaptcha&new=3208704%40advanced-google-recaptcha&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208704%40advanced-google-recaptcha&new=3208704%40advanced-google-recaptcha&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Max Boll"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
} }
] ]
} }

81
2024/12xxx/CVE-2024-12100.json
View File

@ -1,17 +1,90 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-12100", "ID": "CVE-2024-12100",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@wordfence.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Bitcoin Lightning Publisher for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "getalby",
"product": {
"product_data": [
{
"product_name": "Bitcoin Lightning Publisher for WordPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d204ed58-efb2-4383-aa0f-cbad0bae4d02?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d204ed58-efb2-4383-aa0f-cbad0bae4d02?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bitcoin-lightning-publisher/tags/1.4.1/includes/db/transactions.php#L212",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/bitcoin-lightning-publisher/tags/1.4.1/includes/db/transactions.php#L212"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3211584%40bitcoin-lightning-publisher&new=3211584%40bitcoin-lightning-publisher&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3211584%40bitcoin-lightning-publisher&new=3211584%40bitcoin-lightning-publisher&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Jude Nwadinobi"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
} }
] ]
} }

76
2024/12xxx/CVE-2024-12210.json
View File

@ -1,17 +1,85 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-12210", "ID": "CVE-2024-12210",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@wordfence.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdn_remove_shoplogo' AJAX action in all versions up to, and including, 5.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove the shop's logo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tychesoftwares",
"product": {
"product_data": [
{
"product_name": "Print Invoice & Delivery Notes for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8883d4fe-3ca6-4591-9972-219b114126d3?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8883d4fe-3ca6-4591-9972-219b114126d3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3209682%40woocommerce-delivery-notes&new=3209682%40woocommerce-delivery-notes&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3209682%40woocommerce-delivery-notes&new=3209682%40woocommerce-delivery-notes&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Tieu Pham Trong Nhan"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
} }
] ]
} }

76
2024/12xxx/CVE-2024-12405.json
View File

@ -1,17 +1,85 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-12405", "ID": "CVE-2024-12405",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@wordfence.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Export Customers Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't' parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "fahadmahmood",
"product": {
"product_data": [
{
"product_name": "Export Customers Data",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.2.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed61c037-a73c-477e-a5b5-3b4781cec130?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed61c037-a73c-477e-a5b5-3b4781cec130?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3210666%40export-customers-data&new=3210666%40export-customers-data&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3210666%40export-customers-data&new=3210666%40export-customers-data&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Dale Mavers"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
} }
] ]
} }

76
2024/12xxx/CVE-2024-12594.json
View File

@ -1,17 +1,85 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-12594", "ID": "CVE-2024-12594",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@wordfence.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Custom Login Page Styler \u2013 Login Protected Private Site , Change wp-admin login url , WordPress login logo , Temporary admin login access , Rename login , Login customizer, Hide wp-login \u2013 Limit Login Attempts \u2013 Locked Site plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'lps_generate_temp_access_url' AJAX action in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to login as other users such as subscribers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zia-imtiaz",
"product": {
"product_data": [
{
"product_name": "Custom Login Page Styler",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "7.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e50c519-7d79-4270-92e8-75e54bb08cff?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e50c519-7d79-4270-92e8-75e54bb08cff?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208192%40login-page-styler&new=3208192%40login-page-styler&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208192%40login-page-styler&new=3208192%40login-page-styler&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
} }
] ]
} }

96
2024/12xxx/CVE-2024-12622.json
View File

@ -1,17 +1,105 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-12622", "ID": "CVE-2024-12622",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@wordfence.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' and 'wp_cart_display_product' shortcodes in all versions up to, and including, 5.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wptipsntricks",
"product": {
"product_data": [
{
"product_name": "WordPress Simple Shopping Cart",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/adfba556-6a96-4836-af0f-39c214099481?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/adfba556-6a96-4836-af0f-39c214099481?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.0.7/wp_shopping_cart_shortcodes.php#L5",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.0.7/wp_shopping_cart_shortcodes.php#L5"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.0.7/wp_shopping_cart_shortcodes.php#L11",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.0.7/wp_shopping_cart_shortcodes.php#L11"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.0.7/wp_shopping_cart_shortcodes.php#L49",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.0.7/wp_shopping_cart_shortcodes.php#L49"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.0.7/includes/wpsc-shortcodes-related.php#L3",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/wordpress-simple-paypal-shopping-cart/tags/5.0.7/includes/wpsc-shortcodes-related.php#L3"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3210506/wordpress-simple-paypal-shopping-cart/trunk/includes/wpsc-shortcodes-related.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3210506/wordpress-simple-paypal-shopping-cart/trunk/includes/wpsc-shortcodes-related.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "muhammad yudha"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
} }
] ]
} }

60
2024/41xxx/CVE-2024-41882.json
View File

@ -1,18 +1,70 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-41882", "ID": "CVE-2024-41882",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secure.cctv@hanwha.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u00a0An attacker can cause a stack overflow by entering large data into URL parameters, which will result in a system reboot.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hanwha Vision Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "XRN-420S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.01.62 and prior versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf",
"refsource": "MISC",
"name": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
} }
} }

60
2024/41xxx/CVE-2024-41883.json
View File

@ -1,18 +1,70 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-41883", "ID": "CVE-2024-41883",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secure.cctv@hanwha.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the \n\nNVR\n\n.\u00a0An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hanwha Vision Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "XRN-420S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.01.62 and prior versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf",
"refsource": "MISC",
"name": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
} }
} }

60
2024/41xxx/CVE-2024-41884.json
View File

@ -1,18 +1,70 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-41884", "ID": "CVE-2024-41884",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secure.cctv@hanwha.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u00a0If an attacker does not enter any value for a specific URL parameter, NULL pointer references will occur and the NVR will reboot.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hanwha Vision Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "XRN-420S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.01.62 and prior versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf",
"refsource": "MISC",
"name": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
} }
} }

60
2024/41xxx/CVE-2024-41885.json
View File

@ -1,18 +1,70 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-41885", "ID": "CVE-2024-41885",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secure.cctv@hanwha.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u00a0The seed string for the encrypt key was hardcoding.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-547 Use of Hard-coded, Security-relevant Constants",
"cweId": "CWE-547"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hanwha Vision Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "XRN-420S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.01.62 and prior versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf",
"refsource": "MISC",
"name": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
} }
} }

60
2024/41xxx/CVE-2024-41886.json
View File

@ -1,18 +1,70 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-41886", "ID": "CVE-2024-41886",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secure.cctv@hanwha.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u00a0An attacker could inject malformed data into url input parameters to reboot the NVR.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hanwha Vision Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "XRN-420S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.01.62 and prior versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf",
"refsource": "MISC",
"name": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
} }
} }

69
2024/41xxx/CVE-2024-41887.json
View File

@ -1,18 +1,79 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-41887", "ID": "CVE-2024-41887",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secure.cctv@hanwha.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u00a0An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hanwha Vision Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "XRN-420S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.01.62 and prior versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf",
"refsource": "MISC",
"name": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
} }
} }