admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-13 18:00:33 +00:00
parent 271475c5fe
commit 28eab2ce1f
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
18 changed files with 1103 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
2024/31xxx/CVE-2024-31956.json
View File

@ -1,18 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31956",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-31956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
}

70
2024/32xxx/CVE-2024-32504.json
View File

@ -1,18 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32504",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-32504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper length checking, which can result in an OOB (Out-of-Bounds) Write vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
}

56
2024/36xxx/CVE-2024-36760.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36760",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack overflow vulnerability was found in version 1.18.0 of rhai. The flaw position is: (/ SRC/rhai/SRC/eval/STMT. Rs in rhai: : eval: : STMT: : _ $LT $impl $u20 $rhai.. engine.. Engine$GT$::eval_stmt::h3f1d68ce37fc6e96). Due to the stack overflow is a recursive call/SRC/rhai/SRC/eval/STMT. Rs file eval_stmt_block function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/MageWeiG/VulnerabilityCollection/blob/main/CVE-2024-36760/info.md",
"url": "https://github.com/MageWeiG/VulnerabilityCollection/blob/main/CVE-2024-36760/info.md"
}
]
}

99
2024/37xxx/CVE-2024-37022.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37022",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fuji Electric",
"product": {
"product_data": [
{
"product_name": "Tellus Lite V-Simulator",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.20.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-165-14",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Fuji Electric recommends users update to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d\">v4.0.20.0</a>.<br>"
}
],
"value": "Fuji Electric recommends users update to v4.0.20.0 https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d ."
}
],
"credits": [
{
"lang": "en",
"value": "kimya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

99
2024/37xxx/CVE-2024-37029.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Fuji Electric Tellus Lite V-Simulator \nis vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fuji Electric",
"product": {
"product_data": [
{
"product_name": "Tellus Lite V-Simulator",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.20.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-165-14",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Fuji Electric recommends users update to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d\">v4.0.20.0</a>.<br>"
}
],
"value": "Fuji Electric recommends users update to v4.0.20.0 https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/a1f9328f-82f4-434a-b593-32874d1e897d ."
}
],
"credits": [
{
"lang": "en",
"value": "kimya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

78
2024/37xxx/CVE-2024-37279.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37279",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@elastic.co",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elastic",
"product": {
"product_data": [
{
"product_name": "Kibana",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "8.6.3",
"version_value": "8.13.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887",
"refsource": "MISC",
"name": "https://discuss.elastic.co/t/kibana-8-14-0-security-update-esa-2024-15/360887"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

56
2024/37xxx/CVE-2024-37630.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37630",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-37630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/D-link/DIR-605L/README.md",
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/D-link/DIR-605L/README.md"
}
]
}

82
2024/38xxx/CVE-2024-38279.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38279",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"cweId": "CWE-288"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Motorola Solutions",
"product": {
"product_data": [
{
"product_name": "Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.1.171.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<br>\n\n<p>Motorola Solutions recommends the following for each identified vulnerability:</p><p>CVE-2024-38279:</p><ul><li>Use secure boot implementation with an edit-resistant GRUB partition.</li><li>Additional mitigation consists in limiting the physical access to the device by following the best practices for device mounting.</li></ul><p>Edit-resistant grub partition has been remediated for all vulnerable systems. Motorola Solutions<br>will release a secure boot implementation in Fall 2024. All customers will receive the update<br>through OTA (over the air) mechanisms. No further actions are required by customers.</p>\n\n<br>"
}
],
"value": "Motorola Solutions recommends the following for each identified vulnerability:\n\nCVE-2024-38279:\n\n * Use secure boot implementation with an edit-resistant GRUB partition.\n * Additional mitigation consists in limiting the physical access to the device by following the best practices for device mounting.\n\n\nEdit-resistant grub partition has been remediated for all vulnerable systems. Motorola Solutions\nwill release a secure boot implementation in Fall 2024. All customers will receive the update\nthrough OTA (over the air) mechanisms. No further actions are required by customers."
}
],
"credits": [
{
"lang": "en",
"value": "The Michigan State Police Michigan Cyber Command Center (MC3)"
}
]
}

82
2024/38xxx/CVE-2024-38280.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38280",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-313: Cleartext Storage in a File or on Disk",
"cweId": "CWE-313"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Motorola Solutions",
"product": {
"product_data": [
{
"product_name": "Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.1.171.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>\n\n</p><p>Motorola Solutions recommends the following for each identified vulnerability:</p><p></p><p>CVE-2024-38280:</p><ul><li>Apply encryption to all Criminal Justice Information (CJI) data.</li><li>Apply full disk encryption with LUKS encryption standards and add password protection<br>to the GRUB Bootloader.</li><li>Perform column-level encryption for sensitive data in the database.</li></ul><p>All devices shipped after May 10, 2024 are already using full disk encryption. All devices that<br>are not able to have full disk encryption applied have had all CJI data encrypted. No further<br>actions are required by customers.</p>\n\n<br>"
}
],
"value": "Motorola Solutions recommends the following for each identified vulnerability:\n\n\n\nCVE-2024-38280:\n\n * Apply encryption to all Criminal Justice Information (CJI) data.\n * Apply full disk encryption with LUKS encryption standards and add password protection\nto the GRUB Bootloader.\n * Perform column-level encryption for sensitive data in the database.\n\n\nAll devices shipped after May 10, 2024 are already using full disk encryption. All devices that\nare not able to have full disk encryption applied have had all CJI data encrypted. No further\nactions are required by customers."
}
],
"credits": [
{
"lang": "en",
"value": "The Michigan State Police Michigan Cyber Command Center (MC3)"
}
]
}

82
2024/38xxx/CVE-2024-38281.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38281",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Motorola Solutions",
"product": {
"product_data": [
{
"product_name": "Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.1.171.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>Motorola Solutions recommends the following for each identified vulnerability:</p>\n\n<p>CVE-2024-38281:</p><ul><li>Remove the hard-coded credential to access the wireless access point and disable the<br>access point if not needed.</li><li>Set a unique SSID and password if the access point is needed.</li></ul><p>Motorola Solutions has already remediated this vulnerability for all vulnerable systems. No further actions are required by customers.</p>\n\n<br>\n\n<br>"
}
],
"value": "Motorola Solutions recommends the following for each identified vulnerability:\n\n\n\nCVE-2024-38281:\n\n * Remove the hard-coded credential to access the wireless access point and disable the\naccess point if not needed.\n * Set a unique SSID and password if the access point is needed.\n\n\nMotorola Solutions has already remediated this vulnerability for all vulnerable systems. No further actions are required by customers."
}
],
"credits": [
{
"lang": "en",
"value": "The Michigan State Police Michigan Cyber Command Center (MC3)"
}
]
}

82
2024/38xxx/CVE-2024-38282.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38282",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Motorola Solutions",
"product": {
"product_data": [
{
"product_name": "Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.1.171.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Motorola Solutions recommends the following for each identified vulnerability:</p>\n\n<p>CVE-2024-38282:</p><ul><li>Remove the hard coded credentials.</li><li>Use a unique CJIS compliant password per device.</li></ul><p>Motorola Solutions has already remediated this vulnerability for all vulnerable systems. No further actions are required by customers.</p>\n\n<br>\n\n<br>"
}
],
"value": "Motorola Solutions recommends the following for each identified vulnerability:\n\n\n\nCVE-2024-38282:\n\n * Remove the hard coded credentials.\n * Use a unique CJIS compliant password per device.\n\n\nMotorola Solutions has already remediated this vulnerability for all vulnerable systems. No further actions are required by customers."
}
],
"credits": [
{
"lang": "en",
"value": "The Michigan State Police Michigan Cyber Command Center (MC3)"
}
]
}

82
2024/38xxx/CVE-2024-38283.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38283",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sensitive customer information is stored in the device without encryption."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data",
"cweId": "CWE-311"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Motorola Solutions",
"product": {
"product_data": [
{
"product_name": "Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.1.171.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Motorola Solutions recommends the following for each identified vulnerability:</p>\n\n<p>CVE-2024-38283:</p><ul><li>Remove the hotlist data from the device.</li></ul><p>Motorola Solutions has already remediated this vulnerability for all vulnerable systems. No<br>further actions are required by customers.</p>\n\n<br>\n\n<br>"
}
],
"value": "Motorola Solutions recommends the following for each identified vulnerability:\n\n\n\nCVE-2024-38283:\n\n * Remove the hotlist data from the device.\n\n\nMotorola Solutions has already remediated this vulnerability for all vulnerable systems. No\nfurther actions are required by customers."
}
],
"credits": [
{
"lang": "en",
"value": "The Michigan State Police Michigan Cyber Command Center (MC3)"
}
]
}

82
2024/38xxx/CVE-2024-38284.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38284",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294 Authentication Bypass by Capture-replay",
"cweId": "CWE-294"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Motorola Solutions",
"product": {
"product_data": [
{
"product_name": "Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.1.171.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Motorola Solutions recommends the following for each identified vulnerability:</p>\n\n<p>CVE-2024-38284:</p><ul><li>Delete the log files.</li><li>Install updated software not logging the credentialed web request.</li></ul><p>Motorola Solutions has already remediated this vulnerability for all vulnerable systems. No further actions are required by customers.</p>\n\n<br>\n\n<br>"
}
],
"value": "Motorola Solutions recommends the following for each identified vulnerability:\n\n\n\nCVE-2024-38284:\n\n * Delete the log files.\n * Install updated software not logging the credentialed web request.\n\n\nMotorola Solutions has already remediated this vulnerability for all vulnerable systems. No further actions are required by customers."
}
],
"credits": [
{
"lang": "en",
"value": "The Michigan State Police Michigan Cyber Command Center (MC3)"
}
]
}

82
2024/38xxx/CVE-2024-38285.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38285",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Motorola Solutions",
"product": {
"product_data": [
{
"product_name": "Vigilant Fixed LPR Coms Box (BCAV1F2-C600)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.1.171.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Motorola Solutions recommends the following for each identified vulnerability:</p>\n\n<p>CVE-2024-38285:</p><ul><li>Delete the log files.</li></ul><p>Motorola Solutions has already remediated this vulnerability for all vulnerable systems. No further actions are required by customers.</p>\n\n<br>"
}
],
"value": "Motorola Solutions recommends the following for each identified vulnerability:\n\n\n\nCVE-2024-38285:\n\n * Delete the log files.\n\n\nMotorola Solutions has already remediated this vulnerability for all vulnerable systems. No further actions are required by customers."
}
],
"credits": [
{
"lang": "en",
"value": "The Michigan State Police Michigan Cyber Command Center (MC3)"
}
]
}

18
2024/5xxx/CVE-2024-5977.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5977",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5978.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5978",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5979.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5979",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5980.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}