admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-17 17:00:30 +00:00
parent fa9a155da5
commit 2a59023933
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
17 changed files with 682 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
2024/10xxx/CVE-2024-10071.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10071",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in ESAFENET CDG 5. This vulnerability affects the function actionUpdateEncryptPolicyEdit of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument encryptPolicyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In ESAFENET CDG 5 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um die Funktion actionUpdateEncryptPolicyEdit der Datei /com/esafenet/servlet/policy/EncryptPolicyService.java. Dank der Manipulation des Arguments encryptPolicyId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ESAFENET",
"product": {
"product_data": [
{
"product_name": "CDG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.280720",
"refsource": "MISC",
"name": "https://vuldb.com/?id.280720"
},
{
"url": "https://vuldb.com/?ctiid.280720",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.280720"
},
{
"url": "https://vuldb.com/?submit.420913",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.420913"
},
{
"url": "https://flowus.cn/share/d1a29ce2-346c-4a8e-836a-e9533c32fad1?code=G8A6P3",
"refsource": "MISC",
"name": "https://flowus.cn/share/d1a29ce2-346c-4a8e-836a-e9533c32fad1?code=G8A6P3"
}
]
},
"credits": [
{
"lang": "en",
"value": "0menc (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

100
2024/10xxx/CVE-2024-10072.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10072",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in ESAFENET CDG 5 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion actionAddEncryptPolicyGroup der Datei /com/esafenet/servlet/policy/EncryptPolicyService.java. Dank Manipulation des Arguments checklist mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ESAFENET",
"product": {
"product_data": [
{
"product_name": "CDG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.280721",
"refsource": "MISC",
"name": "https://vuldb.com/?id.280721"
},
{
"url": "https://vuldb.com/?ctiid.280721",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.280721"
},
{
"url": "https://vuldb.com/?submit.420914",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.420914"
},
{
"url": "https://flowus.cn/share/dd690c21-bb5c-4db4-a737-afb2cf54c8e1?code=G8A6P3",
"refsource": "MISC",
"name": "https://flowus.cn/share/dd690c21-bb5c-4db4-a737-afb2cf54c8e1?code=G8A6P3"
}
]
},
"credits": [
{
"lang": "en",
"value": "0menc (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

105
2024/10xxx/CVE-2024-10073.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10073",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\\models\\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in flairNLP flair 0.14.0 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion ClusteringModel der Datei flair\\models\\clustering.py der Komponente Mode File Loader. Mit der Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "flairNLP",
"product": {
"product_data": [
{
"product_name": "flair",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.14.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.280722",
"refsource": "MISC",
"name": "https://vuldb.com/?id.280722"
},
{
"url": "https://vuldb.com/?ctiid.280722",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.280722"
},
{
"url": "https://vuldb.com/?submit.420055",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.420055"
},
{
"url": "https://github.com/bayuncao/vul-cve-20",
"refsource": "MISC",
"name": "https://github.com/bayuncao/vul-cve-20"
},
{
"url": "https://github.com/bayuncao/vul-cve-20/blob/main/PoC.py",
"refsource": "MISC",
"name": "https://github.com/bayuncao/vul-cve-20/blob/main/PoC.py"
}
]
},
"credits": [
{
"lang": "en",
"value": "runshen.gao (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P"
}
]
}

18
2024/10xxx/CVE-2024-10093.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10094.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10095.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10095",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10096.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10096",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

6
2024/41xxx/CVE-2024-41722.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "In the goTenna Pro ATAK Plugin there is a vulnerability that makes it \npossible to inject any custom message with any GID and Callsign using a \nsoftware defined radio in existing gotenna mesh networks. This \nvulnerability can be exploited if the device is being used in a \nunencrypted environment or if the cryptography has already been \ncompromised."
"value": "In the goTenna Pro ATAK Plugin there is a vulnerability that makes it \npossible to inject any custom message with any GID and Callsign using a \nsoftware defined radio in existing goTenna mesh networks. This \nvulnerability can be exploited if the device is being used in an \nunencrypted environment or if the cryptography has already been \ncompromised. It is advised to use encryption shared with local QR code \nfor higher security operations."
}
]
},
@ -76,10 +76,10 @@
{
"base64": false,
"type": "text/html",
"value": "<p></p>\n<p>goTenna recommends that users follow these mitigations:</p>\n<p>General Mitigations for All Users/Clients</p>\n<ul>\n<li>Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.</li>\n<li>Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.</li>\n<li>Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.</li>\n</ul>\n<p>Pro-Specific Mitigations</p>\n<ul>\n<li>Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.</li>\n<li>Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.</li>\n<li>Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.</li>\n</ul>\n<p>If you have any questions please contact <a target=\"_blank\" rel=\"nofollow\">prosupport@gotenna.com</a></p>\n\n<p></p>\n\n<br>"
"value": "<p>goTenna recommends that users follow these mitigations:</p>\n<p>General Mitigations for All Users/Clients</p>\n<ul>\n<li>Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.</li>\n<li>Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.</li>\n<li>Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.</li>\n</ul>\n<p>Pro-Specific Mitigations</p>\n<ul>\n<li>Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.</li>\n<li>Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.</li>\n<li>Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.</li>\n</ul>\n<p>If you have any questions please contact <a target=\"_blank\" rel=\"nofollow\">prosupport@gotenna.com</a></p>goTenna recommends that users Follow their secure operating <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.gotennapro.com/s/article/Secure-Operating\">best practices</a>."
}
],
"value": "goTenna recommends that users follow these mitigations:\n\n\nGeneral Mitigations for All Users/Clients\n\n\n\n * Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.\n\n * Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.\n\n * Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.\n\n\n\n\nPro-Specific Mitigations\n\n\n\n * Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.\n\n * Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.\n\n * Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.\n\n\n\n\nIf you have any questions please contact prosupport@gotenna.com"
"value": "goTenna recommends that users follow these mitigations:\n\n\nGeneral Mitigations for All Users/Clients\n\n\n\n * Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.\n\n * Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.\n\n * Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.\n\n\n\n\nPro-Specific Mitigations\n\n\n\n * Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.\n\n * Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.\n\n * Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.\n\n\n\n\nIf you have any questions please contact best practices https://support.gotennapro.com/s/article/Secure-Operating ."
}
],
"solution": [

6
2024/43xxx/CVE-2024-43108.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted \nmessages without any additional integrity checking mechanisms. This \nleaves messages malleable to any attacker that can access the message."
"value": "The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, \nencrypted messages without any additional integrity checking mechanisms.\n This leaves messages malleable to an attacker that can access the \nmessage. It is advised to continue to use encryption in the plugin and \nupdate to the current release for enhanced encryption protocols."
}
]
},
@ -76,10 +76,10 @@
{
"base64": false,
"type": "text/html",
"value": "<p></p>\n<p>goTenna recommends that users follow these mitigations:</p>\n<p>General Mitigations for All Users/Clients</p>\n<ul>\n<li>Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.</li>\n<li>Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.</li>\n<li>Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.</li>\n</ul>\n<p>Pro-Specific Mitigations</p>\n<ul>\n<li>Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.</li>\n<li>Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.</li>\n<li>Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.</li>\n</ul>\n<p>If you have any questions please contact <a target=\"_blank\" rel=\"nofollow\">prosupport@gotenna.com</a></p>\n\n<p></p>\n\n<br>"
"value": "<p>goTenna recommends that users follow these mitigations:</p>\n<p>General Mitigations for All Users/Clients</p>\n<ul>\n<li>Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.</li>\n<li>Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.</li>\n<li>Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.</li>\n</ul>\n<p>Pro-Specific Mitigations</p>\n<ul>\n<li>Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.</li>\n<li>Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.</li>\n<li>Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.</li>\n</ul>\n<p>If you have any questions please contact <a target=\"_blank\" rel=\"nofollow\">prosupport@gotenna.com</a></p>goTenna recommends that users Follow their secure operating <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.gotennapro.com/s/article/Secure-Operating\">best practices</a>."
}
],
"value": "goTenna recommends that users follow these mitigations:\n\n\nGeneral Mitigations for All Users/Clients\n\n\n\n * Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.\n\n * Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.\n\n * Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.\n\n\n\n\nPro-Specific Mitigations\n\n\n\n * Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.\n\n * Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.\n\n * Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.\n\n\n\n\nIf you have any questions please contact prosupport@gotenna.com"
"value": "goTenna recommends that users follow these mitigations:\n\n\nGeneral Mitigations for All Users/Clients\n\n\n\n * Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.\n\n * Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.\n\n * Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.\n\n\n\n\nPro-Specific Mitigations\n\n\n\n * Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.\n\n * Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.\n\n * Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.\n\n\n\n\nIf you have any questions please contact best practices https://support.gotennapro.com/s/article/Secure-Operating ."
}
],
"solution": [

6
2024/45xxx/CVE-2024-45374.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "In the goTenna Pro ATAK Plugin application, the encryption keys are \nstored along with a static IV on the device. This allows for complete \ndecryption of keys stored on the device. This allows an attacker to \ndecrypt all encrypted broadcast communications based on broadcast keys \nstored on the device."
"value": "The goTenna Pro ATAK plugin uses a weak password for sharing encryption \nkeys via the key broadcast method. If the broadcasted encryption key is \ncaptured over RF, and password is cracked via brute force attack, it is \npossible to decrypt it and use it to decrypt all future and past \nmessages sent via encrypted broadcast with that particular key. This \nonly applies when the key is broadcasted over RF. This is an optional \nfeature, so it is advised to use local QR encryption key sharing for \nadditional security on this and previous versions."
}
]
},
@ -76,10 +76,10 @@
{
"base64": false,
"type": "text/html",
"value": "<p></p>\n<p>goTenna recommends that users follow these mitigations:</p>\n<p>General Mitigations for All Users/Clients</p>\n<ul>\n<li>Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.</li>\n<li>Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.</li>\n<li>Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.</li>\n</ul>\n<p>Pro-Specific Mitigations</p>\n<ul>\n<li>Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.</li>\n<li>Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.</li>\n<li>Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.</li>\n</ul>\n<p>If you have any questions please contact <a target=\"_blank\" rel=\"nofollow\">prosupport@gotenna.com</a></p>\n\n<p></p>\n\n<br>"
"value": "<p></p>\n<p></p>\n<p>goTenna recommends that users follow these mitigations:</p>\n<p>General Mitigations for All Users/Clients</p>\n<ul>\n<li>Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.</li>\n<li>Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.</li>\n<li>Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.</li>\n</ul>\n<p>Pro-Specific Mitigations</p>\n<ul>\n<li>Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.</li>\n<li>Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.</li>\n<li>Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.</li>\n</ul>\n<p>If you have any questions please contact <a target=\"_blank\" rel=\"nofollow\">prosupport@gotenna.com</a></p>goTenna recommends that users Follow their secure operating <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.gotennapro.com/s/article/Secure-Operating\">best practices</a>.\n\n<p><a target=\"_blank\" rel=\"nofollow\"></a></p>\n\n<p></p>\n\n<br>"
}
],
"value": "goTenna recommends that users follow these mitigations:\n\n\nGeneral Mitigations for All Users/Clients\n\n\n\n * Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.\n\n * Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.\n\n * Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.\n\n\n\n\nPro-Specific Mitigations\n\n\n\n * Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.\n\n * Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.\n\n * Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.\n\n\n\n\nIf you have any questions please contact prosupport@gotenna.com"
"value": "goTenna recommends that users follow these mitigations:\n\n\nGeneral Mitigations for All Users/Clients\n\n\n\n * Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.\n\n * Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.\n\n * Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.\n\n\n\n\nPro-Specific Mitigations\n\n\n\n * Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.\n\n * Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.\n\n * Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.\n\n\n\n\nIf you have any questions please contact best practices https://support.gotennapro.com/s/article/Secure-Operating ."
}
],
"solution": [

6
2024/45xxx/CVE-2024-45723.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The goTenna Pro ATAK Plugin does not use SecureRandom when generating \nits cryptographic keys. The random function in use is not suitable for \ncryptographic use."
"value": "The goTenna Pro ATAK Plugin does not use SecureRandom when generating \npasswords for sharing cryptographic keys. The random function in use \nmakes it easier for attackers to brute force this password if the \nbroadcasted encryption key is captured over RF. This only applies to the\n optional broadcast of an encryption key, so it is advised to share the \nkey with local QR code for higher security operations."
}
]
},
@ -76,10 +76,10 @@
{
"base64": false,
"type": "text/html",
"value": "<p></p>\n<p>goTenna recommends that users follow these mitigations:</p>\n<p>General Mitigations for All Users/Clients</p>\n<ul>\n<li>Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.</li>\n<li>Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.</li>\n<li>Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.</li>\n</ul>\n<p>Pro-Specific Mitigations</p>\n<ul>\n<li>Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.</li>\n<li>Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.</li>\n<li>Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.</li>\n</ul>\n<p>If you have any questions please contact <a target=\"_blank\" rel=\"nofollow\">prosupport@gotenna.com</a></p>\n\n<p></p>\n\n<br>"
"value": "<p>goTenna recommends that users follow these mitigations:</p>\n<p>General Mitigations for All Users/Clients</p>\n<ul>\n<li>Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.</li>\n<li>Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.</li>\n<li>Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.</li>\n</ul>\n<p>Pro-Specific Mitigations</p>\n<ul>\n<li>Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.</li>\n<li>Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.</li>\n<li>Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.</li>\n</ul>\n<p>If you have any questions please contact <a target=\"_blank\" rel=\"nofollow\">prosupport@gotenna.com</a></p>goTenna recommends that users Follow their secure operating <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.gotennapro.com/s/article/Secure-Operating\">best practices</a>."
}
],
"value": "goTenna recommends that users follow these mitigations:\n\n\nGeneral Mitigations for All Users/Clients\n\n\n\n * Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.\n\n * Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.\n\n * Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.\n\n\n\n\nPro-Specific Mitigations\n\n\n\n * Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.\n\n * Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.\n\n * Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.\n\n\n\n\nIf you have any questions please contact prosupport@gotenna.com"
"value": "goTenna recommends that users follow these mitigations:\n\n\nGeneral Mitigations for All Users/Clients\n\n\n\n * Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.\n\n * Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.\n\n * Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.\n\n\n\n\nPro-Specific Mitigations\n\n\n\n * Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.\n\n * Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.\n\n * Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.\n\n\n\n\nIf you have any questions please contact best practices https://support.gotennapro.com/s/article/Secure-Operating ."
}
],
"solution": [

6
2024/45xxx/CVE-2024-45838.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The goTenna Pro ATAK Plugin does not encrypt the callsigns of its users.\n These callsigns reveal information about the users and can also be \nleveraged for other vulnerabilities."
"value": "The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It \nis advised to not use sensitive information in callsigns when using this\n and previous versions of the plugin. Update to current plugin version \nwhich uses AES-256 encryption for callsigns in encrypted operation"
}
]
},
@ -76,10 +76,10 @@
{
"base64": false,
"type": "text/html",
"value": "<p></p>\n<p>goTenna recommends that users follow these mitigations:</p>\n<p>General Mitigations for All Users/Clients</p>\n<ul>\n<li>Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.</li>\n<li>Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.</li>\n<li>Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.</li>\n</ul>\n<p>Pro-Specific Mitigations</p>\n<ul>\n<li>Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.</li>\n<li>Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.</li>\n<li>Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.</li>\n</ul>\n<p>If you have any questions please contact <a target=\"_blank\" rel=\"nofollow\">prosupport@gotenna.com</a></p>\n\n<p></p>\n\n<br>"
"value": "<p>goTenna recommends that users follow these mitigations:</p>\n<p>General Mitigations for All Users/Clients</p>\n<ul>\n<li>Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.</li>\n<li>Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.</li>\n<li>Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.</li>\n</ul>\n<p>Pro-Specific Mitigations</p>\n<ul>\n<li>Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.</li>\n<li>Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.</li>\n<li>Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.</li>\n</ul>\n<p>If you have any questions please contact <a target=\"_blank\" rel=\"nofollow\">prosupport@gotenna.com</a></p>goTenna recommends that users Follow their secure operating <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.gotennapro.com/s/article/Secure-Operating\">best practices</a>."
}
],
"value": "goTenna recommends that users follow these mitigations:\n\n\nGeneral Mitigations for All Users/Clients\n\n\n\n * Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.\n\n * Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.\n\n * Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.\n\n\n\n\nPro-Specific Mitigations\n\n\n\n * Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.\n\n * Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.\n\n * Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.\n\n\n\n\nIf you have any questions please contact prosupport@gotenna.com"
"value": "goTenna recommends that users follow these mitigations:\n\n\nGeneral Mitigations for All Users/Clients\n\n\n\n * Use Discreet Callsigns and Key Names: Choose callsigns and key names\n that do not disclose sensitive information, such as your location, team\n size, or team name. Avoid using any identifiers that could \ninadvertently reveal your location or the composition of your team.\n\n * Secure End-User Devices: Implement strong security measures on all \nend-user devices, including the use of encryption and ensuring regular \nsoftware updates.\n\n * Follow Key Rotation Best Practices: Regularly rotate encryption keys\n according to industry best practices to maintain ongoing security.\n\n\n\n\nPro-Specific Mitigations\n\n\n\n * Share Encryption Keys via QR Code: Utilize QR codes, similar to ATAK, for the secure exchange of encryption keys.\n\n * Secure Broadcasting: When broadcasting, ensure you are in a secured \narea and transmit the key at a reduced power of 0.5 Watts to limit \nexposure.\n\n * Leverage Layered Encryption: Implement layered encryption keys to \nsecurely manage communications, whether interacting with individuals or \nteams.\n\n\n\n\nIf you have any questions please contact best practices https://support.gotennapro.com/s/article/Secure-Operating ."
}
],
"solution": [

56
2024/48xxx/CVE-2024-48192.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48192",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://colorful-meadow-5b9.notion.site/G3_HardCode_vuln-6b5ae19473b745d7abe5e01b4529caf8?pvs=4",
"refsource": "MISC",
"name": "https://colorful-meadow-5b9.notion.site/G3_HardCode_vuln-6b5ae19473b745d7abe5e01b4529caf8?pvs=4"
}
]
}

68
2024/49xxx/CVE-2024-49396.json
View File

@ -1,18 +1,76 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49396",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elvaco",
"product": {
"product_data": [
{
"product_name": "M-Bus Metering Gateway CMe3100",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.12.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Tomer Goldschmidt of Claroty Research - Team82 reported these vulnerabilities to CISA."
}
]
}

68
2024/49xxx/CVE-2024-49397.json
View File

@ -1,18 +1,76 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49397",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elvaco",
"product": {
"product_data": [
{
"product_name": "M-Bus Metering Gateway CMe3100",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.12.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Tomer Goldschmidt of Claroty Research - Team82 reported these vulnerabilities to CISA."
}
]
}

68
2024/49xxx/CVE-2024-49398.json
View File

@ -1,18 +1,76 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49398",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elvaco",
"product": {
"product_data": [
{
"product_name": "M-Bus Metering Gateway CMe3100",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.12.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Tomer Goldschmidt of Claroty Research - Team82 reported these vulnerabilities to CISA."
}
]
}

68
2024/49xxx/CVE-2024-49399.json
View File

@ -1,18 +1,76 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49399",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elvaco",
"product": {
"product_data": [
{
"product_name": "M-Bus Metering Gateway CMe3100",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.12.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Tomer Goldschmidt of Claroty Research - Team82 reported these vulnerabilities to CISA."
}
]
}