From 32eaac213f8aba0c1808c46e9d76b8ee49540c60 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 3 Oct 2024 19:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/37xxx/CVE-2023-37822.json | 66 +++++++++++++++++++++++--- 2024/41xxx/CVE-2024-41583.json | 61 +++++++++++++++++++++--- 2024/41xxx/CVE-2024-41584.json | 61 +++++++++++++++++++++--- 2024/41xxx/CVE-2024-41585.json | 61 +++++++++++++++++++++--- 2024/41xxx/CVE-2024-41586.json | 61 +++++++++++++++++++++--- 2024/41xxx/CVE-2024-41587.json | 61 +++++++++++++++++++++--- 2024/41xxx/CVE-2024-41588.json | 61 +++++++++++++++++++++--- 2024/41xxx/CVE-2024-41589.json | 61 +++++++++++++++++++++--- 2024/41xxx/CVE-2024-41590.json | 61 +++++++++++++++++++++--- 2024/41xxx/CVE-2024-41591.json | 61 +++++++++++++++++++++--- 2024/41xxx/CVE-2024-41592.json | 61 +++++++++++++++++++++--- 2024/41xxx/CVE-2024-41593.json | 61 +++++++++++++++++++++--- 2024/41xxx/CVE-2024-41594.json | 61 +++++++++++++++++++++--- 2024/41xxx/CVE-2024-41595.json | 61 +++++++++++++++++++++--- 2024/41xxx/CVE-2024-41596.json | 61 +++++++++++++++++++++--- 2024/9xxx/CVE-2024-9266.json | 85 ++++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9489.json | 18 +++++++ 2024/9xxx/CVE-2024-9490.json | 18 +++++++ 2024/9xxx/CVE-2024-9491.json | 18 +++++++ 2024/9xxx/CVE-2024-9492.json | 18 +++++++ 2024/9xxx/CVE-2024-9493.json | 18 +++++++ 2024/9xxx/CVE-2024-9494.json | 18 +++++++ 2024/9xxx/CVE-2024-9495.json | 18 +++++++ 2024/9xxx/CVE-2024-9496.json | 18 +++++++ 2024/9xxx/CVE-2024-9497.json | 18 +++++++ 2024/9xxx/CVE-2024-9498.json | 18 +++++++ 2024/9xxx/CVE-2024-9499.json | 18 +++++++ 27 files changed, 1109 insertions(+), 94 deletions(-) create mode 100644 2024/9xxx/CVE-2024-9489.json create mode 100644 2024/9xxx/CVE-2024-9490.json create mode 100644 2024/9xxx/CVE-2024-9491.json create mode 100644 2024/9xxx/CVE-2024-9492.json create mode 100644 2024/9xxx/CVE-2024-9493.json create mode 100644 2024/9xxx/CVE-2024-9494.json create mode 100644 2024/9xxx/CVE-2024-9495.json create mode 100644 2024/9xxx/CVE-2024-9496.json create mode 100644 2024/9xxx/CVE-2024-9497.json create mode 100644 2024/9xxx/CVE-2024-9498.json create mode 100644 2024/9xxx/CVE-2024-9499.json diff --git a/2023/37xxx/CVE-2023-37822.json b/2023/37xxx/CVE-2023-37822.json index 97958b06270..b5b0772b794 100644 --- a/2023/37xxx/CVE-2023-37822.json +++ b/2023/37xxx/CVE-2023-37822.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-37822", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-37822", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the deprecated wireless protocol WPA2-PSK." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://anker.com", + "refsource": "MISC", + "name": "http://anker.com" + }, + { + "url": "http://eufy.com", + "refsource": "MISC", + "name": "http://eufy.com" + }, + { + "refsource": "MISC", + "name": "https://www.usenix.org/conference/woot24/presentation/goeman", + "url": "https://www.usenix.org/conference/woot24/presentation/goeman" } ] } diff --git a/2024/41xxx/CVE-2024-41583.json b/2024/41xxx/CVE-2024-41583.json index fcc6f4c2f49..bbf50355e63 100644 --- a/2024/41xxx/CVE-2024-41583.json +++ b/2024/41xxx/CVE-2024-41583.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41583", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41583", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/resources/draytek14-vulnerabilities", + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draytek14-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draybreak-draytek-research/", + "url": "https://www.forescout.com/resources/draybreak-draytek-research/" } ] } diff --git a/2024/41xxx/CVE-2024-41584.json b/2024/41xxx/CVE-2024-41584.json index 13eced21b42..3cf56781c9f 100644 --- a/2024/41xxx/CVE-2024-41584.json +++ b/2024/41xxx/CVE-2024-41584.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41584", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41584", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/resources/draytek14-vulnerabilities", + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draytek14-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draybreak-draytek-research/", + "url": "https://www.forescout.com/resources/draybreak-draytek-research/" } ] } diff --git a/2024/41xxx/CVE-2024-41585.json b/2024/41xxx/CVE-2024-41585.json index acb36eb4f59..415ab89421a 100644 --- a/2024/41xxx/CVE-2024-41585.json +++ b/2024/41xxx/CVE-2024-41585.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41585", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41585", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/resources/draytek14-vulnerabilities", + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draytek14-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draybreak-draytek-research/", + "url": "https://www.forescout.com/resources/draybreak-draytek-research/" } ] } diff --git a/2024/41xxx/CVE-2024-41586.json b/2024/41xxx/CVE-2024-41586.json index 34504b7ec97..f135687ced3 100644 --- a/2024/41xxx/CVE-2024-41586.json +++ b/2024/41xxx/CVE-2024-41586.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41586", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41586", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/resources/draytek14-vulnerabilities", + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draytek14-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draybreak-draytek-research/", + "url": "https://www.forescout.com/resources/draybreak-draytek-research/" } ] } diff --git a/2024/41xxx/CVE-2024-41587.json b/2024/41xxx/CVE-2024-41587.json index 1878bba44be..31db468c7c9 100644 --- a/2024/41xxx/CVE-2024-41587.json +++ b/2024/41xxx/CVE-2024-41587.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41587", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41587", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/resources/draytek14-vulnerabilities", + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draytek14-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draybreak-draytek-research/", + "url": "https://www.forescout.com/resources/draybreak-draytek-research/" } ] } diff --git a/2024/41xxx/CVE-2024-41588.json b/2024/41xxx/CVE-2024-41588.json index aa61f790beb..da7e5cad071 100644 --- a/2024/41xxx/CVE-2024-41588.json +++ b/2024/41xxx/CVE-2024-41588.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41588", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41588", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/resources/draytek14-vulnerabilities", + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draytek14-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draybreak-draytek-research/", + "url": "https://www.forescout.com/resources/draybreak-draytek-research/" } ] } diff --git a/2024/41xxx/CVE-2024-41589.json b/2024/41xxx/CVE-2024-41589.json index 8051f3a6b3a..6bc5ba97e10 100644 --- a/2024/41xxx/CVE-2024-41589.json +++ b/2024/41xxx/CVE-2024-41589.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41589", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41589", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/resources/draytek14-vulnerabilities", + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draytek14-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draybreak-draytek-research/", + "url": "https://www.forescout.com/resources/draybreak-draytek-research/" } ] } diff --git a/2024/41xxx/CVE-2024-41590.json b/2024/41xxx/CVE-2024-41590.json index 9a38d5e0893..3e45addc73e 100644 --- a/2024/41xxx/CVE-2024-41590.json +++ b/2024/41xxx/CVE-2024-41590.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41590", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41590", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/resources/draytek14-vulnerabilities", + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draytek14-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draybreak-draytek-research/", + "url": "https://www.forescout.com/resources/draybreak-draytek-research/" } ] } diff --git a/2024/41xxx/CVE-2024-41591.json b/2024/41xxx/CVE-2024-41591.json index 30d15c8e5fd..ed912a0955e 100644 --- a/2024/41xxx/CVE-2024-41591.json +++ b/2024/41xxx/CVE-2024-41591.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41591", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41591", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/resources/draytek14-vulnerabilities", + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draytek14-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draybreak-draytek-research/", + "url": "https://www.forescout.com/resources/draybreak-draytek-research/" } ] } diff --git a/2024/41xxx/CVE-2024-41592.json b/2024/41xxx/CVE-2024-41592.json index 73288dff8c5..46ce8b0d761 100644 --- a/2024/41xxx/CVE-2024-41592.json +++ b/2024/41xxx/CVE-2024-41592.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41592", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41592", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/resources/draytek14-vulnerabilities", + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draytek14-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draybreak-draytek-research/", + "url": "https://www.forescout.com/resources/draybreak-draytek-research/" } ] } diff --git a/2024/41xxx/CVE-2024-41593.json b/2024/41xxx/CVE-2024-41593.json index 5ff7e38a6ec..5ab32a2f7c1 100644 --- a/2024/41xxx/CVE-2024-41593.json +++ b/2024/41xxx/CVE-2024-41593.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41593", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41593", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/resources/draytek14-vulnerabilities", + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draytek14-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draybreak-draytek-research/", + "url": "https://www.forescout.com/resources/draybreak-draytek-research/" } ] } diff --git a/2024/41xxx/CVE-2024-41594.json b/2024/41xxx/CVE-2024-41594.json index 127e7322f88..0bc18b9f316 100644 --- a/2024/41xxx/CVE-2024-41594.json +++ b/2024/41xxx/CVE-2024-41594.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41594", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41594", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/resources/draytek14-vulnerabilities", + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draytek14-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draybreak-draytek-research/", + "url": "https://www.forescout.com/resources/draybreak-draytek-research/" } ] } diff --git a/2024/41xxx/CVE-2024-41595.json b/2024/41xxx/CVE-2024-41595.json index 593c349e986..787ee54a707 100644 --- a/2024/41xxx/CVE-2024-41595.json +++ b/2024/41xxx/CVE-2024-41595.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41595", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41595", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/resources/draytek14-vulnerabilities", + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draytek14-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draybreak-draytek-research/", + "url": "https://www.forescout.com/resources/draybreak-draytek-research/" } ] } diff --git a/2024/41xxx/CVE-2024-41596.json b/2024/41xxx/CVE-2024-41596.json index bbbd37ea275..0f24b505944 100644 --- a/2024/41xxx/CVE-2024-41596.json +++ b/2024/41xxx/CVE-2024-41596.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41596", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41596", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.forescout.com/resources/draytek14-vulnerabilities", + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draytek14-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.forescout.com/resources/draybreak-draytek-research/", + "url": "https://www.forescout.com/resources/draybreak-draytek-research/" } ] } diff --git a/2024/9xxx/CVE-2024-9266.json b/2024/9xxx/CVE-2024-9266.json index 8d31041a1e6..1d242c2feca 100644 --- a/2024/9xxx/CVE-2024-9266.json +++ b/2024/9xxx/CVE-2024-9266.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9266", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclosures@herodevs.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "expressjs", + "product": { + "product_data": [ + { + "product_name": "express", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.4.5", + "version_value": "4.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.herodevs.com/vulnerability-directory/cve-2024-9266", + "refsource": "MISC", + "name": "https://www.herodevs.com/vulnerability-directory/cve-2024-9266" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Matvejs Mascenko" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/9xxx/CVE-2024-9489.json b/2024/9xxx/CVE-2024-9489.json new file mode 100644 index 00000000000..f0526ad4a3f --- /dev/null +++ b/2024/9xxx/CVE-2024-9489.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9489", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9490.json b/2024/9xxx/CVE-2024-9490.json new file mode 100644 index 00000000000..9221c7e8f6b --- /dev/null +++ b/2024/9xxx/CVE-2024-9490.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9490", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9491.json b/2024/9xxx/CVE-2024-9491.json new file mode 100644 index 00000000000..a535aba5c55 --- /dev/null +++ b/2024/9xxx/CVE-2024-9491.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9491", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9492.json b/2024/9xxx/CVE-2024-9492.json new file mode 100644 index 00000000000..6cc7fb58b6d --- /dev/null +++ b/2024/9xxx/CVE-2024-9492.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9492", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9493.json b/2024/9xxx/CVE-2024-9493.json new file mode 100644 index 00000000000..e19e609aaf7 --- /dev/null +++ b/2024/9xxx/CVE-2024-9493.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9493", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9494.json b/2024/9xxx/CVE-2024-9494.json new file mode 100644 index 00000000000..7ef2cedb2e3 --- /dev/null +++ b/2024/9xxx/CVE-2024-9494.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9494", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9495.json b/2024/9xxx/CVE-2024-9495.json new file mode 100644 index 00000000000..fd10635d76d --- /dev/null +++ b/2024/9xxx/CVE-2024-9495.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9495", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9496.json b/2024/9xxx/CVE-2024-9496.json new file mode 100644 index 00000000000..28fa80996be --- /dev/null +++ b/2024/9xxx/CVE-2024-9496.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9496", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9497.json b/2024/9xxx/CVE-2024-9497.json new file mode 100644 index 00000000000..400dda384f7 --- /dev/null +++ b/2024/9xxx/CVE-2024-9497.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9497", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9498.json b/2024/9xxx/CVE-2024-9498.json new file mode 100644 index 00000000000..6c0382e5971 --- /dev/null +++ b/2024/9xxx/CVE-2024-9498.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9498", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9499.json b/2024/9xxx/CVE-2024-9499.json new file mode 100644 index 00000000000..ced8a55a71c --- /dev/null +++ b/2024/9xxx/CVE-2024-9499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file