admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-20 17:00:36 +00:00
parent a421b3a97a
commit 33bc4ed50b
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
11 changed files with 384 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2023/46xxx/CVE-2023-46383.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration."
"value": "LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
}
]
}

7
2023/46xxx/CVE-2023-46384.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device."
"value": "LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
}
]
}

7
2023/46xxx/CVE-2023-46385.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration."
"value": "LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
}
]
}

7
2023/46xxx/CVE-2023-46386.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication."
"value": "LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
}
]
}

7
2023/46xxx/CVE-2023-46387.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration."
"value": "LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
}
]
}

7
2023/46xxx/CVE-2023-46388.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication."
"value": "LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
}
]
}

7
2023/46xxx/CVE-2023-46389.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware 7.2.4 are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration."
"value": "LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01"
}
]
}

61
2024/45xxx/CVE-2024-45489.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45489",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-45489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and runs arbitrary Javascript on that browser in a privileged context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://kibty.town/blog/arc/",
"url": "https://kibty.town/blog/arc/"
},
{
"refsource": "MISC",
"name": "https://news.ycombinator.com/item?id=41597250",
"url": "https://news.ycombinator.com/item?id=41597250"
}
]
}

105
2024/9xxx/CVE-2024-9039.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9039",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=signup. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in SourceCodester Best House Rental Management System 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei /ajax.php?action=signup. Durch das Beeinflussen des Arguments firstname/lastname/email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Best House Rental Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.278210",
"refsource": "MISC",
"name": "https://vuldb.com/?id.278210"
},
{
"url": "https://vuldb.com/?ctiid.278210",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.278210"
},
{
"url": "https://vuldb.com/?submit.411471",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.411471"
},
{
"url": "https://github.com/para-paradise/webray.com.cn/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Best%20house%20rental%20management%20system%20signup%20time-based%20SQL%20Injection%20Vulnerability.md",
"refsource": "MISC",
"name": "https://github.com/para-paradise/webray.com.cn/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Best%20house%20rental%20management%20system%20signup%20time-based%20SQL%20Injection%20Vulnerability.md"
},
{
"url": "https://www.sourcecodester.com/",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "webray.com.cn (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

89
2024/9xxx/CVE-2024-9040.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9040",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in code-projects Blood Bank Management System 1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Password Handler. Durch Beeinflussen mit unbekannten Daten kann eine cleartext storage in a file or on disk-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Storage in a File or on Disk",
"cweId": "CWE-313"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "code-projects",
"product": {
"product_data": [
{
"product_name": "Blood Bank Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.278211",
"refsource": "MISC",
"name": "https://vuldb.com/?id.278211"
},
{
"url": "https://vuldb.com/?ctiid.278211",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.278211"
},
{
"url": "https://code-projects.org/",
"refsource": "MISC",
"name": "https://code-projects.org/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 1.4,
"vectorString": "AV:L/AC:L/Au:M/C:P/I:N/A:N"
}
]
}

105
2024/9xxx/CVE-2024-9041.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9041",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=update_account. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In SourceCodester Best House Rental Management System 1.0 wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /ajax.php?action=update_account. Dank der Manipulation des Arguments firstname/lastname/email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Best House Rental Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.278212",
"refsource": "MISC",
"name": "https://vuldb.com/?id.278212"
},
{
"url": "https://vuldb.com/?ctiid.278212",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.278212"
},
{
"url": "https://vuldb.com/?submit.411502",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.411502"
},
{
"url": "https://github.com/para-paradise/webray.com.cn/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Best%20house%20rental%20management%20system%20update_account%20time-based%20SQL%20Injection%20Vulnerability.md",
"refsource": "MISC",
"name": "https://github.com/para-paradise/webray.com.cn/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Best%20house%20rental%20management%20system%20update_account%20time-based%20SQL%20Injection%20Vulnerability.md"
},
{
"url": "https://www.sourcecodester.com/",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "webray.com.cn (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}