"-Synchronized-Data."

This commit is contained in:
CVE Team 2024-10-10 14:00:30 +00:00
parent 5bd79087b0
commit 349f981063
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
8 changed files with 472 additions and 80 deletions

View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2024-44711",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Buffer Overflow vulnerability in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c."
"value": "A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c."
}
]
},

View File

@ -1,66 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-46503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46503",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/guilherme-goncalves793/9c3125c6c8e33e0d9216847118137c63",
"refsource": "MISC",
"name": "https://gist.github.com/guilherme-goncalves793/9c3125c6c8e33e0d9216847118137c63"
},
{
"url": "https://gist.github.com/guilherme-goncalves793/30d62c12fffd18d4058f4aebe188f462",
"refsource": "MISC",
"name": "https://gist.github.com/guilherme-goncalves793/30d62c12fffd18d4058f4aebe188f462"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

View File

@ -1,18 +1,81 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4658",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection: Hibernate vulnerability in TE Informatics Nova CMS allows SQL Injection.This issue affects Nova CMS: before 5.0."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-564 SQL Injection: Hibernate",
"cweId": "CWE-564"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TE Informatics",
"product": {
"product_data": [
{
"product_name": "Nova CMS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-1661",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-24-1661"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TR-24-1661",
"defect": [
"TR-24-1661"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Ali Kaan BASHAN"
}
]
}

View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9312",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@ubuntu.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-286",
"cweId": "CWE-286"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Canonical Ltd.",
"product": {
"product_data": [
{
"product_name": "Authd",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "0.3.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2",
"refsource": "MISC",
"name": "https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9312",
"refsource": "MISC",
"name": "https://www.cve.org/CVERecord?id=CVE-2024-9312"
}
]
},
"credits": [
{
"lang": "en",
"value": "nicoo"
},
{
"lang": "en",
"value": "Michael Gebetsroither"
},
{
"lang": "en",
"value": "Jamie Bliss"
},
{
"lang": "en",
"value": "Adrian Dombeck"
},
{
"lang": "en",
"value": "Mark Esler"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}

View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9785",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In D-Link DIR-619L B1 2.06 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion formSetDDNS der Datei /goform/formSetDDNS. Durch das Beeinflussen des Arguments curTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DIR-619L B1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.06"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.279937",
"refsource": "MISC",
"name": "https://vuldb.com/?id.279937"
},
{
"url": "https://vuldb.com/?ctiid.279937",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.279937"
},
{
"url": "https://vuldb.com/?submit.414553",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.414553"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetDDNS.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetDDNS.md"
},
{
"url": "https://www.dlink.com/",
"refsource": "MISC",
"name": "https://www.dlink.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}

View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9786",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in D-Link DIR-619L B1 2.06 entdeckt. Betroffen davon ist die Funktion formSetLog der Datei /goform/formSetLog. Durch Beeinflussen des Arguments curTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DIR-619L B1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.06"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.279938",
"refsource": "MISC",
"name": "https://vuldb.com/?id.279938"
},
{
"url": "https://vuldb.com/?ctiid.279938",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.279938"
},
{
"url": "https://vuldb.com/?submit.414554",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.414554"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetLog.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetLog.md"
},
{
"url": "https://www.dlink.com/",
"refsource": "MISC",
"name": "https://www.dlink.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}

View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9787",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Komponente UDP Packet Handler. Dank der Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service",
"cweId": "CWE-404"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Contemporary Control System",
"product": {
"product_data": [
{
"product_name": "BASrouter BACnet BASRT-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.7.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.279939",
"refsource": "MISC",
"name": "https://vuldb.com/?id.279939"
},
{
"url": "https://vuldb.com/?ctiid.279939",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.279939"
},
{
"url": "https://vuldb.com/?submit.414499",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.414499"
},
{
"url": "https://github.com/isZzzz/BASRT-B_BriefDoS_Document/blob/main/report.md",
"refsource": "MISC",
"name": "https://github.com/isZzzz/BASRT-B_BriefDoS_Document/blob/main/report.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "isZzzzz (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
}
]
}