admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-04 10:00:37 +00:00
parent a6f248fd3f
commit 37759462c7
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 541 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2022/33xxx/CVE-2022-33324.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions \"32\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"65\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions \"29\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions \"17\" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions \"07\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery."
"value": "Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions \"32\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"65\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions \"29\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions \"17\" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions \"05\" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions \"07\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery."
}
]
},
@ -239,7 +239,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "Firmware versions \"05\" and prior"
}
]
}
@ -250,7 +250,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "Firmware versions \"05\" and prior"
}
]
}
@ -261,7 +261,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "Firmware versions \"05\" and prior"
}
]
}
@ -272,7 +272,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "Firmware versions \"05\" and prior"
}
]
}

277
2023/4xxx/CVE-2023-4088.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Incorrect Default Permissions vulnerability due to incomplete fix to address CVE-2020-14496 in Mitsubishi Electric Corporation FA engineering software products allows a malicious local attacker to execute a malicious code, which could result in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition. However, if the mitigated version described in the advisory for CVE-2020-14496 is used and installed in the default installation folder, this vulnerability does not affect the products."
"value": "Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder."
}
]
},
@ -45,6 +45,281 @@
}
]
}
},
{
"product_name": "AL-PCS/WIN-E",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "CPU Module Logging Configuration Tool",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "EZSocket",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "FR Configurator2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "FX Configurator-EN",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "FX Configurator-EN-L",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "FX Configurator-FP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "GT Designer3 Version1(GOT1000)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "GT Designer3 Version1(GOT2000)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "GT SoftGOT1000 Version3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "GT SoftGOT2000 Version1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "GX LogViewer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "GX Works2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "MELSOFT FieldDeviceConfigurator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "MELSOFT iQ AppPortal",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "MELSOFT MaiLab",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "MELSOFT Navigator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "MELSOFT Update Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "MX Component",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "MX Sheet",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "PX Developer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "RT ToolBox3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "RT VisualBox",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "Data Transfer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "Data Transfer Classic",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
}
]
}

117
2024/1xxx/CVE-2024-1574.json
View File

@ -1,17 +1,126 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1574",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')",
"cweId": "CWE-470"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ICONICS",
"product": {
"product_data": [
{
"product_name": "GENESIS64",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 10.97 to 10.97.2"
}
]
}
}
]
}
},
{
"vendor_name": "Mitsubishi Electric Corporation",
"product": {
"product_data": [
{
"product_name": "GENESIS64",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 10.97 to 10.97.2"
}
]
}
},
{
"product_name": "MC Works64",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU98894016/",
"refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU98894016/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

75
2024/34xxx/CVE-2024-34584.json
View File

@ -5,84 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2024-34584",
"ASSIGNER": "mobile.security@samsung.com",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper privilege management in SumeNNService prior to SMR Jul-2024 Release 1 allows local attackers to start privileged service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Samsung Mobile",
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "SMR Jul-2024 Release in Android 13, 14"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07",
"refsource": "MISC",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "HIGH",
"baseScore": 8.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
"value": "** REJECT ** DO NOT USE THIS CVE RECORD. Reason: An additional patch is required."
}
]
}

78
2024/3xxx/CVE-2024-3904.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3904",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions \"05\" to \"07\" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mitsubishi Electric Corporation",
"product": {
"product_data": [
{
"product_name": "MELIPC Series MI5122-VW",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Firmware versions \"05\" to \"07\""
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf",
"refsource": "MISC",
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

93
2024/6xxx/CVE-2024-6387.json
View File

@ -108,6 +108,19 @@
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -137,6 +150,11 @@
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/03/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/03/11"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/2",
"refsource": "MISC",
@ -157,6 +175,11 @@
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/03/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/04/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/04/1"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4312",
"refsource": "MISC",
@ -172,6 +195,11 @@
"refsource": "MISC",
"name": "https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/"
},
{
"url": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/",
"refsource": "MISC",
"name": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/"
},
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server",
"refsource": "MISC",
@ -192,6 +220,31 @@
"refsource": "MISC",
"name": "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc"
},
{
"url": "https://github.com/AlmaLinux/updates/issues/629",
"refsource": "MISC",
"name": "https://github.com/AlmaLinux/updates/issues/629"
},
{
"url": "https://github.com/Azure/AKS/issues/4379",
"refsource": "MISC",
"name": "https://github.com/Azure/AKS/issues/4379"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248",
"refsource": "MISC",
"name": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249",
"refsource": "MISC",
"name": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249"
},
{
"url": "https://github.com/microsoft/azurelinux/issues/9555",
"refsource": "MISC",
"name": "https://github.com/microsoft/azurelinux/issues/9555"
},
{
"url": "https://github.com/oracle/oracle-linux/issues/149",
"refsource": "MISC",
@ -276,46 +329,6 @@
"url": "https://www.theregister.com/2024/07/01/regresshion_openssh/",
"refsource": "MISC",
"name": "https://www.theregister.com/2024/07/01/regresshion_openssh/"
},
{
"url": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/",
"refsource": "MISC",
"name": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/"
},
{
"url": "https://github.com/microsoft/azurelinux/issues/9555",
"refsource": "MISC",
"name": "https://github.com/microsoft/azurelinux/issues/9555"
},
{
"url": "https://github.com/Azure/AKS/issues/4379",
"refsource": "MISC",
"name": "https://github.com/Azure/AKS/issues/4379"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249",
"refsource": "MISC",
"name": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249"
},
{
"url": "https://github.com/AlmaLinux/updates/issues/629",
"refsource": "MISC",
"name": "https://github.com/AlmaLinux/updates/issues/629"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248",
"refsource": "MISC",
"name": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/03/11"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/04/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/04/1"
}
]
},

18
2024/6xxx/CVE-2024-6505.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}