admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-27 21:00:34 +00:00
parent 7eff3d6997
commit 4cefd7d4f5
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
18 changed files with 1042 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
2024/22xxx/CVE-2024-22260.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22260",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Workspace One UEM update addresses an information exposure vulnerability.\u00a0\nA malicious actor with network access to the Workspace One UEM may be \nable to perform an attack resulting in an information exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information exposure vulnerability"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "N/A",
"product": {
"product_data": [
{
"product_name": "VMware Workspace One UEM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VMware Workspace One UEM 23.10.x, VMware Workspace One UEM 23.6.x, VMware Workspace One UEM 23.4.x, VMware Workspace One UEM 22.12.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.vmware.com/security/advisories/OMSA-2024-0001.html",
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/OMSA-2024-0001.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

77
2024/22xxx/CVE-2024-22272.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22272",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Cloud Director contains an Improper Privilege Management vulnerability. \n\n\nAn authenticated tenant administrator for a\n given organization within VMware Cloud Director may be able to \naccidentally disable their organization leading to a Denial of Service \nfor active sessions within their own organization's scope."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Privilege Management"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "N/A",
"product": {
"product_data": [
{
"product_name": "VMware Cloud Director",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VMware Cloud Director 10.5.x, VMware Cloud Director 10.4.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24371",
"refsource": "MISC",
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24371"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

77
2024/22xxx/CVE-2024-22276.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22276",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information vulnerability.\n\n\nA malicious actor with adjacent access to \nweb/proxy server logging may be able to obtain sensitive information \nfrom URLs that are logged."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insertion of Sensitive Information into Log File"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "N/A",
"product": {
"product_data": [
{
"product_name": "VMware Cloud Director Object Storage Extension",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VMware Cloud Director Object Storage Extension 3.0, VMware Cloud Director Object Storage Extension 2.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24372",
"refsource": "MISC",
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24372"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

176
2024/2xxx/CVE-2024-2973.json
View File

@ -1,17 +1,185 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@juniper.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.\nOnly routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.\n\n\n\n\nNo other Juniper Networks products or platforms are affected by this issue.\n\n\n\n\n\nThis issue affects:\n\nSession Smart Router:\u00a0\n\n\n\n * All versions before 5.6.15,\u00a0\n * from 6.0 before 6.1.9-lts,\u00a0\n * from 6.2 before 6.2.5-sts.\n\n\n\nSession Smart Conductor:\u00a0\n\n\n\n * All versions before 5.6.15,\u00a0\n * from 6.0 before 6.1.9-lts,\u00a0\n * from 6.2 before 6.2.5-sts.\u00a0\n\n\n\nWAN Assurance Router:\u00a0\n\n\n\n * 6.0 versions before 6.1.9-lts,\u00a0\n * 6.2 versions before 6.2.5-sts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"cweId": "CWE-288"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Juniper Networks",
"product": {
"product_data": [
{
"product_name": "Session Smart Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.6.15"
},
{
"version_affected": "<",
"version_name": "6.0",
"version_value": "6.1.9-lts"
},
{
"version_affected": "<",
"version_name": "6.2",
"version_value": "6.2.5-sts"
}
]
}
},
{
"product_name": "Session Smart Conductor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.6.15"
},
{
"version_affected": "<",
"version_name": "6.0",
"version_value": "6.1.9-lts"
},
{
"version_affected": "<",
"version_name": "6.2",
"version_value": "6.2.5-sts"
}
]
}
},
{
"product_name": "WAN Assurance Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.0",
"version_value": "6.1.9-lts"
},
{
"version_affected": "<",
"version_name": "6.2",
"version_value": "6.2.5-sts"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://supportportal.juniper.net/JSA83126",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/JSA83126"
},
{
"url": "https://support.juniper.net/support/eol/software/ssr/",
"refsource": "MISC",
"name": "https://support.juniper.net/support/eol/software/ssr/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "JSA83126",
"defect": [
"I95-56931"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>There are no known workarounds for this issue.</p>"
}
],
"value": "There are no known workarounds for this issue."
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>The following software releases have been updated to resolve this issue:</p><p><br><strong>Session Smart Router:</strong> SSR-5.6.15, SSR-6.1.9-lts, SSR-6.2.5-sts, and subsequent releases. </p><p><br>It is suggested to upgrade all affected systems to these versions of software. In a Conductor-managed deployment, it is sufficient to upgrade the Conductor nodes only and the fix will be applied automatically to all connected routers. As practical, the routers should still be upgraded to a fixed version however they will not be vulnerable once they connect to an upgraded Conductor.</p><p><br>This vulnerability has been patched automatically on affected devices for WAN Assurance routers connected to the Mist Cloud. For systems that are provisioned in a High-Availability cluster, these should be upgraded to a patched version as soon as practical (SSR-6.1.9 or SSR-6.2.5).</p><p><br>It is important to note that the fix is applied automatically on managed routers by a Conductor or on WAN assurance routers has no impact on data-plane functions of the router. The application of the fix is non-disruptive to production traffic. There may be a momentary downtime (less than 30 seconds) to the web-based management and APIs however this will resolve quickly.</p>"
}
],
"value": "The following software releases have been updated to resolve this issue:\n\n\nSession Smart Router: SSR-5.6.15, SSR-6.1.9-lts, SSR-6.2.5-sts, and subsequent releases. \n\n\nIt is suggested to upgrade all affected systems to these versions of software. In a Conductor-managed deployment, it is sufficient to upgrade the Conductor nodes only and the fix will be applied automatically to all connected routers. As practical, the routers should still be upgraded to a fixed version however they will not be vulnerable once they connect to an upgraded Conductor.\n\n\nThis vulnerability has been patched automatically on affected devices for WAN Assurance routers connected to the Mist Cloud. For systems that are provisioned in a High-Availability cluster, these should be upgraded to a patched version as soon as practical (SSR-6.1.9 or SSR-6.2.5).\n\n\nIt is important to note that the fix is applied automatically on managed routers by a Conductor or on WAN assurance routers has no impact on data-plane functions of the router. The application of the fix is non-disruptive to production traffic. There may be a momentary downtime (less than 30 seconds) to the web-based management and APIs however this will resolve quickly."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

56
2024/31xxx/CVE-2024-31802.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31802",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-31802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.rodrigofavarini.com.br/cybersecurity/designa-abacus-v-18-and-before-allows-an-attacker-to-bypass-the-payment-process-via-a-crafted-qr-code/",
"url": "https://www.rodrigofavarini.com.br/cybersecurity/designa-abacus-v-18-and-before-allows-an-attacker-to-bypass-the-payment-process-via-a-crafted-qr-code/"
}
]
}

56
2024/36xxx/CVE-2024-36072.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36072",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious request, resulting in the ability to execute system commands with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html",
"url": "https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html"
}
]
}

56
2024/36xxx/CVE-2024-36073.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36073",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent which allows an attacker with administrative access to the Endpoint Protector or Unify server to overwrite sensitive configuration and subsequently execute system commands with SYSTEM/root privileges on a chosen client endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html",
"url": "https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html"
}
]
}

56
2024/36xxx/CVE-2024-36074.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36074",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to the Endpoint Protector or Unify server can cause a client to acquire and execute a malicious file resulting in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html",
"url": "https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html"
}
]
}

56
2024/36xxx/CVE-2024-36075.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36075",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the application configuration component of the Endpoint Protector and Unify agent which allows a remote, unauthenticated attacker to manipulate the configuration of either their own or another client endpoint resulting in the bypass of certain configuration options. Manipulation of the application configuration can result in local policy bypass and in some scenarios remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html",
"url": "https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html"
}
]
}

56
2024/36xxx/CVE-2024-36755.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36755",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10401",
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10401"
}
]
}

56
2024/39xxx/CVE-2024-39132.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39132",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function VerifyCommandLine() at /src/DumpTS.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/wangf1978/DumpTS/issues/22",
"refsource": "MISC",
"name": "https://github.com/wangf1978/DumpTS/issues/22"
}
]
}

56
2024/39xxx/CVE-2024-39133.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39133",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gdraheim/zziplib/issues/164",
"refsource": "MISC",
"name": "https://github.com/gdraheim/zziplib/issues/164"
}
]
}

56
2024/39xxx/CVE-2024-39134.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39134",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gdraheim/zziplib/issues/165",
"refsource": "MISC",
"name": "https://github.com/gdraheim/zziplib/issues/165"
}
]
}

61
2024/39xxx/CVE-2024-39207.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39207",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yanggao017/vuln/blob/main/lua-shmem.md",
"refsource": "MISC",
"name": "https://github.com/yanggao017/vuln/blob/main/lua-shmem.md"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/yanggao017/5ca24da711cf893bedac38518ec448f1",
"url": "https://gist.github.com/yanggao017/5ca24da711cf893bedac38518ec448f1"
}
]
}

61
2024/39xxx/CVE-2024-39208.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39208",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yanggao017/vuln/blob/main/luci-app-lucky.md",
"refsource": "MISC",
"name": "https://github.com/yanggao017/vuln/blob/main/luci-app-lucky.md"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/yanggao017/9e64b97f4de708360db08db01f0bb980",
"url": "https://gist.github.com/yanggao017/9e64b97f4de708360db08db01f0bb980"
}
]
}

61
2024/39xxx/CVE-2024-39209.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yanggao017/vuln/blob/main/luci-app-sms-tool.md",
"refsource": "MISC",
"name": "https://github.com/yanggao017/vuln/blob/main/luci-app-sms-tool.md"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/yanggao017/e392a633b8cee6f42c514b125860081c",
"url": "https://gist.github.com/yanggao017/e392a633b8cee6f42c514b125860081c"
}
]
}

18
2024/39xxx/CVE-2024-39703.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39703",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/39xxx/CVE-2024-39704.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39704",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}