admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-24 17:00:32 +00:00
parent 65d75fb59d
commit 587926e649
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
22 changed files with 1290 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2022/25xxx/CVE-2022-25480.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a",
"url": "https://gist.github.com/zwclose/feb16f1424779a61cb1d9f6d5681408a"
},
{
"refsource": "MISC",
"name": "https://zwclose.github.io/2024/10/14/rtsper1.html",
"url": "https://zwclose.github.io/2024/10/14/rtsper1.html"
}
]
}

6
2023/36xxx/CVE-2023-36497.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control",
"cweId": "CWE-284"
"value": "CWE-305: Authentication Bypass by Primary Weakness",
"cweId": "CWE-305"
}
]
}
@ -105,7 +105,7 @@
"value": "In 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.<br>"
}
],
"value": "In 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.\n"
"value": "In 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities."
}
],
"credits": [

8
2023/4xxx/CVE-2023-4215.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
"value": "CWE-1295: Debug Messages Revealing Unnecessary Information",
"cweId": "CWE-1295"
}
]
}
@ -75,10 +75,10 @@
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Advantech recommends users update WebAccess to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/installation?id=1-MS9MJV\">Version 9.1.4</a>\n\n<br>"
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Advantech recommends users update WebAccess to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/installation?id=1-MS9MJV\">Version 9.1.4</a>\n\n<br>"
}
],
"value": "\nAdvantech recommends users update WebAccess to Version 9.1.4 https://www.advantech.com/en/support/details/installation \n\n\n"
"value": "Advantech recommends users update WebAccess to Version 9.1.4 https://www.advantech.com/en/support/details/installation"
}
],
"credits": [

105
2024/10xxx/CVE-2024-10335.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10335",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"username\" to be affected. But it must be assumed that the parameter \"password\" is affected as well."
},
{
"lang": "deu",
"value": "In SourceCodester Garbage Collection Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei login.php. Durch die Manipulation des Arguments username/password mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Garbage Collection Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.281680",
"refsource": "MISC",
"name": "https://vuldb.com/?id.281680"
},
{
"url": "https://vuldb.com/?ctiid.281680",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.281680"
},
{
"url": "https://vuldb.com/?submit.427439",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.427439"
},
{
"url": "https://github.com/tang-0717/VUL/blob/main/Garbage-Collection-Management-System-01.md",
"refsource": "MISC",
"name": "https://github.com/tang-0717/VUL/blob/main/Garbage-Collection-Management-System-01.md"
},
{
"url": "https://www.sourcecodester.com/",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "tangling (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

95
2024/10xxx/CVE-2024-10336.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10336",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodeHero Clothes Recommendation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php of the component Admin Login Page. The manipulation of the argument t1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in SourceCodeHero Clothes Recommendation System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /admin/index.php der Komponente Admin Login Page. Durch Manipulation des Arguments t1 mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodeHero",
"product": {
"product_data": [
{
"product_name": "Clothes Recommendation System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.281681",
"refsource": "MISC",
"name": "https://vuldb.com/?id.281681"
},
{
"url": "https://vuldb.com/?ctiid.281681",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.281681"
},
{
"url": "https://vuldb.com/?submit.427442",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.427442"
}
]
},
"credits": [
{
"lang": "en",
"value": "Delvy (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

18
2024/10xxx/CVE-2024-10356.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10356",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

54
2024/40xxx/CVE-2024-40810.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40810",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause a coprocessor crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An app may be able to cause a coprocessor crash"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "14.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/120911",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120911"
}
]
}

54
2024/44xxx/CVE-2024-44141.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44141",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A person with physical access to an unlocked Mac may be able to gain root code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A person with physical access to an unlocked Mac may be able to gain root code execution"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "14.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/120911",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120911"
}
]
}

139
2024/44xxx/CVE-2024-44185.json
View File

@ -1,17 +1,148 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44185",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to an unexpected process crash"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "10.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "14.6"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "17.6"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "17.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "17.6"
}
]
}
},
{
"product_name": "visionOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/120916",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120916"
},
{
"url": "https://support.apple.com/en-us/120911",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120911"
},
{
"url": "https://support.apple.com/en-us/120913",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120913"
},
{
"url": "https://support.apple.com/en-us/120909",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120909"
},
{
"url": "https://support.apple.com/en-us/120914",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120914"
},
{
"url": "https://support.apple.com/en-us/120915",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120915"
}
]
}

86
2024/44xxx/CVE-2024-44205.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44205",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A sandboxed app may be able to access sensitive user data in system logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A sandboxed app may be able to access sensitive user data in system logs"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "12.7"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "16.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/120910",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120910"
},
{
"url": "https://support.apple.com/en-us/120911",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120911"
},
{
"url": "https://support.apple.com/en-us/120908",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120908"
},
{
"url": "https://support.apple.com/en-us/120912",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120912"
},
{
"url": "https://support.apple.com/en-us/120909",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120909"
}
]
}

139
2024/44xxx/CVE-2024-44206.json
View File

@ -1,17 +1,148 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44206",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A user may be able to bypass some web content restrictions"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "10.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "14.6"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "17.6"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "17.6"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "17.6"
}
]
}
},
{
"product_name": "visionOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/120916",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120916"
},
{
"url": "https://support.apple.com/en-us/120911",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120911"
},
{
"url": "https://support.apple.com/en-us/120913",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120913"
},
{
"url": "https://support.apple.com/en-us/120909",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120909"
},
{
"url": "https://support.apple.com/en-us/120914",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120914"
},
{
"url": "https://support.apple.com/en-us/120915",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/120915"
}
]
}

66
2024/48xxx/CVE-2024-48538.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://neye3c.com",
"refsource": "MISC",
"name": "http://neye3c.com"
},
{
"url": "http://www.netdvr.cn/page6",
"refsource": "MISC",
"name": "http://www.netdvr.cn/page6"
},
{
"refsource": "MISC",
"name": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.gooclient.anycam.neye3ctwo/com.gooclient.anycam.neye3ctwo.md",
"url": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.gooclient.anycam.neye3ctwo/com.gooclient.anycam.neye3ctwo.md"
}
]
}

66
2024/48xxx/CVE-2024-48539.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48539",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://neye3c.com",
"refsource": "MISC",
"name": "http://neye3c.com"
},
{
"url": "http://www.netdvr.cn/page6",
"refsource": "MISC",
"name": "http://www.netdvr.cn/page6"
},
{
"refsource": "MISC",
"name": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.gooclient.anycam.neye3ctwo/com.gooclient.anycam.neye3ctwo_key.md",
"url": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.gooclient.anycam.neye3ctwo/com.gooclient.anycam.neye3ctwo_key.md"
}
]
}

56
2024/48xxx/CVE-2024-48540.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48540",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.hle.china.smarthome.xiaohe/com.hle.china.smarthome.xiaohe.md",
"url": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.hle.china.smarthome.xiaohe/com.hle.china.smarthome.xiaohe.md"
}
]
}

61
2024/48xxx/CVE-2024-48541.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48541",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.ruochanit.com/",
"refsource": "MISC",
"name": "http://www.ruochanit.com/"
},
{
"refsource": "MISC",
"name": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.ruochan.dabai/com.ruochan.dabai.md",
"url": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.ruochan.dabai/com.ruochan.dabai.md"
}
]
}

56
2024/48xxx/CVE-2024-48542.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48542",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.yamaha.sc.hpcontroller/com.yamaha.sc.hpcontroller.md",
"url": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.yamaha.sc.hpcontroller/com.yamaha.sc.hpcontroller.md"
}
]
}

61
2024/48xxx/CVE-2024-48544.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48544",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3 allows attackers to access sensitive information by analyzing the code and data within the APK file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://sylvania.com",
"refsource": "MISC",
"name": "http://sylvania.com"
},
{
"refsource": "MISC",
"name": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.ledvance.smartplus/com.ledvance.smartplus.md",
"url": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.ledvance.smartplus/com.ledvance.smartplus.md"
}
]
}

56
2024/48xxx/CVE-2024-48545.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48545",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.ivyiot.IvySmart/com.ivyiot.IvySmart.md",
"url": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.ivyiot.IvySmart/com.ivyiot.IvySmart.md"
}
]
}

61
2024/48xxx/CVE-2024-48546.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48546",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://haylou.com",
"refsource": "MISC",
"name": "https://haylou.com"
},
{
"refsource": "MISC",
"name": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.yingsheng.nadai/com.yingsheng.nadai.md",
"url": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.yingsheng.nadai/com.yingsheng.nadai.md"
}
]
}

56
2024/48xxx/CVE-2024-48547.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48547",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 allows attackers to access sensitive information by analyzing the code and data within the APK file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.dc.dreamcatcherlife/com.dc.dreamcatcherlife.md",
"url": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.dc.dreamcatcherlife/com.dc.dreamcatcherlife.md"
}
]
}

61
2024/48xxx/CVE-2024-48548.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48548",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cloudsmartlock.com/m/app.html",
"refsource": "MISC",
"name": "https://cloudsmartlock.com/m/app.html"
},
{
"refsource": "MISC",
"name": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.seamooncloud.cloudsmartlock/com.seamooncloud.cloudsmartlock.md",
"url": "https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.seamooncloud.cloudsmartlock/com.seamooncloud.cloudsmartlock.md"
}
]
}

81
2024/9xxx/CVE-2024-9692.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9692",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service (DoS) vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint 'doreboot' and restart the transmitter operations."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VIMESA",
"product": {
"product_data": [
{
"product_name": "VHF/FM Transmitter Blue Plus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v9.7.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-298-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-298-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>VIMESA has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.vimesa.es/contactenos/\">VIMESA</a>&nbsp;for additional information.</p><br>\n\n<br>"
}
],
"value": "VIMESA has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact VIMESA https://www.vimesa.es/contactenos/ \u00a0for additional information."
}
],
"credits": [
{
"lang": "en",
"value": "CISA discovered this report authored by Gjoko Krstic."
}
]
}