admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-10 18:00:35 +00:00
parent ed35cf6a4b
commit 5adff53de3
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
17 changed files with 275 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2019/14xxx/CVE-2019-14925.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment."
"value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment."
}
]
},

2
2019/14xxx/CVE-2019-14926.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites."
"value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites."
}
]
},

2
2019/14xxx/CVE-2019-14927.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data)."
"value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data)."
}
]
},

2
2019/14xxx/CVE-2019-14928.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page."
"value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page."
}
]
},

2
2019/14xxx/CVE-2019-14929.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service."
"value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service."
}
]
},

2
2019/14xxx/CVE-2019-14930.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)"
"value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)"
}
]
},

2
2019/14xxx/CVE-2019-14931.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data."
"value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data."
}
]
},

56
2024/34xxx/CVE-2024-34831.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34831",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-34831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/enzored/CVE-2024-34831",
"url": "https://github.com/enzored/CVE-2024-34831"
}
]
}

10
2024/38xxx/CVE-2024-38063.json
View File

@ -42,7 +42,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.17763.6189"
"version_value": "10.0.17763.6293"
}
]
}
@ -54,7 +54,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.17763.6189"
"version_value": "10.0.17763.6293"
}
]
}
@ -66,7 +66,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.17763.6189"
"version_value": "10.0.17763.6293"
}
]
}
@ -78,7 +78,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.20348.2655"
"version_value": "10.0.20348.2700"
}
]
}
@ -90,7 +90,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.22000.3147"
"version_value": "10.0.22000.3197"
}
]
}

120
2024/38xxx/CVE-2024-38138.json
View File

@ -42,7 +42,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.17763.6189"
"version_value": "10.0.17763.6289"
}
]
}
@ -54,7 +54,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.17763.6189"
"version_value": "10.0.17763.6289"
}
]
}
@ -66,7 +66,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.20348.2655"
"version_value": "10.0.20348.2700"
}
]
}
@ -78,7 +78,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.25398.1085"
"version_value": "10.0.25398.1128"
}
]
}
@ -90,7 +90,7 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.14393.7259"
"version_value": "10.0.14393.7336"
}
]
}
@ -102,7 +102,115 @@
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.14393.7259"
"version_value": "10.0.14393.7336"
}
]
}
},
{
"product_name": "Windows Server 2008 Service Pack 2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.0.0",
"version_value": "6.0.6003.22870"
}
]
}
},
{
"product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.0.0",
"version_value": "6.0.6003.22870"
}
]
}
},
{
"product_name": "Windows Server 2008 Service Pack 2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.0.0",
"version_value": "6.0.6003.22870"
}
]
}
},
{
"product_name": "Windows Server 2008 R2 Service Pack 1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.1.0",
"version_value": "6.1.7601.27320"
}
]
}
},
{
"product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.0.0",
"version_value": "6.1.7601.27320"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.2.0",
"version_value": "6.2.9200.25073"
}
]
}
},
{
"product_name": "Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.2.0",
"version_value": "6.2.9200.25073"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.3.0",
"version_value": "6.3.9600.22175"
}
]
}
},
{
"product_name": "Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.3.0",
"version_value": "6.3.9600.22175"
}
]
}

16
2024/38xxx/CVE-2024-38195.json
View File

@ -77,7 +77,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "8.0.1",
"version_name": "8.0.0",
"version_value": "8.6.3"
}
]
@ -89,7 +89,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "8.0.2",
"version_name": "8.0.0",
"version_value": "8.6.3"
}
]
@ -113,7 +113,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "8.1.1",
"version_name": "8.1.0",
"version_value": "8.6.3"
}
]
@ -125,7 +125,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "8.2.2",
"version_name": "8.2.0",
"version_value": "8.6.3"
}
]
@ -137,7 +137,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "8.2.1",
"version_name": "8.2.0",
"version_value": "8.6.3"
}
]
@ -173,7 +173,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "8.4.1",
"version_name": "8.4.0",
"version_value": "8.6.3"
}
]
@ -185,7 +185,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "8.4.2",
"version_name": "8.4.0",
"version_value": "8.6.3"
}
]
@ -209,7 +209,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.0",
"version_name": "8.6.0",
"version_value": "8.6.3"
}
]

2
2024/43xxx/CVE-2024-43477.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper access control in Decentralized Identity Services allows an unathenticated attacker to disable Verifiable ID's on another tenant."
"value": "Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant."
}
]
},

18
2024/8xxx/CVE-2024-8667.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8668.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8668",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8669.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8670.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8670",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8671.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8671",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}