From 5adff53de39013332fc182d4c80a2c6b7a00e86e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Sep 2024 18:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14925.json | 2 +- 2019/14xxx/CVE-2019-14926.json | 2 +- 2019/14xxx/CVE-2019-14927.json | 2 +- 2019/14xxx/CVE-2019-14928.json | 2 +- 2019/14xxx/CVE-2019-14929.json | 2 +- 2019/14xxx/CVE-2019-14930.json | 2 +- 2019/14xxx/CVE-2019-14931.json | 2 +- 2024/34xxx/CVE-2024-34831.json | 56 +++++++++++++-- 2024/38xxx/CVE-2024-38063.json | 10 +-- 2024/38xxx/CVE-2024-38138.json | 120 +++++++++++++++++++++++++++++++-- 2024/38xxx/CVE-2024-38195.json | 16 ++--- 2024/43xxx/CVE-2024-43477.json | 2 +- 2024/8xxx/CVE-2024-8667.json | 18 +++++ 2024/8xxx/CVE-2024-8668.json | 18 +++++ 2024/8xxx/CVE-2024-8669.json | 18 +++++ 2024/8xxx/CVE-2024-8670.json | 18 +++++ 2024/8xxx/CVE-2024-8671.json | 18 +++++ 17 files changed, 275 insertions(+), 33 deletions(-) create mode 100644 2024/8xxx/CVE-2024-8667.json create mode 100644 2024/8xxx/CVE-2024-8668.json create mode 100644 2024/8xxx/CVE-2024-8669.json create mode 100644 2024/8xxx/CVE-2024-8670.json create mode 100644 2024/8xxx/CVE-2024-8671.json diff --git a/2019/14xxx/CVE-2019-14925.json b/2019/14xxx/CVE-2019-14925.json index 35ecd94d54d..04f1b736deb 100644 --- a/2019/14xxx/CVE-2019-14925.json +++ b/2019/14xxx/CVE-2019-14925.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment." + "value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment." } ] }, diff --git a/2019/14xxx/CVE-2019-14926.json b/2019/14xxx/CVE-2019-14926.json index 0bea7f546c8..98936fe55fa 100644 --- a/2019/14xxx/CVE-2019-14926.json +++ b/2019/14xxx/CVE-2019-14926.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites." + "value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites." } ] }, diff --git a/2019/14xxx/CVE-2019-14927.json b/2019/14xxx/CVE-2019-14927.json index 03c7f90a7f2..ff18032bd0b 100644 --- a/2019/14xxx/CVE-2019-14927.json +++ b/2019/14xxx/CVE-2019-14927.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data)." + "value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data)." } ] }, diff --git a/2019/14xxx/CVE-2019-14928.json b/2019/14xxx/CVE-2019-14928.json index f781d30aec5..05ea95422a0 100644 --- a/2019/14xxx/CVE-2019-14928.json +++ b/2019/14xxx/CVE-2019-14928.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page." + "value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page." } ] }, diff --git a/2019/14xxx/CVE-2019-14929.json b/2019/14xxx/CVE-2019-14929.json index 6916d6f330d..10e2aaeef36 100644 --- a/2019/14xxx/CVE-2019-14929.json +++ b/2019/14xxx/CVE-2019-14929.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service." + "value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service." } ] }, diff --git a/2019/14xxx/CVE-2019-14930.json b/2019/14xxx/CVE-2019-14930.json index bda7193abe0..06c8fe52d8c 100644 --- a/2019/14xxx/CVE-2019-14930.json +++ b/2019/14xxx/CVE-2019-14930.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)" + "value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)" } ] }, diff --git a/2019/14xxx/CVE-2019-14931.json b/2019/14xxx/CVE-2019-14931.json index 0090f52007c..cd2a02fbe93 100644 --- a/2019/14xxx/CVE-2019-14931.json +++ b/2019/14xxx/CVE-2019-14931.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data." + "value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data." } ] }, diff --git a/2024/34xxx/CVE-2024-34831.json b/2024/34xxx/CVE-2024-34831.json index 3b54aad6f92..fa126b9fd20 100644 --- a/2024/34xxx/CVE-2024-34831.json +++ b/2024/34xxx/CVE-2024-34831.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-34831", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-34831", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/enzored/CVE-2024-34831", + "url": "https://github.com/enzored/CVE-2024-34831" } ] } diff --git a/2024/38xxx/CVE-2024-38063.json b/2024/38xxx/CVE-2024-38063.json index 31fbb42801b..e2ad7346056 100644 --- a/2024/38xxx/CVE-2024-38063.json +++ b/2024/38xxx/CVE-2024-38063.json @@ -42,7 +42,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.6189" + "version_value": "10.0.17763.6293" } ] } @@ -54,7 +54,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.6189" + "version_value": "10.0.17763.6293" } ] } @@ -66,7 +66,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.6189" + "version_value": "10.0.17763.6293" } ] } @@ -78,7 +78,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.20348.2655" + "version_value": "10.0.20348.2700" } ] } @@ -90,7 +90,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.22000.3147" + "version_value": "10.0.22000.3197" } ] } diff --git a/2024/38xxx/CVE-2024-38138.json b/2024/38xxx/CVE-2024-38138.json index 77d38f26269..1b5e90e9f8b 100644 --- a/2024/38xxx/CVE-2024-38138.json +++ b/2024/38xxx/CVE-2024-38138.json @@ -42,7 +42,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.6189" + "version_value": "10.0.17763.6289" } ] } @@ -54,7 +54,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.17763.6189" + "version_value": "10.0.17763.6289" } ] } @@ -66,7 +66,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.20348.2655" + "version_value": "10.0.20348.2700" } ] } @@ -78,7 +78,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.25398.1085" + "version_value": "10.0.25398.1128" } ] } @@ -90,7 +90,7 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.7259" + "version_value": "10.0.14393.7336" } ] } @@ -102,7 +102,115 @@ { "version_affected": "<", "version_name": "10.0.0", - "version_value": "10.0.14393.7259" + "version_value": "10.0.14393.7336" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22870" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22870" + } + ] + } + }, + { + "product_name": "Windows Server 2008 Service Pack 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.0.6003.22870" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.1.0", + "version_value": "6.1.7601.27320" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.1.7601.27320" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.0", + "version_value": "6.2.9200.25073" + } + ] + } + }, + { + "product_name": "Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2.0", + "version_value": "6.2.9200.25073" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.9600.22175" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.0", + "version_value": "6.3.9600.22175" } ] } diff --git a/2024/38xxx/CVE-2024-38195.json b/2024/38xxx/CVE-2024-38195.json index 344b9304216..594d596907f 100644 --- a/2024/38xxx/CVE-2024-38195.json +++ b/2024/38xxx/CVE-2024-38195.json @@ -77,7 +77,7 @@ "version_data": [ { "version_affected": "<", - "version_name": "8.0.1", + "version_name": "8.0.0", "version_value": "8.6.3" } ] @@ -89,7 +89,7 @@ "version_data": [ { "version_affected": "<", - "version_name": "8.0.2", + "version_name": "8.0.0", "version_value": "8.6.3" } ] @@ -113,7 +113,7 @@ "version_data": [ { "version_affected": "<", - "version_name": "8.1.1", + "version_name": "8.1.0", "version_value": "8.6.3" } ] @@ -125,7 +125,7 @@ "version_data": [ { "version_affected": "<", - "version_name": "8.2.2", + "version_name": "8.2.0", "version_value": "8.6.3" } ] @@ -137,7 +137,7 @@ "version_data": [ { "version_affected": "<", - "version_name": "8.2.1", + "version_name": "8.2.0", "version_value": "8.6.3" } ] @@ -173,7 +173,7 @@ "version_data": [ { "version_affected": "<", - "version_name": "8.4.1", + "version_name": "8.4.0", "version_value": "8.6.3" } ] @@ -185,7 +185,7 @@ "version_data": [ { "version_affected": "<", - "version_name": "8.4.2", + "version_name": "8.4.0", "version_value": "8.6.3" } ] @@ -209,7 +209,7 @@ "version_data": [ { "version_affected": "<", - "version_name": "1.0.0", + "version_name": "8.6.0", "version_value": "8.6.3" } ] diff --git a/2024/43xxx/CVE-2024-43477.json b/2024/43xxx/CVE-2024-43477.json index d1c23a3220e..09c0933202f 100644 --- a/2024/43xxx/CVE-2024-43477.json +++ b/2024/43xxx/CVE-2024-43477.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper access control in Decentralized Identity Services allows an unathenticated attacker to disable Verifiable ID's on another tenant." + "value": "Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant." } ] }, diff --git a/2024/8xxx/CVE-2024-8667.json b/2024/8xxx/CVE-2024-8667.json new file mode 100644 index 00000000000..20b0e462826 --- /dev/null +++ b/2024/8xxx/CVE-2024-8667.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8667", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8668.json b/2024/8xxx/CVE-2024-8668.json new file mode 100644 index 00000000000..913e8edbc46 --- /dev/null +++ b/2024/8xxx/CVE-2024-8668.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8668", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8669.json b/2024/8xxx/CVE-2024-8669.json new file mode 100644 index 00000000000..a1235668221 --- /dev/null +++ b/2024/8xxx/CVE-2024-8669.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8669", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8670.json b/2024/8xxx/CVE-2024-8670.json new file mode 100644 index 00000000000..fa7dd75907e --- /dev/null +++ b/2024/8xxx/CVE-2024-8670.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8670", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8671.json b/2024/8xxx/CVE-2024-8671.json new file mode 100644 index 00000000000..f74c86fa9f2 --- /dev/null +++ b/2024/8xxx/CVE-2024-8671.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8671", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file