From 6043227ad97fcff616322da679c31b6e63b70e27 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 25 Nov 2024 03:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11650.json | 114 +++++++++++++++++++++++++++- 2024/11xxx/CVE-2024-11651.json | 131 ++++++++++++++++++++++++++++++++- 2024/1xxx/CVE-2024-1023.json | 4 +- 2024/1xxx/CVE-2024-1300.json | 4 +- 2024/53xxx/CVE-2024-53926.json | 18 +++++ 2024/53xxx/CVE-2024-53927.json | 18 +++++ 2024/53xxx/CVE-2024-53928.json | 18 +++++ 2024/53xxx/CVE-2024-53929.json | 18 +++++ 2024/53xxx/CVE-2024-53930.json | 87 ++++++++++++++++++++++ 9 files changed, 400 insertions(+), 12 deletions(-) create mode 100644 2024/53xxx/CVE-2024-53926.json create mode 100644 2024/53xxx/CVE-2024-53927.json create mode 100644 2024/53xxx/CVE-2024-53928.json create mode 100644 2024/53xxx/CVE-2024-53929.json create mode 100644 2024/53xxx/CVE-2024-53930.json diff --git a/2024/11xxx/CVE-2024-11650.json b/2024/11xxx/CVE-2024-11650.json index 1c9a2e0f3b3..06e20fb88e8 100644 --- a/2024/11xxx/CVE-2024-11650.json +++ b/2024/11xxx/CVE-2024-11650.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Tenda i9 1.0.0.8(3828) gefunden. Es geht hierbei um die Funktion websReadEvent der Datei /goform/GetIPTV. Durch Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "i9", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0.0.8(3828)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.285971", + "refsource": "MISC", + "name": "https://vuldb.com/?id.285971" + }, + { + "url": "https://vuldb.com/?ctiid.285971", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.285971" + }, + { + "url": "https://vuldb.com/?submit.446592", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.446592" + }, + { + "url": "https://github.com/xiaobor123/tenda-vul-i9", + "refsource": "MISC", + "name": "https://github.com/xiaobor123/tenda-vul-i9" + }, + { + "url": "https://www.tenda.com.cn/", + "refsource": "MISC", + "name": "https://www.tenda.com.cn/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "xiaobor123 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.8, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C" } ] } diff --git a/2024/11xxx/CVE-2024-11651.json b/2024/11xxx/CVE-2024-11651.json index cc38e23c484..46fe0a80177 100644 --- a/2024/11xxx/CVE-2024-11651.json +++ b/2024/11xxx/CVE-2024-11651.json @@ -1,17 +1,140 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11651", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been classified as critical. Affected is an unknown function of the file /admin/network/wifi_schedule. The manipulation of the argument wifi_schedule_day_em_5 leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT bis 20241118 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/network/wifi_schedule. Mittels dem Manipulieren des Arguments wifi_schedule_day_em_5 mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection", + "cweId": "CWE-77" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EnGenius", + "product": { + "product_data": [ + { + "product_name": "ENH1350EXT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20241118" + } + ] + } + }, + { + "product_name": "ENS500-AC", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20241118" + } + ] + } + }, + { + "product_name": "ENS620EXT", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20241118" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.285972", + "refsource": "MISC", + "name": "https://vuldb.com/?id.285972" + }, + { + "url": "https://vuldb.com/?ctiid.285972", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.285972" + }, + { + "url": "https://vuldb.com/?submit.446623", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.446623" + }, + { + "url": "https://k9u7kv33ub.feishu.cn/wiki/XIepwv7goiCcYxk5QAgc8Q2LnMc?from=from_copylink", + "refsource": "MISC", + "name": "https://k9u7kv33ub.feishu.cn/wiki/XIepwv7goiCcYxk5QAgc8Q2LnMc?from=from_copylink" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "liutong (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2024/1xxx/CVE-2024-1023.json b/2024/1xxx/CVE-2024-1023.json index afd9ca5194e..8c55b07971d 100644 --- a/2024/1xxx/CVE-2024-1023.json +++ b/2024/1xxx/CVE-2024-1023.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer", - "cweId": "CWE-119" + "value": "Missing Release of Memory after Effective Lifetime", + "cweId": "CWE-401" } ] } diff --git a/2024/1xxx/CVE-2024-1300.json b/2024/1xxx/CVE-2024-1300.json index 1c962c16d30..e2808881be5 100644 --- a/2024/1xxx/CVE-2024-1300.json +++ b/2024/1xxx/CVE-2024-1300.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "Uncontrolled Resource Consumption", - "cweId": "CWE-400" + "value": "Missing Release of Memory after Effective Lifetime", + "cweId": "CWE-401" } ] } diff --git a/2024/53xxx/CVE-2024-53926.json b/2024/53xxx/CVE-2024-53926.json new file mode 100644 index 00000000000..457026f43b1 --- /dev/null +++ b/2024/53xxx/CVE-2024-53926.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53926", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53927.json b/2024/53xxx/CVE-2024-53927.json new file mode 100644 index 00000000000..5c57ab8a9c7 --- /dev/null +++ b/2024/53xxx/CVE-2024-53927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53928.json b/2024/53xxx/CVE-2024-53928.json new file mode 100644 index 00000000000..2d5e57aafa1 --- /dev/null +++ b/2024/53xxx/CVE-2024-53928.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53928", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53929.json b/2024/53xxx/CVE-2024-53929.json new file mode 100644 index 00000000000..1216051de2f --- /dev/null +++ b/2024/53xxx/CVE-2024-53929.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-53929", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53930.json b/2024/53xxx/CVE-2024-53930.json new file mode 100644 index 00000000000..c881e7f211f --- /dev/null +++ b/2024/53xxx/CVE-2024-53930.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2024-53930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WikiDocs before 1.0.65 allows stored XSS by authenticated users via data that comes after $$\\\\, which is mishandled by a KaTeX parser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Zavy86/WikiDocs/releases/tag/1.0.65", + "refsource": "MISC", + "name": "https://github.com/Zavy86/WikiDocs/releases/tag/1.0.65" + }, + { + "url": "https://github.com/Zavy86/WikiDocs/compare/1.0.64...1.0.65", + "refsource": "MISC", + "name": "https://github.com/Zavy86/WikiDocs/compare/1.0.64...1.0.65" + }, + { + "url": "https://github.com/Zavy86/WikiDocs/commit/aa264bd046a254522da67600be73791bd4e5dafc", + "refsource": "MISC", + "name": "https://github.com/Zavy86/WikiDocs/commit/aa264bd046a254522da67600be73791bd4e5dafc" + }, + { + "url": "https://github.com/Zavy86/WikiDocs/issues/211", + "refsource": "MISC", + "name": "https://github.com/Zavy86/WikiDocs/issues/211" + }, + { + "url": "https://github.com/Zavy86/WikiDocs/pull/213", + "refsource": "MISC", + "name": "https://github.com/Zavy86/WikiDocs/pull/213" + }, + { + "url": "https://www.xbow.com", + "refsource": "MISC", + "name": "https://www.xbow.com" + } + ] + } +} \ No newline at end of file