admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-05 05:00:35 +00:00
parent 78f2789754
commit 64762c46fc
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 503 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
2024/39xxx/CVE-2024-39713.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39713",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rocket.Chat",
"product": {
"product_data": [
{
"product_name": "Rocket.Chat",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.10.1",
"version_value": "6.10.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hackerone.com/reports/1886954",
"refsource": "MISC",
"name": "https://hackerone.com/reports/1886954"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 8.6,
"baseSeverity": "HIGH"
}
]
}

58
2024/39xxx/CVE-2024-39838.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39838",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ZEXELON CO., LTD.",
"product": {
"product_data": [
{
"product_name": "ZWX-2000CSW2-HN",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "firmware versions prior to Ver.0.3.15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf",
"refsource": "MISC",
"name": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN70666401/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN70666401/"
}
]
}

58
2024/41xxx/CVE-2024-41720.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41720",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ZEXELON CO., LTD.",
"product": {
"product_data": [
{
"product_name": "ZWX-2000CSW2-HN",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "firmware versions prior to Ver.0.3.15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf",
"refsource": "MISC",
"name": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN70666401/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN70666401/"
}
]
}

74
2024/41xxx/CVE-2024-41889.json
View File

@ -1,17 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41889",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper restriction of communication channel to intended endpoints"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pimax",
"product": {
"product_data": [
{
"product_name": "Pimax Play",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "prior to V1.21.01"
}
]
}
},
{
"product_name": "PiTool",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://pimax.com/pages/downloads-manuals",
"refsource": "MISC",
"name": "https://pimax.com/pages/downloads-manuals"
},
{
"url": "https://github.com/OpenMAR/PiTool",
"refsource": "MISC",
"name": "https://github.com/OpenMAR/PiTool"
},
{
"url": "https://jvn.jp/en/jp/JVN50850706/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN50850706/"
}
]
}

72
2024/6xxx/CVE-2024-6117.json
View File

@ -1,18 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6117",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ART@zuso.ai",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hamastar Technology",
"product": {
"product_data": [
{
"product_name": "MeetingHub Paperless Meetings",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "2021",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://zuso.ai/advisory/za-2024-02",
"refsource": "MISC",
"name": "https://zuso.ai/advisory/za-2024-02"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"defect": [
"ZA-2024-02"
],
"discovery": "EXTERNAL"
}
}

72
2024/6xxx/CVE-2024-6118.json
View File

@ -1,18 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6118",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ART@zuso.ai",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users\u2019 credentials and gain access to the product via an XML file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Plaintext Storage of a Password",
"cweId": "CWE-256"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hamastar Technology",
"product": {
"product_data": [
{
"product_name": "MeetingHub Paperless Meetings",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "2021",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://zuso.ai/advisory/za-2024-03",
"refsource": "MISC",
"name": "https://zuso.ai/advisory/za-2024-03"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"defect": [
"ZA-2024-03"
],
"discovery": "EXTERNAL"
}
}

133
2024/7xxx/CVE-2024-7470.json
View File

@ -1,17 +1,142 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7470",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpn_config_mod of the file /vpn/vpn_template_style.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273563. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion sslvpn_config_mod der Datei /vpn/vpn_template_style.php der Komponente Web Interface. Durch Manipulation des Arguments template/stylenum mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Raisecom",
"product": {
"product_data": [
{
"product_name": "MSG1200",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.90"
}
]
}
},
{
"product_name": "MSG2100E",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.90"
}
]
}
},
{
"product_name": "MSG2200",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.90"
}
]
}
},
{
"product_name": "MSG2300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.90"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.273563",
"refsource": "MISC",
"name": "https://vuldb.com/?id.273563"
},
{
"url": "https://vuldb.com/?ctiid.273563",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.273563"
},
{
"url": "https://vuldb.com/?submit.385350",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.385350"
},
{
"url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/sQrromK7x42JbLgY/Command%20Injection%20Vulnerability%20in%20RAISECOM%20Gateway%20Devices-vpn_template_style.php.pdf",
"refsource": "MISC",
"name": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/sQrromK7x42JbLgY/Command%20Injection%20Vulnerability%20in%20RAISECOM%20Gateway%20Devices-vpn_template_style.php.pdf"
}
]
},
"credits": [
{
"lang": "en",
"value": "H0e4a0r1t (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}