From 64762c46fc555c5caed120408b46e197331fb25f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 5 Aug 2024 05:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/39xxx/CVE-2024-39713.json | 64 +++++++++++++++- 2024/39xxx/CVE-2024-39838.json | 58 +++++++++++++- 2024/41xxx/CVE-2024-41720.json | 58 +++++++++++++- 2024/41xxx/CVE-2024-41889.json | 74 +++++++++++++++++- 2024/6xxx/CVE-2024-6117.json | 72 +++++++++++++++++- 2024/6xxx/CVE-2024-6118.json | 72 +++++++++++++++++- 2024/7xxx/CVE-2024-7470.json | 133 ++++++++++++++++++++++++++++++++- 7 files changed, 503 insertions(+), 28 deletions(-) diff --git a/2024/39xxx/CVE-2024-39713.json b/2024/39xxx/CVE-2024-39713.json index 33d8c821ebd..c4d0d5480d3 100644 --- a/2024/39xxx/CVE-2024-39713.json +++ b/2024/39xxx/CVE-2024-39713.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39713", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rocket.Chat", + "product": { + "product_data": [ + { + "product_name": "Rocket.Chat", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.10.1", + "version_value": "6.10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/1886954", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1886954" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 8.6, + "baseSeverity": "HIGH" } ] } diff --git a/2024/39xxx/CVE-2024-39838.json b/2024/39xxx/CVE-2024-39838.json index e71542b5399..a4a1127b067 100644 --- a/2024/39xxx/CVE-2024-39838.json +++ b/2024/39xxx/CVE-2024-39838.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-39838", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Hard-coded Credentials" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZEXELON CO., LTD.", + "product": { + "product_data": [ + { + "product_name": "ZWX-2000CSW2-HN", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "firmware versions prior to Ver.0.3.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf", + "refsource": "MISC", + "name": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf" + }, + { + "url": "https://jvn.jp/en/jp/JVN70666401/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN70666401/" } ] } diff --git a/2024/41xxx/CVE-2024-41720.json b/2024/41xxx/CVE-2024-41720.json index 23143900cc8..10432059584 100644 --- a/2024/41xxx/CVE-2024-41720.json +++ b/2024/41xxx/CVE-2024-41720.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Permission Assignment for Critical Resource" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZEXELON CO., LTD.", + "product": { + "product_data": [ + { + "product_name": "ZWX-2000CSW2-HN", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "firmware versions prior to Ver.0.3.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf", + "refsource": "MISC", + "name": "https://www.zexelon.co.jp/pdf/jvn70666401.pdf" + }, + { + "url": "https://jvn.jp/en/jp/JVN70666401/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN70666401/" } ] } diff --git a/2024/41xxx/CVE-2024-41889.json b/2024/41xxx/CVE-2024-41889.json index e3637b1493d..c159ed7cce6 100644 --- a/2024/41xxx/CVE-2024-41889.json +++ b/2024/41xxx/CVE-2024-41889.json @@ -1,17 +1,83 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41889", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper restriction of communication channel to intended endpoints" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pimax", + "product": { + "product_data": [ + { + "product_name": "Pimax Play", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "prior to V1.21.01" + } + ] + } + }, + { + "product_name": "PiTool", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://pimax.com/pages/downloads-manuals", + "refsource": "MISC", + "name": "https://pimax.com/pages/downloads-manuals" + }, + { + "url": "https://github.com/OpenMAR/PiTool", + "refsource": "MISC", + "name": "https://github.com/OpenMAR/PiTool" + }, + { + "url": "https://jvn.jp/en/jp/JVN50850706/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN50850706/" } ] } diff --git a/2024/6xxx/CVE-2024-6117.json b/2024/6xxx/CVE-2024-6117.json index a0e85e423f4..f9f89f04a77 100644 --- a/2024/6xxx/CVE-2024-6117.json +++ b/2024/6xxx/CVE-2024-6117.json @@ -1,18 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6117", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ART@zuso.ai", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hamastar Technology", + "product": { + "product_data": [ + { + "product_name": "MeetingHub Paperless Meetings", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "2021", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://zuso.ai/advisory/za-2024-02", + "refsource": "MISC", + "name": "https://zuso.ai/advisory/za-2024-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "defect": [ + "ZA-2024-02" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2024/6xxx/CVE-2024-6118.json b/2024/6xxx/CVE-2024-6118.json index 4721608454f..0bd8688c472 100644 --- a/2024/6xxx/CVE-2024-6118.json +++ b/2024/6xxx/CVE-2024-6118.json @@ -1,18 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6118", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ART@zuso.ai", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users\u2019 credentials and gain access to the product via an XML file." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Plaintext Storage of a Password", + "cweId": "CWE-256" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hamastar Technology", + "product": { + "product_data": [ + { + "product_name": "MeetingHub Paperless Meetings", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "2021", + "versionType": "custom" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://zuso.ai/advisory/za-2024-03", + "refsource": "MISC", + "name": "https://zuso.ai/advisory/za-2024-03" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "defect": [ + "ZA-2024-03" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7470.json b/2024/7xxx/CVE-2024-7470.json index f02c1b88cad..08364e1ee4c 100644 --- a/2024/7xxx/CVE-2024-7470.json +++ b/2024/7xxx/CVE-2024-7470.json @@ -1,17 +1,142 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7470", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpn_config_mod of the file /vpn/vpn_template_style.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273563. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion sslvpn_config_mod der Datei /vpn/vpn_template_style.php der Komponente Web Interface. Durch Manipulation des Arguments template/stylenum mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Raisecom", + "product": { + "product_data": [ + { + "product_name": "MSG1200", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.90" + } + ] + } + }, + { + "product_name": "MSG2100E", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.90" + } + ] + } + }, + { + "product_name": "MSG2200", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.90" + } + ] + } + }, + { + "product_name": "MSG2300", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.90" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.273563", + "refsource": "MISC", + "name": "https://vuldb.com/?id.273563" + }, + { + "url": "https://vuldb.com/?ctiid.273563", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.273563" + }, + { + "url": "https://vuldb.com/?submit.385350", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.385350" + }, + { + "url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/sQrromK7x42JbLgY/Command%20Injection%20Vulnerability%20in%20RAISECOM%20Gateway%20Devices-vpn_template_style.php.pdf", + "refsource": "MISC", + "name": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/sQrromK7x42JbLgY/Command%20Injection%20Vulnerability%20in%20RAISECOM%20Gateway%20Devices-vpn_template_style.php.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "H0e4a0r1t (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] }