admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-02-29 00:00:32 +00:00
parent d27cc689ad
commit 6a614d2f49
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
10 changed files with 698 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
2023/40xxx/CVE-2023-40072.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, and WAB-S1167 v1.0.7 and earlier."
"value": "OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier."
}
]
},
@ -88,6 +88,17 @@
}
]
}
},
{
"product_name": "WAB-M2133",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.3.22 and earlier"
}
]
}
}
]
}

102
2024/21xxx/CVE-2024-21798.json
View File

@ -1,17 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21798",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ELECOM CO.,LTD.",
"product": {
"product_data": [
{
"product_name": "WRC-1167GS2-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.67 and earlier"
}
]
}
},
{
"product_name": "WRC-1167GS2H-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.67 and earlier"
}
]
}
},
{
"product_name": "WRC-2533GS2-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.62 and earlier"
}
]
}
},
{
"product_name": "WRC-2533GS2-W",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.62 and earlier"
}
]
}
},
{
"product_name": "WRC-2533GS2V-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.62 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.elecom.co.jp/news/security/20240220-01/",
"refsource": "MISC",
"name": "https://www.elecom.co.jp/news/security/20240220-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN44166658/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN44166658/"
}
]
}

102
2024/23xxx/CVE-2024-23910.json
View File

@ -1,17 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23910",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ELECOM CO.,LTD.",
"product": {
"product_data": [
{
"product_name": "WRC-1167GS2-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.67 and earlier"
}
]
}
},
{
"product_name": "WRC-1167GS2H-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.67 and earlier"
}
]
}
},
{
"product_name": "WRC-2533GS2-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.62 and earlier"
}
]
}
},
{
"product_name": "WRC-2533GS2-W",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.62 and earlier"
}
]
}
},
{
"product_name": "WRC-2533GS2V-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.62 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.elecom.co.jp/news/security/20240220-01/",
"refsource": "MISC",
"name": "https://www.elecom.co.jp/news/security/20240220-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN44166658/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN44166658/"
}
]
}

100
2024/25xxx/CVE-2024-25126.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25126",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack\u2019s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333: Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rack",
"product": {
"product_data": [
{
"product_name": "rack",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.0.0, < 3.0.9.1"
},
{
"version_affected": "=",
"version_value": ">= 0.4, < 2.2.8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx",
"refsource": "MISC",
"name": "https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx"
},
{
"url": "https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462",
"refsource": "MISC",
"name": "https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462"
},
{
"url": "https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49",
"refsource": "MISC",
"name": "https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49"
},
{
"url": "https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941",
"refsource": "MISC",
"name": "https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml",
"refsource": "MISC",
"name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml"
}
]
},
"source": {
"advisory": "GHSA-22f2-v57c-j9cx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

56
2024/25xxx/CVE-2024-25422.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25422",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-25422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/tzyyyyyyy/semcms",
"refsource": "MISC",
"name": "https://github.com/tzyyyyyyy/semcms"
}
]
}

102
2024/25xxx/CVE-2024-25579.json
View File

@ -1,17 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25579",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ELECOM CO.,LTD.",
"product": {
"product_data": [
{
"product_name": "WRC-1167GS2-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.67 and earlier"
}
]
}
},
{
"product_name": "WRC-1167GS2H-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.67 and earlier"
}
]
}
},
{
"product_name": "WRC-2533GS2-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.62 and earlier"
}
]
}
},
{
"product_name": "WRC-2533GS2-W",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.62 and earlier"
}
]
}
},
{
"product_name": "WRC-2533GS2V-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.62 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.elecom.co.jp/news/security/20240220-01/",
"refsource": "MISC",
"name": "https://www.elecom.co.jp/news/security/20240220-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU99444194/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU99444194/"
}
]
}

100
2024/26xxx/CVE-2024-26141.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-26141",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rack",
"product": {
"product_data": [
{
"product_name": "rack",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.0.0, < 3.0.9.1"
},
{
"version_affected": "=",
"version_value": ">= 1.3.0, < 2.2.8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6",
"refsource": "MISC",
"name": "https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6"
},
{
"url": "https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9",
"refsource": "MISC",
"name": "https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9"
},
{
"url": "https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b",
"refsource": "MISC",
"name": "https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b"
},
{
"url": "https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944",
"refsource": "MISC",
"name": "https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml",
"refsource": "MISC",
"name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml"
}
]
},
"source": {
"advisory": "GHSA-xj5v-6v4g-jfw6",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
]
}

118
2024/26xxx/CVE-2024-26146.json
View File

@ -1,17 +1,127 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-26146",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333: Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rack",
"product": {
"product_data": [
{
"product_name": "rack",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.0.0, < 3.0.9.1"
},
{
"version_affected": "=",
"version_value": ">= 2.2.0, < 2.2.8.1"
},
{
"version_affected": "=",
"version_value": ">= 2.1.0, < 2.1.4.4"
},
{
"version_affected": "=",
"version_value": "< 2.0.9.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f",
"refsource": "MISC",
"name": "https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f"
},
{
"url": "https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716",
"refsource": "MISC",
"name": "https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716"
},
{
"url": "https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582",
"refsource": "MISC",
"name": "https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582"
},
{
"url": "https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f",
"refsource": "MISC",
"name": "https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f"
},
{
"url": "https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd",
"refsource": "MISC",
"name": "https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd"
},
{
"url": "https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942",
"refsource": "MISC",
"name": "https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml",
"refsource": "MISC",
"name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml"
}
]
},
"source": {
"advisory": "GHSA-54rr-7fvw-6x8f",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

18
2024/27xxx/CVE-2024-27974.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27974",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/2xxx/CVE-2024-2000.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2000",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}