admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-14 14:00:54 +00:00
parent 6cf7979d4f
commit 6ff5ac06f3
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 602 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
2024/11xxx/CVE-2024-11497.json
View File

@ -1,17 +1,138 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11497",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "CHARX SEC-3000",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.7.0"
}
]
}
},
{
"product_name": "CHARX SEC-3050",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.7.0"
}
]
}
},
{
"product_name": "CHARX SEC-3100",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.7.0"
}
]
}
},
{
"product_name": "CHARX SEC-3150",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.7.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-070",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-070"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-070",
"defect": [
"CERT@VDE#641697"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Tien Phan"
},
{
"lang": "en",
"value": "Richard Jaletzki"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

61
2024/11xxx/CVE-2024-11863.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11863",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "arm-security@arm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions",
"cweId": "CWE-755"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Arm",
"product": {
"product_data": [
{
"product_name": "SCP-Firmware",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.15.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864",
"refsource": "MISC",
"name": "https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

61
2024/11xxx/CVE-2024-11864.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11864",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "arm-security@arm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions",
"cweId": "CWE-755"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Arm",
"product": {
"product_data": [
{
"product_name": "SCP-Firmware",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.15.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864",
"refsource": "MISC",
"name": "https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

130
2024/12xxx/CVE-2024-12988.json
View File

@ -1,17 +1,139 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12988",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "deu",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** In Netgear R6900P and R7000P 1.3.3.154 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft die Funktion sub_16C4C der Komponente HTTP Header Handler. Durch Manipulation des Arguments Host mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow",
"cweId": "CWE-120"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Netgear",
"product": {
"product_data": [
{
"product_name": "R6900P",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.3.154"
}
]
}
},
{
"product_name": "R7000P",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.3.154"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.289381",
"refsource": "MISC",
"name": "https://vuldb.com/?id.289381"
},
{
"url": "https://vuldb.com/?ctiid.289381",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.289381"
},
{
"url": "https://vuldb.com/?submit.462781",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.462781"
},
{
"url": "https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154",
"refsource": "MISC",
"name": "https://github.com/physicszq/Routers/tree/main/Netgear/1.3.3.154"
},
{
"url": "https://www.netgear.com/about/eos/",
"refsource": "MISC",
"name": "https://www.netgear.com/about/eos/"
},
{
"url": "https://www.netgear.com/",
"refsource": "MISC",
"name": "https://www.netgear.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "physicszq (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

138
2024/13xxx/CVE-2024-13131.json
View File

@ -5,147 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2024-13131",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S bis 20241222 entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /web_caps/webCapsConfig der Komponente Web Interface. Durch die Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure",
"cweId": "CWE-200"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Improper Access Controls",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dahua",
"product": {
"product_data": [
{
"product_name": "IPC-HFW1200S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20241222"
}
]
}
},
{
"product_name": "IPC-HFW2300R-Z",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20241222"
}
]
}
},
{
"product_name": "IPC-HFW5220E-Z",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20241222"
}
]
}
},
{
"product_name": "IPC-HDW1200S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20241222"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.290205",
"refsource": "MISC",
"name": "https://vuldb.com/?id.290205"
},
{
"url": "https://vuldb.com/?ctiid.290205",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.290205"
},
{
"url": "https://vuldb.com/?submit.464258",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.464258"
},
{
"url": "https://netsecfish.notion.site/IntelBras-IP-Camera-Information-Disclosure-15e6b683e67c80a89f89daf59daa9ea8?pvs=73",
"refsource": "MISC",
"name": "https://netsecfish.notion.site/IntelBras-IP-Camera-Information-Disclosure-15e6b683e67c80a89f89daf59daa9ea8?pvs=73"
}
]
},
"credits": [
{
"lang": "en",
"value": "netsecfish (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-9680. Reason: This candidate is a reservation duplicate of CVE-2019-9680. Notes: All CVE users should reference CVE-2019-9680 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

18
2024/13xxx/CVE-2024-13381.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13381",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/13xxx/CVE-2024-13382.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13382",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

19
2024/50xxx/CVE-2024-50312.json
View File

@ -36,12 +36,20 @@
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 4",
"product_name": "Red Hat OpenShift Container Platform 4.17",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v4.17.0-202501080135.p0.gedbd12e.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
@ -56,6 +64,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2025:0115",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:0115"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-50312",
"refsource": "MISC",
@ -98,8 +111,8 @@
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

186
2024/7xxx/CVE-2024-7344.json
View File

@ -1,18 +1,196 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7344",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cert@cert.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426: Untrusted Search Path"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-347: Lack/Improper Verification of Cryptographic Signature"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Radix",
"product": {
"product_data": [
{
"product_name": "SmartRecovery",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "11.2.023-20240927"
}
]
}
}
]
}
},
{
"vendor_name": "Greenware Technologies",
"product": {
"product_data": [
{
"product_name": "GreenGuard",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "10.2.023-20240927"
}
]
}
}
]
}
},
{
"vendor_name": "Howyar Technologies",
"product": {
"product_data": [
{
"product_name": "SysReturn (32-bit and 64-bit)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "10.2.02320240919"
}
]
}
}
]
}
},
{
"vendor_name": "SANFONG",
"product": {
"product_data": [
{
"product_name": "SANFONG EZ-Back System",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "10.3.024-20241127"
}
]
}
}
]
}
},
{
"vendor_name": "CES Taiwan",
"product": {
"product_data": [
{
"product_name": "CES NeoImpact",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "10.1.024-20241127"
}
]
}
}
]
}
},
{
"vendor_name": "SignalComputer",
"product": {
"product_data": [
{
"product_name": "HDD King",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "*",
"version_value": "10.3.021-20241127"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://uefi.org/revocationlistfile",
"refsource": "MISC",
"name": "https://uefi.org/revocationlistfile"
},
{
"url": "https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html",
"refsource": "MISC",
"name": "https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html"
},
{
"url": "https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html",
"refsource": "MISC",
"name": "https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html"
},
{
"url": "https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/",
"refsource": "MISC",
"name": "https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/"
}
]
},
"generator": {
"engine": "VINCE 3.0.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-7344"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Thanks to Martin Smolar of ESET"
}
]
}