admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-05 23:00:33 +00:00
parent a054841e70
commit 729f4d2207
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
8 changed files with 229 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
2023/22xxx/CVE-2023-22815.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nPost-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have admin/root privileges to carry out the exploit. An authentication bypass is required for this exploit, thereby making it more complex. The attack may not require user interaction. Since an attacker must already be authenticated, the confidentiality impact is low while the integrity and availability impact is high.\u00a0\n\nThis issue affects My Cloud OS 5 devices: before 5.26.300.\n\n"
"value": "Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have admin/root privileges to carry out the exploit. An authentication bypass is required for this exploit, thereby making it more complex. The attack may not require user interaction. Since an attacker must already be authenticated, the confidentiality impact is low while the integrity and availability impact is high.\u00a0\n\nThis issue affects My Cloud OS 5 devices: before 5.26.300."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
@ -78,7 +78,7 @@
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.</span><br>"
}
],
"value": "Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.\n"
"value": "Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification."
}
],
"credits": [

8
2023/22xxx/CVE-2023-22816.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads.\nThis issue affects My Cloud OS 5 devices: before 5.26.300.\n\n"
"value": "A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads.\nThis issue affects My Cloud OS 5 devices: before 5.26.300."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
@ -78,7 +78,7 @@
"value": "<div><div><p>Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.</p></div></div><div><div><div></div></div></div>"
}
],
"value": "Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.\n\n\n\n\n\n\n\n\n\n\n\n"
"value": "Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification."
}
],
"credits": [

6
2023/22xxx/CVE-2023-22819.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
"value": "CWE-770 Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
@ -109,7 +109,7 @@
"value": "<p></p><div><div><p><span style=\"background-color: var(--wht);\">For My Cloud OS 5 devices, <span style=\"background-color: rgb(255, 255, 255);\">Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.</span></span></p><p><span style=\"background-color: var(--wht);\">My Cloud Home, My Cloud Home Duo and SanDisk ibi devices will be automatically updated to reflect the latest firmware version.</span></p></div></div><div><div><div></div></div></div><p></p>"
}
],
"value": "\nFor My Cloud OS 5 devices, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.\n\nMy Cloud Home, My Cloud Home Duo and SanDisk ibi devices will be automatically updated to reflect the latest firmware version.\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
"value": "For My Cloud OS 5 devices, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.\n\nMy Cloud Home, My Cloud Home Duo and SanDisk ibi devices will be automatically updated to reflect the latest firmware version."
}
],
"credits": [

14
2023/4xxx/CVE-2023-4327.json
View File

@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"cweId": "CWE-327"
}
]
}
@ -43,9 +44,9 @@
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"status": "affected",
"lessThan": "7.017.011.000",
"versionType": "custom"
}
],
@ -67,9 +68,8 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "7.017.011.000"
"version_affected": "=",
"version_value": "0"
}
]
}
@ -90,7 +90,7 @@
]
},
"generator": {
"engine": "cveClient/1.0.14"
"engine": "cveClient/1.0.15"
},
"source": {
"discovery": "EXTERNAL"

6
2024/0xxx/CVE-2024-0849.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible\n\nbecause the application is vulnerable to LFR.\n\n\n\n\n"
"value": "Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-73: External Control of File Name or Path",
"cweId": "CWE-73"
}
]
}

99
2024/39xxx/CVE-2024-39278.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39278",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hughes Network Systems",
"product": {
"product_data": [
{
"product_name": "WL3000 Fusion Software",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.7.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-249-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-249-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-249-01",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Hughes Network Systems has patched the vulnerabilities, which requires no action by the user. Any questions or concerns should be directed to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.hughes.com/who-we-are/contact-us\">Hughes Network Systems customer support</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "Hughes Network Systems has patched the vulnerabilities, which requires no action by the user. Any questions or concerns should be directed to Hughes Network Systems customer support https://www.hughes.com/who-we-are/contact-us ."
}
],
"credits": [
{
"lang": "en",
"value": "An anonymous researcher reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

99
2024/42xxx/CVE-2024-42495.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-42495",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data",
"cweId": "CWE-311"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hughes Network Systems",
"product": {
"product_data": [
{
"product_name": "WL3000 Fusion Software",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.7.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-249-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-249-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-249-01",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Hughes Network Systems has patched the vulnerabilities, which requires no action by the user. Any questions or concerns should be directed to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.hughes.com/who-we-are/contact-us\">Hughes Network Systems customer support</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "Hughes Network Systems has patched the vulnerabilities, which requires no action by the user. Any questions or concerns should be directed to Hughes Network Systems customer support https://www.hughes.com/who-we-are/contact-us ."
}
],
"credits": [
{
"lang": "en",
"value": "An anonymous researcher reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

18
2024/8xxx/CVE-2024-8505.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}