admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-28 17:00:35 +00:00
parent c97087c2a0
commit 7c5e9d4ed4
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
27 changed files with 963 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
2024/1xxx/CVE-2024-1491.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nThe devices allow access to an unprotected endpoint that allows MPFS \nfile system binary image upload without authentication. The MPFS2 file \nsystem module provides a light-weight read-only file system that can be \nstored in external EEPROM, external serial flash, or internal flash \nprogram memory. This file system serves as the basis for the HTTP2 web \nserver module, but is also used by the SNMP module and is available to \nother applications that require basic read-only storage capabilities. \nThis can be exploited to overwrite the flash program memory that holds \nthe web server's main interfaces and execute arbitrary code.\n\n"
"value": "The devices allow access to an unprotected endpoint that allows MPFS \nfile system binary image upload without authentication. The MPFS2 file \nsystem module provides a light-weight read-only file system that can be \nstored in external EEPROM, external serial flash, or internal flash \nprogram memory. This file system serves as the basis for the HTTP2 web \nserver module, but is also used by the SNMP module and is available to \nother applications that require basic read-only storage capabilities. \nThis can be exploited to overwrite the flash program memory that holds \nthe web server's main interfaces and execute arbitrary code."
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Electrolink ",
"vendor_name": "Electrolink",
"product": {
"product_data": [
{
@ -91,7 +91,7 @@
},
{
"version_affected": "=",
"version_value": "5kW "
"version_value": "5kW"
}
]
}
@ -114,7 +114,7 @@
},
{
"version_affected": "=",
"version_value": "2kW "
"version_value": "2kW"
}
]
}
@ -145,7 +145,7 @@
},
{
"version_affected": "=",
"version_value": "30kW "
"version_value": "30kW"
}
]
}
@ -156,8 +156,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "15W ",
"version_value": "40kW "
"version_name": "15W",
"version_value": "40kW"
}
]
}
@ -172,7 +172,7 @@
},
{
"version_affected": "=",
"version_value": "BIII "
"version_value": "BIII"
}
]
}
@ -183,8 +183,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "10W ",
"version_value": "5kW "
"version_name": "10W",
"version_value": "5kW"
}
]
}
@ -218,10 +218,10 @@
{
"base64": false,
"type": "text/html",
"value": "\nElectrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information.\n\n"
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"credits": [

24
2024/21xxx/CVE-2024-21846.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nAn unauthenticated attacker can reset the board and stop transmitter \noperations by sending a specially-crafted GET request to the command.cgi\n gateway, resulting in a denial-of-service scenario.\n\n"
"value": "An unauthenticated attacker can reset the board and stop transmitter \noperations by sending a specially-crafted GET request to the command.cgi\n gateway, resulting in a denial-of-service scenario."
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Electrolink ",
"vendor_name": "Electrolink",
"product": {
"product_data": [
{
@ -91,7 +91,7 @@
},
{
"version_affected": "=",
"version_value": "5kW "
"version_value": "5kW"
}
]
}
@ -114,7 +114,7 @@
},
{
"version_affected": "=",
"version_value": "2kW "
"version_value": "2kW"
}
]
}
@ -145,7 +145,7 @@
},
{
"version_affected": "=",
"version_value": "30kW "
"version_value": "30kW"
}
]
}
@ -156,8 +156,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "15W ",
"version_value": "40kW "
"version_name": "15W",
"version_value": "40kW"
}
]
}
@ -172,7 +172,7 @@
},
{
"version_affected": "=",
"version_value": "BIII "
"version_value": "BIII"
}
]
}
@ -183,8 +183,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "10W ",
"version_value": "5kW "
"version_name": "10W",
"version_value": "5kW"
}
]
}
@ -218,10 +218,10 @@
{
"base64": false,
"type": "text/html",
"value": "\nElectrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information.\n\n"
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"credits": [

24
2024/21xxx/CVE-2024-21872.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nThe device allows an unauthenticated attacker to bypass authentication \nand modify the cookie to reveal hidden pages that allows more critical \noperations to the transmitter.\n\n"
"value": "The device allows an unauthenticated attacker to bypass authentication \nand modify the cookie to reveal hidden pages that allows more critical \noperations to the transmitter."
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Electrolink ",
"vendor_name": "Electrolink",
"product": {
"product_data": [
{
@ -91,7 +91,7 @@
},
{
"version_affected": "=",
"version_value": "5kW "
"version_value": "5kW"
}
]
}
@ -114,7 +114,7 @@
},
{
"version_affected": "=",
"version_value": "2kW "
"version_value": "2kW"
}
]
}
@ -145,7 +145,7 @@
},
{
"version_affected": "=",
"version_value": "30kW "
"version_value": "30kW"
}
]
}
@ -156,8 +156,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "15W ",
"version_value": "40kW "
"version_name": "15W",
"version_value": "40kW"
}
]
}
@ -172,7 +172,7 @@
},
{
"version_affected": "=",
"version_value": "BIII "
"version_value": "BIII"
}
]
}
@ -183,8 +183,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "10W ",
"version_value": "5kW "
"version_name": "10W",
"version_value": "5kW"
}
]
}
@ -218,10 +218,10 @@
{
"base64": false,
"type": "text/html",
"value": "\nElectrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information.\n\n"
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"credits": [

24
2024/22xxx/CVE-2024-22179.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nThe application is vulnerable to an unauthenticated parameter \nmanipulation that allows an attacker to set the credentials to blank \ngiving her access to the admin panel. Also vulnerable to account \ntakeover and arbitrary password change.\n\n"
"value": "The application is vulnerable to an unauthenticated parameter \nmanipulation that allows an attacker to set the credentials to blank \ngiving her access to the admin panel. Also vulnerable to account \ntakeover and arbitrary password change."
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Electrolink ",
"vendor_name": "Electrolink",
"product": {
"product_data": [
{
@ -91,7 +91,7 @@
},
{
"version_affected": "=",
"version_value": "5kW "
"version_value": "5kW"
}
]
}
@ -114,7 +114,7 @@
},
{
"version_affected": "=",
"version_value": "2kW "
"version_value": "2kW"
}
]
}
@ -145,7 +145,7 @@
},
{
"version_affected": "=",
"version_value": "30kW "
"version_value": "30kW"
}
]
}
@ -156,8 +156,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "15W ",
"version_value": "40kW "
"version_name": "15W",
"version_value": "40kW"
}
]
}
@ -172,7 +172,7 @@
},
{
"version_affected": "=",
"version_value": "BIII "
"version_value": "BIII"
}
]
}
@ -183,8 +183,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "10W ",
"version_value": "5kW "
"version_name": "10W",
"version_value": "5kW"
}
]
}
@ -218,10 +218,10 @@
{
"base64": false,
"type": "text/html",
"value": "\nElectrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information.\n\n"
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"credits": [

24
2024/22xxx/CVE-2024-22186.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nThe application suffers from a privilege escalation vulnerability. An \nattacker logged in as guest can escalate his privileges by poisoning the\n cookie to become administrator.\n\n"
"value": "The application suffers from a privilege escalation vulnerability. An \nattacker logged in as guest can escalate his privileges by poisoning the\n cookie to become administrator."
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Electrolink ",
"vendor_name": "Electrolink",
"product": {
"product_data": [
{
@ -91,7 +91,7 @@
},
{
"version_affected": "=",
"version_value": "5kW "
"version_value": "5kW"
}
]
}
@ -114,7 +114,7 @@
},
{
"version_affected": "=",
"version_value": "2kW "
"version_value": "2kW"
}
]
}
@ -145,7 +145,7 @@
},
{
"version_affected": "=",
"version_value": "30kW "
"version_value": "30kW"
}
]
}
@ -156,8 +156,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "15W ",
"version_value": "40kW "
"version_name": "15W",
"version_value": "40kW"
}
]
}
@ -172,7 +172,7 @@
},
{
"version_affected": "=",
"version_value": "BIII "
"version_value": "BIII"
}
]
}
@ -183,8 +183,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "10W ",
"version_value": "5kW "
"version_name": "10W",
"version_value": "5kW"
}
]
}
@ -218,10 +218,10 @@
{
"base64": false,
"type": "text/html",
"value": "\nElectrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information.\n\n"
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"credits": [

56
2024/22xxx/CVE-2024-22590.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-22590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connection has been established."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://gist.github.com/QUICTester/ea3eb2ac736bb63e47c654e14e3ec556",
"url": "https://gist.github.com/QUICTester/ea3eb2ac736bb63e47c654e14e3ec556"
}
]
}

99
2024/26xxx/CVE-2024-26024.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-26024",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1357",
"cweId": "CWE-1357"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SUBNET",
"product": {
"product_data": [
{
"product_name": "Substation Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2.23.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-128-02",
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSubnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of Substation Server. Users\n are advised to update to version 2.23.11 or newer. To obtain this \nsoftware, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://subnet.com/contact/\">Subnet Solution's Customer Service.</a>\n\n<br>"
}
],
"value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of Substation Server. Users\n are advised to update to version 2.23.11 or newer. To obtain this \nsoftware, contact Subnet Solution's Customer Service. https://subnet.com/contact/"
}
],
"credits": [
{
"lang": "en",
"value": "SUBNET Solutions reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

2
2024/28xxx/CVE-2024-28042.json
View File

@ -76,7 +76,7 @@
{
"base64": false,
"type": "text/html",
"value": "\nSubnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of PowerSYSTEM Center. \nUsers are advised to update to version 5.20.x.x or newer. To obtain this\n software, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://subnet.com/contact/\">Subnet Solution's Customer Service.</a>\n\n<br>"
"value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of PowerSYSTEM Center. \nUsers are advised to update to version 5.20.x.x or newer. To obtain this\n software, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://subnet.com/contact/\">Subnet Solution's Customer Service.</a>\n\n<br>"
}
],
"value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of PowerSYSTEM Center. \nUsers are advised to update to version 5.20.x.x or newer. To obtain this\n software, contact Subnet Solution's Customer Service. https://subnet.com/contact/"

66
2024/30xxx/CVE-2024-30164.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30164",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-30164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this vulnerability on macOS is not the same as CVE-2024-30165."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html",
"url": "https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-linux.html"
},
{
"refsource": "MISC",
"name": "https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-macos.html",
"url": "https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-macos.html"
},
{
"refsource": "MISC",
"name": "https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-windows.html",
"url": "https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-windows.html"
}
]
}

56
2024/30xxx/CVE-2024-30165.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30165",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-30165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-macos.html",
"url": "https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-macos.html"
}
]
}

88
2024/30xxx/CVE-2024-30212.json
View File

@ -1,18 +1,96 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30212",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@microchip.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "If a SCSI READ(10) command is initiated via USB using the largest LBA \n(0xFFFFFFFF) with it's default block size of 512 and a count of 1,\n\nthe first 512 byte of the 0x80000000 memory area is returned to the \nuser. If the block count is increased, the full RAM can be exposed.\n\nThe same method works to write to this memory area. If RAM contains \npointers, those can be - depending on the application - overwritten to\n\nreturn data from any other offset including Progam and Boot Flash."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microchip",
"product": {
"product_data": [
{
"product_name": "MPLAB\u00ae Harmony 3 Core Module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.13.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Microchip-MPLAB-Harmony/core/commit/d4608a4f1a140bd899cd4337cdbfb343a4339216",
"refsource": "MISC",
"name": "https://github.com/Microchip-MPLAB-Harmony/core/commit/d4608a4f1a140bd899cd4337cdbfb343a4339216"
},
{
"url": "https://github.com/Microchip-MPLAB-Harmony/core/blob/master/release_notes.md",
"refsource": "MISC",
"name": "https://github.com/Microchip-MPLAB-Harmony/core/blob/master/release_notes.md"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "PSIRT-34",
"discovery": "UNKNOWN"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned. The same applies for SCSI WRITE."
}
],
"value": "If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned. The same applies for SCSI WRITE."
}
],
"credits": [
{
"lang": "en",
"value": "Fehr GmbH"
}
]
}

56
2024/34xxx/CVE-2024-34852.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34852",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-34852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful exploitation of this vulnerability may allow the attacker to execute system commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md",
"refsource": "MISC",
"name": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md"
}
]
}

56
2024/34xxx/CVE-2024-34854.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34854",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-34854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.`"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md",
"refsource": "MISC",
"name": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md"
}
]
}

56
2024/35xxx/CVE-2024-35341.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35341",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords (encrypted with a hardcoded key common to all devices). This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://willgu.es/pages/anpviz-ip-camera-vuln.html",
"refsource": "MISC",
"name": "https://willgu.es/pages/anpviz-ip-camera-vuln.html"
}
]
}

56
2024/35xxx/CVE-2024-35342.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35342",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Certain Anpviz products allow unauthenticated users to modify or disable camera related settings such as microphone volume, speaker volume, LED lighting, NTP, motion detection, etc. This affects IPC-D250, IPC-D260, IPC-B850 IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://willgu.es/pages/anpviz-ip-camera-vuln.html",
"refsource": "MISC",
"name": "https://willgu.es/pages/anpviz-ip-camera-vuln.html"
}
]
}

56
2024/35xxx/CVE-2024-35343.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35343",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Certain Anpviz products allow unauthenticated users to download arbitrary files from the device's filesystem via a HTTP GET request to the /playback/ URI. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 (IP Cameras) firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://willgu.es/pages/anpviz-ip-camera-vuln.html",
"refsource": "MISC",
"name": "https://willgu.es/pages/anpviz-ip-camera-vuln.html"
}
]
}

61
2024/35xxx/CVE-2024-35401.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35401",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://totolink.com",
"refsource": "MISC",
"name": "http://totolink.com"
},
{
"refsource": "MISC",
"name": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK%20CP900L/UploadFirmwareFile/README.md",
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK%20CP900L/UploadFirmwareFile/README.md"
}
]
}

56
2024/35xxx/CVE-2024-35403.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35403",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK%20CP900L/setIpPortFilterRules/README.md",
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK%20CP900L/setIpPortFilterRules/README.md"
}
]
}

66
2024/35xxx/CVE-2024-35563.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35563",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.esafenet.com/dzwdaqglxt",
"refsource": "MISC",
"name": "https://www.esafenet.com/dzwdaqglxt"
},
{
"url": "http://cdg.com",
"refsource": "MISC",
"name": "http://cdg.com"
},
{
"refsource": "MISC",
"name": "https://github.com/helloBegin/blog/tree/main",
"url": "https://github.com/helloBegin/blog/tree/main"
}
]
}

62
2024/36xxx/CVE-2024-36472.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-36472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688",
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688"
}
]
}
}

6
2024/3xxx/CVE-2024-3313.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SUBNET Solutions Inc. has identified vulnerabilities in third-party \ncomponents used in PowerSYSTEM Server 2021 and Substation Server 2021.\n\n"
"value": "SUBNET Solutions Inc. has identified vulnerabilities in third-party \ncomponents used in PowerSYSTEM Server 2021 and Substation Server 2021."
}
]
},
@ -88,10 +88,10 @@
{
"base64": false,
"type": "text/html",
"value": "\nSubnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of PowerSYSTEM Server and \nSubstation Server 2021. Users are advised to update to version \n4.09.00.927 or newer. To obtain this software, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://subnet.com/contact/\">Subnet Solution's Customer Service.</a>\n\n<br>"
"value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of PowerSYSTEM Server and \nSubstation Server 2021. Users are advised to update to version \n4.09.00.927 or newer. To obtain this software, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://subnet.com/contact/\">Subnet Solution's Customer Service.</a>\n\n<br>"
}
],
"value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of PowerSYSTEM Server and \nSubstation Server 2021. Users are advised to update to version \n4.09.00.927 or newer. To obtain this software, contact Subnet Solution's Customer Service. https://subnet.com/contact/ \n\n"
"value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of PowerSYSTEM Server and \nSubstation Server 2021. Users are advised to update to version \n4.09.00.927 or newer. To obtain this software, contact Subnet Solution's Customer Service. https://subnet.com/contact/"
}
],
"credits": [

24
2024/3xxx/CVE-2024-3741.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Electrolink transmitters are vulnerable to an authentication bypass \nvulnerability affecting the login cookie. An attacker can set an \narbitrary value except 'NO' to the login cookie and have full system \naccess.\n\n"
"value": "Electrolink transmitters are vulnerable to an authentication bypass \nvulnerability affecting the login cookie. An attacker can set an \narbitrary value except 'NO' to the login cookie and have full system \naccess."
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Electrolink ",
"vendor_name": "Electrolink",
"product": {
"product_data": [
{
@ -91,7 +91,7 @@
},
{
"version_affected": "=",
"version_value": "5kW "
"version_value": "5kW"
}
]
}
@ -114,7 +114,7 @@
},
{
"version_affected": "=",
"version_value": "2kW "
"version_value": "2kW"
}
]
}
@ -145,7 +145,7 @@
},
{
"version_affected": "=",
"version_value": "30kW "
"version_value": "30kW"
}
]
}
@ -156,8 +156,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "15W ",
"version_value": "40kW "
"version_name": "15W",
"version_value": "40kW"
}
]
}
@ -172,7 +172,7 @@
},
{
"version_affected": "=",
"version_value": "BIII "
"version_value": "BIII"
}
]
}
@ -183,8 +183,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "10W ",
"version_value": "5kW "
"version_name": "10W",
"version_value": "5kW"
}
]
}
@ -218,10 +218,10 @@
{
"base64": false,
"type": "text/html",
"value": "\nElectrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information.\n\n"
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"credits": [

24
2024/3xxx/CVE-2024-3742.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nElectrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.\n\n"
"value": "Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system."
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Electrolink ",
"vendor_name": "Electrolink",
"product": {
"product_data": [
{
@ -91,7 +91,7 @@
},
{
"version_affected": "=",
"version_value": "5kW "
"version_value": "5kW"
}
]
}
@ -114,7 +114,7 @@
},
{
"version_affected": "=",
"version_value": "2kW "
"version_value": "2kW"
}
]
}
@ -145,7 +145,7 @@
},
{
"version_affected": "=",
"version_value": "30kW "
"version_value": "30kW"
}
]
}
@ -156,8 +156,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "15W ",
"version_value": "40kW "
"version_name": "15W",
"version_value": "40kW"
}
]
}
@ -172,7 +172,7 @@
},
{
"version_affected": "=",
"version_value": "BIII "
"version_value": "BIII"
}
]
}
@ -183,8 +183,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "10W ",
"version_value": "5kW "
"version_name": "10W",
"version_value": "5kW"
}
]
}
@ -218,10 +218,10 @@
{
"base64": false,
"type": "text/html",
"value": "\nElectrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information.\n\n"
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"credits": [

12
2024/3xxx/CVE-2024-3746.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files.\n\n"
"value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-284 ",
"value": "CWE-284",
"cweId": "CWE-284"
}
]
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "ScadaPro ",
"product_name": "ScadaPro",
"version": {
"version_data": [
{
@ -66,7 +66,7 @@
},
"source": {
"advisory": "ICSA-24-107-01",
"discovery": "UNKNOWN"
"discovery": "EXTERNAL"
},
"work_around": [
{
@ -75,10 +75,10 @@
{
"base64": false,
"type": "text/html",
"value": "\nMeasuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone.\n\n<br>"
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone.\n\n<br>"
}
],
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone.\n\n"
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone."
}
],
"credits": [

18
2024/5xxx/CVE-2024-5436.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5436",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5437.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5437",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5438.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5438",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}