admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-14 09:00:35 +00:00
parent b2cdd8be61
commit 89822ba4a7
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 503 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2024/36xxx/CVE-2024-36264.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils.\n\nThis issue affects Apache Submarine Commons Utils: from 0.8.0.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils.\n\nIf the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be used.\n\n\nThis issue affects Apache Submarine Commons Utils: from 0.8.0.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
@ -64,11 +64,6 @@
"url": "https://lists.apache.org/thread/7mo0c7vbhpo8thvybl8wwvb0bccrg7r4",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/7mo0c7vbhpo8thvybl8wwvb0bccrg7r4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/12/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/06/12/2"
}
]
},

84
2024/43xxx/CVE-2024-43701.json
View File

@ -1,18 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43701",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@imgtec.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free",
"cweId": "CWE-416"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Imagination Technologies",
"product": {
"product_data": [
{
"product_name": "Graphics DDK",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "24.2 RTM1",
"status": "affected",
"version": "1.17",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "24.2 RTM2",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities",
"refsource": "MISC",
"name": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

69
2024/46xxx/CVE-2024-46911.json
View File

@ -1,18 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46911",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4.\n\nRoller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue.\n\nRoller 6.1.4 release announcement:\u00a0 https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Roller",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.0",
"version_value": "6.1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/6m0ghjo9j92qty00t2qb6qf2spds0p5t",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/6m0ghjo9j92qty00t2qb6qf2spds0p5t"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Chi Tran from EEVEE"
}
]
}

183
2024/9xxx/CVE-2024-9137.json
View File

@ -1,17 +1,192 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9137",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@moxa.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Moxa",
"product": {
"product_data": [
{
"product_name": "EDR-8010 Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.12.1"
}
]
}
},
{
"product_name": "EDR-G9004 Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.12.1"
}
]
}
},
{
"product_name": "EDR-G9010 Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.12.1"
}
]
}
},
{
"product_name": "EDF-G1002-BP Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.12.1"
}
]
}
},
{
"product_name": "NAT-102 Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.0.5"
}
]
}
},
{
"product_name": "OnCell G4302-LTE4 Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.9"
}
]
}
},
{
"product_name": "TN-4900 Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances",
"refsource": "MISC",
"name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p></p><ul><li>Minimize network exposure to ensure the device is not accessible from the Internet.</li><li>Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.</li><li>Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.</li></ul><p></p>\n\n\n<br>"
}
],
"value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n * Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.</p><ol><li>EDR-8010 Series: Upgrade to the firmware version 3.13.</li><li>EDR-G9004 Series: Upgrade to the firmware version 3.13.</li><li>EDR-G9010 Series: Upgrade to the firmware version 3.13.</li><li>EDR-G1002-BP Series: Upgrade to the firmware version 3.13.</li><li>NAT-102 Series: Please contact Moxa Technical Support for the security patch.</li><li>ONCell G4302-LTE4 Series: Upgrade to the firmware version 3.13.</li><li>TN-4900 Series: Upgrade to the firmware version 3.13.</li></ol>"
}
],
"value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.\n\n * EDR-8010 Series: Upgrade to the firmware version 3.13.\n * EDR-G9004 Series: Upgrade to the firmware version 3.13.\n * EDR-G9010 Series: Upgrade to the firmware version 3.13.\n * EDR-G1002-BP Series: Upgrade to the firmware version 3.13.\n * NAT-102 Series: Please contact Moxa Technical Support for the security patch.\n * ONCell G4302-LTE4 Series: Upgrade to the firmware version 3.13.\n * TN-4900 Series: Upgrade to the firmware version 3.13."
}
],
"credits": [
{
"lang": "en",
"value": "Lars Haulin"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
]
}

183
2024/9xxx/CVE-2024-9139.json
View File

@ -1,17 +1,192 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9139",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@moxa.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Moxa",
"product": {
"product_data": [
{
"product_name": "EDR-8010 Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.12.1"
}
]
}
},
{
"product_name": "EDR-G9004 Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.12.1"
}
]
}
},
{
"product_name": "EDR-G9010 Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.12.1"
}
]
}
},
{
"product_name": "EDF-G1002-BP Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.12.1"
}
]
}
},
{
"product_name": "NAT-102 Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.0.5"
}
]
}
},
{
"product_name": "OnCell G4302-LTE4 Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.9"
}
]
}
},
{
"product_name": "TN-4900 Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances",
"refsource": "MISC",
"name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p></p><ul><li>Minimize network exposure to ensure the device is not accessible from the Internet.</li><li>Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.</li><li>Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.</li></ul><p></p>\n\n\n<br>"
}
],
"value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n * Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.</p><ol><li><span style=\"background-color: var(--wht);\">EDR-8010 Series: Upgrade to the firmware version 3.13.</span></li><li>EDR-G9004 Series: Upgrade to the firmware version 3.13.</li><li>EDR-G9010 Series: Upgrade to the firmware version 3.13.</li><li>EDF-G1002-BP Series: Upgrade to the firmware version 3.13.</li><li>NAT-102 Series: Please contact Moxa Technical Support for the security patch.</li><li>OnCell G4302-LTE4 Series: Upgrade to the firmware version 3.13.</li><li>TN-4900 Series: Upgrade to the firmware version 3.13.</li></ol><br>"
}
],
"value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.\n\n * EDR-8010 Series: Upgrade to the firmware version 3.13.\n * EDR-G9004 Series: Upgrade to the firmware version 3.13.\n * EDR-G9010 Series: Upgrade to the firmware version 3.13.\n * EDF-G1002-BP Series: Upgrade to the firmware version 3.13.\n * NAT-102 Series: Please contact Moxa Technical Support for the security patch.\n * OnCell G4302-LTE4 Series: Upgrade to the firmware version 3.13.\n * TN-4900 Series: Upgrade to the firmware version 3.13."
}
],
"credits": [
{
"lang": "en",
"value": "Lars Haulin"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}