admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-14 09:00:32 +00:00
parent b9cd0f9edf
commit 8c7018e84f
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 786 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
2024/28xxx/CVE-2024-28133.json
View File

@ -1,17 +1,142 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28133",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tA local low privileged attacker can use an untrusted search path in a\u00a0CHARX system utility to gain\u00a0root\nprivileges.\u00a0\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path",
"cweId": "CWE-426"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "CHARX SEC-3000",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3050",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3150",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-019",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-019"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-019",
"defect": [
"CERT@VDE#64664"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Trend Micro's Zero Day Initiative"
},
{
"lang": "en",
"value": "Summoning Team"
},
{
"lang": "en",
"value": "Sina Kheirkhah"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

133
2024/28xxx/CVE-2024-28134.json
View File

@ -1,17 +1,142 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28134",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\t\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\n\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tAn unauthenticated remote attacker can extract a session token with a MitM attack and gain\u00a0web-based\nmanagement access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required.\u00a0The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected.\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information",
"cweId": "CWE-319"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "CHARX SEC-3000",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3050",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3150",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-019",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-019"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-019",
"defect": [
"CERT@VDE#64664"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Trend Micro's Zero Day Initiative"
},
{
"lang": "en",
"value": "Summoning Team"
},
{
"lang": "en",
"value": "Sina Kheirkhah"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
]
}

133
2024/28xxx/CVE-2024-28135.json
View File

@ -1,17 +1,142 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28135",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\t\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\n\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tA low privileged remote attacker can use\u00a0a command injection vulnerability in the API which performs\nremote code execution as the user-app\u00a0user\u00a0due to improper input validation. The confidentiality is partly affected.\n\n\n\n\n\n\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "CHARX SEC-3000",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3050",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3150",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-019",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-019"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-019",
"defect": [
"CERT@VDE#64664"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Trend Micro's Zero Day Initiative"
},
{
"lang": "en",
"value": "Summoning Team"
},
{
"lang": "en",
"value": "Sina Kheirkhah"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

129
2024/28xxx/CVE-2024-28136.json
View File

@ -1,17 +1,138 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28136",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\t\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\n\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tA local attacker with low privileges can use a command injection vulnerability to gain root\nprivileges due to improper input validation using the OCPP Remote service.\n\n\n\n\n\n\n\n\n\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "CHARX SEC-3000",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3050",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3150",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-019",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-019"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-019",
"defect": [
"CERT@VDE#64664"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Trend Micro's Zero Day Initiative"
},
{
"lang": "en",
"value": "ByteInsight"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

129
2024/28xxx/CVE-2024-28137.json
View File

@ -1,17 +1,138 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28137",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\t\n\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\n\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tA local attacker with low privileges can\u00a0perform a privilege escalation with an init script due to a TOCTOU vulnerability.\n\n\n\n\n\n\n\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"cweId": "CWE-367"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "CHARX SEC-3000",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3050",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
},
{
"product_name": "CHARX SEC-3150",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-019",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-019"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-019",
"defect": [
"CERT@VDE#64664"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Trend Micro's Zero Day Initiative"
},
{
"lang": "en",
"value": "Todd Manning"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

83
2024/3xxx/CVE-2024-3579.json
View File

@ -1,18 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3579",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Open-source project Online Shopping System Advanced is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.\u00a0\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Puneeth Reddy",
"product": {
"product_data": [
{
"product_name": "Online Shopping System Advanced",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.pl/en/posts/2024/05/CVE-2024-3579",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2024/05/CVE-2024-3579"
},
{
"url": "https://cert.pl/posts/2024/05/CVE-2024-3579",
"refsource": "MISC",
"name": "https://cert.pl/posts/2024/05/CVE-2024-3579"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c (CERT.PL) "
}
]
}

75
2024/4xxx/CVE-2024-4392.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4392",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Jetpack \u2013 WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all versions up to, and including, 13.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "automattic",
"product": {
"product_data": [
{
"product_name": "Jetpack \u2013 WP Security, Backup, Speed, & Growth",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "13.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11dceac7-7ff8-4384-9046-919c38947c32?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11dceac7-7ff8-4384-9046-919c38947c32?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jetpack/tags/13.3.1/modules/videopress/class.videopress-player.php#L335",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/jetpack/tags/13.3.1/modules/videopress/class.videopress-player.php#L335"
}
]
},
"credits": [
{
"lang": "en",
"value": "wesley"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}