admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-01 05:00:32 +00:00
parent 13a37a87af
commit 8f2101fe7d
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 467 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2024/10xxx/CVE-2024-10619.json
View File

@ -1,17 +1,149 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10619",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /pda/reportshop/next_detail.php. The manipulation of the argument repid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Tongda OA 2017 bis 11.10 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /pda/reportshop/next_detail.php. Durch das Manipulieren des Arguments repid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tongda",
"product": {
"product_data": [
{
"product_name": "OA 2017",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0"
},
{
"version_affected": "=",
"version_value": "11.1"
},
{
"version_affected": "=",
"version_value": "11.2"
},
{
"version_affected": "=",
"version_value": "11.3"
},
{
"version_affected": "=",
"version_value": "11.4"
},
{
"version_affected": "=",
"version_value": "11.5"
},
{
"version_affected": "=",
"version_value": "11.6"
},
{
"version_affected": "=",
"version_value": "11.7"
},
{
"version_affected": "=",
"version_value": "11.8"
},
{
"version_affected": "=",
"version_value": "11.9"
},
{
"version_affected": "=",
"version_value": "11.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.282630",
"refsource": "MISC",
"name": "https://vuldb.com/?id.282630"
},
{
"url": "https://vuldb.com/?ctiid.282630",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.282630"
},
{
"url": "https://vuldb.com/?submit.433514",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.433514"
},
{
"url": "https://github.com/LvZCh/td/issues/10",
"refsource": "MISC",
"name": "https://github.com/LvZCh/td/issues/10"
}
]
},
"credits": [
{
"lang": "en",
"value": "LVZC1 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

105
2024/10xxx/CVE-2024-10620.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10620",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This affects an unknown part of the file /api/config/list of the component Configuration Center. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in knightliao Disconf 2.6.36 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /api/config/list der Komponente Configuration Center. Durch Beeinflussen mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "knightliao",
"product": {
"product_data": [
{
"product_name": "Disconf",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.6.36"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.282633",
"refsource": "MISC",
"name": "https://vuldb.com/?id.282633"
},
{
"url": "https://vuldb.com/?ctiid.282633",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.282633"
},
{
"url": "https://vuldb.com/?submit.429927",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.429927"
},
{
"url": "https://github.com/knightliao/disconf/issues/431",
"refsource": "MISC",
"name": "https://github.com/knightliao/disconf/issues/431"
},
{
"url": "https://github.com/knightliao/disconf/issues/431#issue-2607011340",
"refsource": "MISC",
"name": "https://github.com/knightliao/disconf/issues/431#issue-2607011340"
}
]
},
"credits": [
{
"lang": "en",
"value": "gaogaostone (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
}
]
}

94
2024/21xxx/CVE-2024-21510.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21510",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reliance on Untrusted Inputs in a Security Decision",
"cweId": "CWE-807"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "sinatra",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.0.0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832"
},
{
"url": "https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319",
"refsource": "MISC",
"name": "https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L319"
},
{
"url": "https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17",
"refsource": "MISC",
"name": "https://github.com/sinatra/sinatra/blob/b626e2d82c23b4fde0b51782fd32ca27ccde1d1a/lib/sinatra/base.rb%23L323C1-L343C17"
},
{
"url": "https://github.com/sinatra/sinatra/pull/2010",
"refsource": "MISC",
"name": "https://github.com/sinatra/sinatra/pull/2010"
}
]
},
"credits": [
{
"lang": "en",
"value": "t0rchwo0d"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P"
}
]
}

74
2024/47xxx/CVE-2024-47939.json
View File

@ -1,17 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stack-based buffer overflow vulnerability exists in multiple Ricoh laser printers and MFPs which implement Web Image Monitor. If this vulnerability is exploited, receiving a specially crafted request created and sent by an attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition. As for the details of affected product names and versions, refer to the information provided by the vendor under [References]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based buffer overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ricoh Company, Ltd.",
"product": {
"product_data": [
{
"product_name": "Multiple laser printers and MFPs which implement Web Image Monitor",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "see the information provided by the vendor"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000011",
"refsource": "MISC",
"name": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000011"
},
{
"url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2024-000011",
"refsource": "MISC",
"name": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2024-000011"
},
{
"url": "https://jvn.jp/en/jp/JVN87770340/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN87770340/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseSeverity": "CRITICAL",
"baseScore": 9.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
]
}

74
2024/49xxx/CVE-2024-49501.json
View File

@ -1,17 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49501",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OMRON Corporation",
"product": {
"product_data": [
{
"product_name": "SYSMAC-SE2[][][]",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-006_en.pdf",
"refsource": "MISC",
"name": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-006_en.pdf"
},
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2024-006_ja.pdf",
"refsource": "MISC",
"name": "https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2024-006_ja.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95685374",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU95685374"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseSeverity": "MEDIUM",
"baseScore": 5.7,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
}
]
}