admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-10 16:00:31 +00:00
parent 4db13dd7d4
commit 8f9373356b
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
17 changed files with 517 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
2023/25xxx/CVE-2023-25581.json
View File

@ -1,18 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25581",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited by providing an attribute that contains a serialized Java object with a special prefix `{#sb64}` and Base64 encoding. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. pac4j versions 4.0.0 and greater are not affected by this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pac4j",
"product": {
"product_data": [
{
"product_name": "pac4j",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2022-085_pac4j/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2022-085_pac4j/"
},
{
"url": "https://github.com/frohoff/ysoserial",
"refsource": "MISC",
"name": "https://github.com/frohoff/ysoserial"
},
{
"url": "https://github.com/pac4j/pac4j/blob/5834aeb22ad3a4369dfa572be60d7b20f5784a8f/pac4j-core/src/main/java/org/pac4j/core/profile/InternalAttributeHandler.java#L95",
"refsource": "MISC",
"name": "https://github.com/pac4j/pac4j/blob/5834aeb22ad3a4369dfa572be60d7b20f5784a8f/pac4j-core/src/main/java/org/pac4j/core/profile/InternalAttributeHandler.java#L95"
},
{
"url": "https://portswigger.net/web-security/deserialization",
"refsource": "MISC",
"name": "https://portswigger.net/web-security/deserialization"
}
]
},
"source": {
"advisory": "GHSA-76mw-6p95-x9x5",
"discovery": "UNKNOWN"
}
}

6
2023/42xxx/CVE-2023-42137.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.\n\n\n\n\nThe attacker must have shell access to the device in order to exploit this vulnerability. \n\n\n"
"value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.\n\n\n\n\nThe attacker must have shell access to the device in order to exploit this vulnerability."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')",
"cweId": "CWE-59"
}
]
}

8
2023/4xxx/CVE-2023-4537.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data",
"cweId": "CWE-311"
"value": "CWE-755 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')",
"cweId": "CWE-755"
}
]
}
@ -61,9 +61,9 @@
"name": "https://cert.pl/en/posts/2024/02/CVE-2023-4537/"
},
{
"url": "https://cert.pl/posts/2023/02/CVE-2023-4537/",
"url": "https://cert.pl/posts/2024/02/CVE-2023-4537/",
"refsource": "MISC",
"name": "https://cert.pl/posts/2023/02/CVE-2023-4537/"
"name": "https://cert.pl/posts/2024/02/CVE-2023-4537/"
}
]
},

10
2023/4xxx/CVE-2023-4540.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. \n\nThis issue affects lua-http: all versions before commit ddab283."
"value": "Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. \nSuch a request causes the program to enter an infinite loop. \n\nThis issue affects lua-http: all versions before commit ddab283."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions",
"cweId": "CWE-755"
"value": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
}
]
}
@ -66,9 +66,9 @@
"name": "https://cert.pl/posts/2023/09/CVE-2023-4540/"
},
{
"url": "https://https://cert.pl/en/posts/2023/09/CVE-2023-4540/",
"url": "https://cert.pl/en/posts/2023/09/CVE-2023-4540/",
"refsource": "MISC",
"name": "https://https://cert.pl/en/posts/2023/09/CVE-2023-4540/"
"name": "https://cert.pl/en/posts/2023/09/CVE-2023-4540/"
}
]
},

6
2023/4xxx/CVE-2023-4612.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Authentication vulnerability in Apereo CAS in\u00a0jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.\n\n\n\n\n\n\n\n\n"
"value": "Improper Authentication vulnerability in Apereo CAS in\u00a0jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
"value": "CWE-302 Authentication Bypass by Assumed-Immutable Data",
"cweId": "CWE-302"
}
]
}

6
2023/4xxx/CVE-2023-4818.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.\u00a0\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability.\n\n"
"value": "PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.\u00a0\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}

6
2023/5xxx/CVE-2023-5378.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2.\u00a0MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown.\n\n\n"
"value": "Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2.\u00a0MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}

6
2023/6xxx/CVE-2023-6551.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. \n\n\nDevelopers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. \n\n\nThe README has been updated to include these guidelines.\n\n\n"
"value": "As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. \n\n\nDevelopers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. \n\n\nThe README has been updated to include these guidelines."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}

8
2023/6xxx/CVE-2023-6998.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.\n\n"
"value": "Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
"value": "CWE-305 Authentication Bypass by Primary Weakness",
"cweId": "CWE-305"
}
]
}
@ -42,7 +42,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.2.0 "
"version_value": "5.2.0"
}
]
}

6
2024/0xxx/CVE-2024-0864.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example.\nBy default, Laragon is not vulnerable until a user decides to use the\u00a0aforementioned plugin. \n"
"value": "Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example.\nBy default, Laragon is not vulnerable until a user decides to use the\u00a0aforementioned plugin."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}

6
2024/1xxx/CVE-2024-1604.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper authorization in the report management and creation module of BMC Control-M branches\u00a09.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate.\n\nFix for 9.0.20 branch was released in version 9.0.20.238.\u00a0Fix for 9.0.21 branch was released in version 9.0.21.201. \n"
"value": "Improper authorization in the report management and creation module of BMC Control-M branches\u00a09.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate.\n\n\n\n\n\n\n\nFix for 9.0.20 branch was released in version 9.0.20.238.\u00a0Fix for 9.0.21 branch was released in version 9.0.21.201."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]
}

6
2024/1xxx/CVE-2024-1605.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. \n\nFix for 9.0.20 branch was released in version 9.0.20.238.\u00a0Fix for 9.0.21 branch was released in version 9.0.21.201. \n\n"
"value": "BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. \n\n\n\n\n\nFix for 9.0.20 branch was released in version 9.0.20.238.\u00a0Fix for 9.0.21 branch was released in version 9.0.21.201."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control",
"cweId": "CWE-284"
"value": "CWE-276 Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}

6
2024/2xxx/CVE-2024-2759.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4.\n\n"
"value": "Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control",
"cweId": "CWE-284"
"value": "CWE-552 Files or Directories Accessible to External Parties",
"cweId": "CWE-552"
}
]
}

100
2024/9xxx/CVE-2024-9790.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9790",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in LyLme_spage 1.9.5 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/sou.php. Durch die Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "LyLme_spage",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.9.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.279942",
"refsource": "MISC",
"name": "https://vuldb.com/?id.279942"
},
{
"url": "https://vuldb.com/?ctiid.279942",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.279942"
},
{
"url": "https://vuldb.com/?submit.414578",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.414578"
},
{
"url": "https://wiki.shikangsi.com/post/share/9c237d56-972e-40b4-9656-a1083ed84702",
"refsource": "MISC",
"name": "https://wiki.shikangsi.com/post/share/9c237d56-972e-40b4-9656-a1083ed84702"
}
]
},
"credits": [
{
"lang": "en",
"value": "wiki (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.7,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
}
]
}

100
2024/9xxx/CVE-2024-9792.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9792",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely."
},
{
"lang": "deu",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Es wurde eine Schwachstelle in D-Link DSL-2750U R5B017 entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Port Forwarding Page. Mittels Manipulieren des Arguments PortMappingDescription mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DSL-2750U",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "R5B017"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.279945",
"refsource": "MISC",
"name": "https://vuldb.com/?id.279945"
},
{
"url": "https://vuldb.com/?ctiid.279945",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.279945"
},
{
"url": "https://vuldb.com/?submit.415532",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.415532"
},
{
"url": "https://www.dlink.com/",
"refsource": "MISC",
"name": "https://www.dlink.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "TheRaghul (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}

202
2024/9xxx/CVE-2024-9793.json
View File

@ -1,17 +1,211 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9793",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In Tenda AC1206 bis 15.03.06.23 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion ate_iwpriv_set/ate_ifconfig_set der Datei /goform/ate. Durch das Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC1206",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15.03.06.0"
},
{
"version_affected": "=",
"version_value": "15.03.06.1"
},
{
"version_affected": "=",
"version_value": "15.03.06.2"
},
{
"version_affected": "=",
"version_value": "15.03.06.3"
},
{
"version_affected": "=",
"version_value": "15.03.06.4"
},
{
"version_affected": "=",
"version_value": "15.03.06.5"
},
{
"version_affected": "=",
"version_value": "15.03.06.6"
},
{
"version_affected": "=",
"version_value": "15.03.06.7"
},
{
"version_affected": "=",
"version_value": "15.03.06.8"
},
{
"version_affected": "=",
"version_value": "15.03.06.9"
},
{
"version_affected": "=",
"version_value": "15.03.06.10"
},
{
"version_affected": "=",
"version_value": "15.03.06.11"
},
{
"version_affected": "=",
"version_value": "15.03.06.12"
},
{
"version_affected": "=",
"version_value": "15.03.06.13"
},
{
"version_affected": "=",
"version_value": "15.03.06.14"
},
{
"version_affected": "=",
"version_value": "15.03.06.15"
},
{
"version_affected": "=",
"version_value": "15.03.06.16"
},
{
"version_affected": "=",
"version_value": "15.03.06.17"
},
{
"version_affected": "=",
"version_value": "15.03.06.18"
},
{
"version_affected": "=",
"version_value": "15.03.06.19"
},
{
"version_affected": "=",
"version_value": "15.03.06.20"
},
{
"version_affected": "=",
"version_value": "15.03.06.21"
},
{
"version_affected": "=",
"version_value": "15.03.06.22"
},
{
"version_affected": "=",
"version_value": "15.03.06.23"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.279946",
"refsource": "MISC",
"name": "https://vuldb.com/?id.279946"
},
{
"url": "https://vuldb.com/?ctiid.279946",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.279946"
},
{
"url": "https://vuldb.com/?submit.418061",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.418061"
},
{
"url": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_004/report.md",
"refsource": "MISC",
"name": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_004/report.md"
},
{
"url": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_003/report.md",
"refsource": "MISC",
"name": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_003/report.md"
},
{
"url": "https://www.tenda.com.cn/",
"refsource": "MISC",
"name": "https://www.tenda.com.cn/"
}
]
},
"credits": [
{
"lang": "en",
"value": "ixout (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2024/9xxx/CVE-2024-9823.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9823",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}