admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-26 08:00:34 +00:00
parent 52e3f3bf71
commit 9efca41727
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
24 changed files with 2226 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

218
2024/11xxx/CVE-2024-11202.json
View File

@ -1,17 +1,227 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11202",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "creativemindssolutions",
"product": {
"product_data": [
{
"product_name": "CM WordPress Search And Replace Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.4.2"
}
]
}
},
{
"product_name": "Video Lessons Manager \u2013 WordPress LMS Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.8.2"
}
]
}
},
{
"product_name": "CM Tooltip Glossary",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "4.3.11"
}
]
}
},
{
"product_name": "CM Pop-Up Banners for WordPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.7.5"
}
]
}
},
{
"product_name": "CM Header & Footer Script Loader \u2013 Insert Script Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.2.1"
}
]
}
},
{
"product_name": "Name: CM E-Mail Registration Blacklist",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.5.3"
}
]
}
},
{
"product_name": "CM Business Directory Plugin \u2013 Business Listing Directory",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db759c60-9ce9-407d-8d1f-cbbfd09759d5?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db759c60-9ce9-407d-8d1f-cbbfd09759d5?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cm-pop-up-banners/trunk/package/cminds-free.php#L1471",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/cm-pop-up-banners/trunk/package/cminds-free.php#L1471"
},
{
"url": "https://wordpress.org/plugins/cm-pop-up-banners/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/cm-pop-up-banners/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cm-header-footer-script-loader/trunk/package/cminds-free.php#L1465",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/cm-header-footer-script-loader/trunk/package/cminds-free.php#L1465"
},
{
"url": "https://plugins.trac.wordpress.org/browser/enhanced-tooltipglossary/trunk/package/cminds-free.php#L1465",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/enhanced-tooltipglossary/trunk/package/cminds-free.php#L1465"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cm-business-directory/trunk/package/cminds-free.php#L1465",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/cm-business-directory/trunk/package/cminds-free.php#L1465"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cm-video-lesson-manager/trunk/package/cminds-free.php#L1465",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/cm-video-lesson-manager/trunk/package/cminds-free.php#L1465"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cm-email-blacklist/trunk/package/cminds-free.php#L1465",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/cm-email-blacklist/trunk/package/cminds-free.php#L1465"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cm-on-demand-search-and-replace/trunk/package/cminds-free.php#L1469",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/cm-on-demand-search-and-replace/trunk/package/cminds-free.php#L1469"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3191536/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3191536/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3192416/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3192416/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3193808/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3193808/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3192354/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3192354/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3194393/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3194393/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3192808/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3192808/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3192381/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3192381/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Peter Thaleikis"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

18
2024/11xxx/CVE-2024-11737.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11737",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11738.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11738",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

107
2024/28xxx/CVE-2024-28038.json
View File

@ -1,17 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28038",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based buffer overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Sharp Corporation listed under [References]"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html",
"refsource": "MISC",
"name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "CRITICAL",
"baseScore": 9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
]
}

107
2024/28xxx/CVE-2024-28955.json
View File

@ -1,17 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28955",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect permission assignment for critical resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Sharp Corporation listed under [References]"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html",
"refsource": "MISC",
"name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "MEDIUM",
"baseScore": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
]
}

107
2024/29xxx/CVE-2024-29146.json
View File

@ -1,17 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29146",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext storage of sensitive information",
"cweId": "CWE-312"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Sharp Corporation listed under [References]"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html",
"refsource": "MISC",
"name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "MEDIUM",
"baseScore": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
]
}

107
2024/29xxx/CVE-2024-29978.json
View File

@ -1,17 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29978",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Plaintext storage of a password",
"cweId": "CWE-256"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Sharp Corporation listed under [References]"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html",
"refsource": "MISC",
"name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "MEDIUM",
"baseScore": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
]
}

97
2024/32xxx/CVE-2024-32151.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32151",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Storing passwords in a recoverable format",
"cweId": "CWE-257"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Sharp Corporation listed under [References]"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html",
"refsource": "MISC",
"name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}

97
2024/33xxx/CVE-2024-33605.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33605",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper limitation of a pathname to a restricted directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Sharp Corporation listed under [References]"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html",
"refsource": "MISC",
"name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}

107
2024/33xxx/CVE-2024-33610.json
View File

@ -1,17 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33610",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\"sessionlist.html\" and \"sys_trayentryreboot.html\" are accessible with no authentication. \"sessionlist.html\" provides logged-in users' session information including session cookies, and \"sys_trayentryreboot.html\" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass Using an Alternate Path or Channel",
"cweId": "CWE-288"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Sharp Corporation listed under [References]"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html",
"refsource": "MISC",
"name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "CRITICAL",
"baseScore": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
}
]
}

106
2024/33xxx/CVE-2024-33616.json
View File

@ -1,17 +1,115 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33616",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Sharp Corporation listed under [References]"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html",
"refsource": "MISC",
"name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "MEDIUM",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
]
}

107
2024/34xxx/CVE-2024-34162.json
View File

@ -1,17 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34162",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to \"SIMPLE\", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access to critical private variable via public method",
"cweId": "CWE-767"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Sharp Corporation listed under [References]"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html",
"refsource": "MISC",
"name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "MEDIUM",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
]
}

107
2024/35xxx/CVE-2024-35244.json
View File

@ -1,17 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35244",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Sharp Corporation listed under [References]"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html",
"refsource": "MISC",
"name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "CRITICAL",
"baseScore": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
}
]
}

107
2024/36xxx/CVE-2024-36248.json
View File

@ -1,17 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36248",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Sharp Corporation listed under [References]"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html",
"refsource": "MISC",
"name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "CRITICAL",
"baseScore": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
}
]
}

102
2024/36xxx/CVE-2024-36249.json
View File

@ -1,17 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36249",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Sharp Corporation listed under [References]"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93051062/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
}
]
}

107
2024/36xxx/CVE-2024-36251.json
View File

@ -1,17 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36251",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Sharp Corporation listed under [References]"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html",
"refsource": "MISC",
"name": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
]
}

102
2024/36xxx/CVE-2024-36254.json
View File

@ -1,17 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sharp Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Sharp Corporation listed under [References]"
}
]
}
}
]
}
},
{
"vendor_name": "Toshiba Tec Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple MFPs (multifunction printers)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html",
"refsource": "MISC",
"name": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html",
"refsource": "MISC",
"name": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/",
"refsource": "MISC",
"name": "https://jvn.jp/en/vu/JVNVU93051062/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "HIGH",
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
]
}

89
2024/47xxx/CVE-2024-47257.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47257",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@axis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Florent Thi\u00e9ry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. \nAxis has released patched AXIS OS versions for the highlighted flaw for products that are still under AXIS OS software support. Please refer to the Axis security advisory for more information and solution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1284: Improper Validation of Specified Quantity in Input",
"cweId": "CWE-1284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axis Communications AB",
"product": {
"product_data": [
{
"product_name": "AXIS Q6128-E PTZ Network Camera",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.50"
}
]
}
},
{
"product_name": "AXIS P1428-E Network Camera",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.50"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.axis.com/dam/public/permalink/231088/cve-2024-47257pdf-en-US_InternalID-231088.pdf",
"refsource": "MISC",
"name": "https://www.axis.com/dam/public/permalink/231088/cve-2024-47257pdf-en-US_InternalID-231088.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

89
2024/6xxx/CVE-2024-6476.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6476",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@axis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart. \n Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axis Communications AB",
"product": {
"product_data": [
{
"product_name": "AXIS Camera Station Pro",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<6.4"
}
]
}
},
{
"product_name": "AXIS Camera Station",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<5.57.33556"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.axis.com/dam/public/e5/24/82/cve-2024-6476pdf-en-US-455104.pdf",
"refsource": "MISC",
"name": "https://www.axis.com/dam/public/e5/24/82/cve-2024-6476pdf-en-US-455104.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
]
}

89
2024/6xxx/CVE-2024-6749.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6749",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@axis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply. \n\n Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axis Communications AB",
"product": {
"product_data": [
{
"product_name": "AXIS Camera Station Pro",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0 - 6.3"
}
]
}
},
{
"product_name": "AXIS Camera Station",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.25 - 5.57.27610"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.axis.com/dam/public/e6/e8/1e/cve-2024-6749-en-US-455106.pdf",
"refsource": "MISC",
"name": "https://www.axis.com/dam/public/e6/e8/1e/cve-2024-6749-en-US-455106.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

89
2024/6xxx/CVE-2024-6831.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6831",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@axis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. \nAxis has released patched versions for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-602: Client-Side Enforcement of Server-Side Security",
"cweId": "CWE-602"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axis Communications AB",
"product": {
"product_data": [
{
"product_name": "AXIS Camera Station Pro",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<6.4"
}
]
}
},
{
"product_name": "AXIS Camera Station",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<5.57.33556"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.axis.com/dam/public/a2/9a/41/cve-2024-6831-en-US-455107.pdf",
"refsource": "MISC",
"name": "https://www.axis.com/dam/public/a2/9a/41/cve-2024-6831-en-US-455107.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

78
2024/8xxx/CVE-2024-8160.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8160",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@axis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"cweId": "CWE-1286"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axis Communications AB",
"product": {
"product_data": [
{
"product_name": "AXIS OS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.9 - 12.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.axis.com/dam/public/permalink/231071/cve-2024-8160pdf-en-US_InternalID-231071.pdf",
"refsource": "MISC",
"name": "https://www.axis.com/dam/public/permalink/231071/cve-2024-8160pdf-en-US_InternalID-231071.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

78
2024/8xxx/CVE-2024-8772.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8772",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@axis.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"cweId": "CWE-1286"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axis Communications AB",
"product": {
"product_data": [
{
"product_name": "AXIS OS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.80 - 12.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.axis.com/dam/public/permalink/231072/cve-2024-8772pdf-en-US_InternalID-231072.pdf",
"refsource": "MISC",
"name": "https://www.axis.com/dam/public/permalink/231072/cve-2024-8772pdf-en-US_InternalID-231072.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

81
2024/9xxx/CVE-2024-9504.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9504",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpdevart",
"product": {
"product_data": [
{
"product_name": "Booking calendar, Appointment Booking System",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.2.15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1fb05281-205f-4d9c-aac9-2b37e069a6fb?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1fb05281-205f-4d9c-aac9-2b37e069a6fb?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3195800/booking-calendar",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3195800/booking-calendar"
},
{
"url": "https://hacked.be/posts/CVE-2024-9504",
"refsource": "MISC",
"name": "https://hacked.be/posts/CVE-2024-9504"
}
]
},
"credits": [
{
"lang": "en",
"value": "Rein Daelman"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
]
}