admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-14 04:00:31 +00:00
parent aa3759dc29
commit 9fdcf70a9a
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
13 changed files with 570 additions and 252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
2023/28xxx/CVE-2023-28703.json
View File

@ -1,16 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2023-05-30T09:00:00.000Z",
"ID": "CVE-2023-28703",
"STATE": "PUBLIC",
"TITLE": "ASUS RT-AC86U - Buffer Overflow"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUS RT-AC86U\u2019s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ASUS",
"product": {
"product_data": [
{
@ -25,71 +47,49 @@
}
}
]
},
"vendor_name": "ASUS"
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tmotfl (Xingyu Xu)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "ASUS RT-AC86U\u2019s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service."
"url": "https://www.twcert.org.tw/tw/cp-132-7147-afcf9-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-7147-afcf9-1.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-7147-afcf9-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-7147-afcf9-1.html"
}
]
},
"source": {
"advisory": "TVN-202305005",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Tmotfl (Xingyu Xu)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

114
2023/28xxx/CVE-2023-28704.json
View File

@ -1,16 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2023-05-30T09:05:00.000Z",
"ID": "CVE-2023-28704",
"STATE": "PUBLIC",
"TITLE": "Furbo dog camera - Command Injection"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Furbo",
"product": {
"product_data": [
{
@ -25,71 +47,49 @@
}
}
]
},
"vendor_name": "Furbo"
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lee Pu, Weber Tasi, KaiChing Wang (CHT Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service."
"url": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html"
}
]
},
"source": {
"advisory": "TVN-202305006",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Lee Pu, Weber Tasi, KaiChing Wang (CHT Security)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

121
2023/30xxx/CVE-2023-30602.json
View File

@ -1,16 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2023-05-02T06:30:00.000Z",
"ID": "CVE-2023-30602",
"STATE": "PUBLIC",
"TITLE": "Hitron Technologies Inc. CODA-5310 - Insecure service Telnet"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hitron Technologies CODA-5310\u2019s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information",
"cweId": "CWE-319"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hitron Technologies Inc.",
"product": {
"product_data": [
{
@ -25,71 +47,56 @@
}
}
]
},
"vendor_name": "Hitron Technologies Inc."
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Hitron Technologies CODA-5310\u2019s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator."
"url": "https://www.twcert.org.tw/tw/cp-132-7084-74e83-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-7084-74e83-1.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311: Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-7084-74e83-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-7084-74e83-1.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Hitron Technologies Inc. has provided a problem-solving version to the internet service provider and informed them to upgrade. If there are any issues, please contact the network provider."
}
],
"source": {
"advisory": "TVN-202304003",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Hitron Technologies Inc. has provided a problem-solving version to the internet service provider and informed them to upgrade. If there are any issues, please contact the network provider.</p>"
}
],
"value": "Hitron Technologies Inc. has provided a problem-solving version to the internet service provider and informed them to upgrade. If there are any issues, please contact the network provider."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}
}

121
2023/30xxx/CVE-2023-30603.json
View File

@ -1,16 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2023-05-02T06:30:00.000Z",
"ID": "CVE-2023-30603",
"STATE": "PUBLIC",
"TITLE": "Hitron Technologies Inc. CODA-5310 - Using default credentials"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator\u2019s privilege, resulting in performing arbitrary system operation or disrupt service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1392: Use of Default Credentials",
"cweId": "CWE-1392"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hitron Technologies Inc.",
"product": {
"product_data": [
{
@ -25,71 +47,56 @@
}
}
]
},
"vendor_name": "Hitron Technologies Inc."
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator\u2019s privilege, resulting in performing arbitrary system operation or disrupt service."
"url": "https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html",
"name": "https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Hitron Technologies Inc. has provided a problem-solving version to the internet service provider and informed them to upgrade. If there are any issues, please contact the network provider."
}
],
"source": {
"advisory": "TVN-202304004",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Hitron Technologies Inc. has provided a problem-solving version to the internet service provider and informed them to upgrade. If there are any issues, please contact the network provider.</p>"
}
],
"value": "Hitron Technologies Inc. has provided a problem-solving version to the internet service provider and informed them to upgrade. If there are any issues, please contact the network provider."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

10
2023/37xxx/CVE-2023-37291.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nGalaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data.\n\n\n\nThis issue affects Vitals ESP: from 3.0.8 through 6.2.0.\n\n"
"value": "Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data.\n\n\n\nThis issue affects Vitals ESP: from 3.0.8 through 6.2.0."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials",
"cweId": "CWE-798"
"value": "CWE-321 Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321"
}
]
}
@ -76,10 +76,10 @@
{
"base64": false,
"type": "text/html",
"value": "Contact support from&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">Galaxy Software Services</span>\n\n"
"value": "Contact support from&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">Galaxy Software Services</span>"
}
],
"value": "Contact support from\u00a0\n\nGalaxy Software Services\n\n"
"value": "Contact support from\u00a0\n\nGalaxy Software Services"
}
],
"impact": {

9
2023/38xxx/CVE-2023-38027.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nSpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.\n\n"
"value": "SpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE 78 OS Command Injection"
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
@ -74,10 +75,10 @@
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\nUpdate firmware version to \n\n<span style=\"background-color: rgb(255, 255, 255);\">v2.2046</span>\n\n or later.<br>"
"value": "Update firmware version to \n\n<span style=\"background-color: rgb(255, 255, 255);\">v2.2046</span>\n\n or later.<br>"
}
],
"value": "\n\n\n\n\nUpdate firmware version to \n\nv2.2046\n\n or later.\n"
"value": "Update firmware version to \n\nv2.2046\n\n or later."
}
],
"impact": {

4
2023/41xxx/CVE-2023-41356.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}

8
2023/48xxx/CVE-2023-48392.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials",
"cweId": "CWE-798"
"value": "CWE-321 Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321"
}
]
}
@ -75,10 +75,10 @@
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate to 2_1_0_23 or latest version.\n\n<br>"
"value": "Update to 2_1_0_23 or latest version.\n\n<br>"
}
],
"value": "\nUpdate to 2_1_0_23 or latest version.\n\n\n"
"value": "Update to 2_1_0_23 or latest version."
}
],
"impact": {

2
2024/45xxx/CVE-2024-45506.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding"
"value": "HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024."
}
]
},

106
2024/49xxx/CVE-2024-49214.json Normal file
View File

@ -0,0 +1,106 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-49214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.haproxy.org/download/3.1/src/CHANGELOG",
"refsource": "MISC",
"name": "https://www.haproxy.org/download/3.1/src/CHANGELOG"
},
{
"url": "https://github.com/haproxy/haproxy/commit/f627b9272bd8ffca6f2f898bfafc6bf0b84b7d46",
"refsource": "MISC",
"name": "https://github.com/haproxy/haproxy/commit/f627b9272bd8ffca6f2f898bfafc6bf0b84b7d46"
},
{
"url": "https://www.mail-archive.com/haproxy@formilux.org/msg45291.html",
"refsource": "MISC",
"name": "https://www.mail-archive.com/haproxy@formilux.org/msg45291.html"
},
{
"url": "https://www.mail-archive.com/haproxy@formilux.org/msg45314.html",
"refsource": "MISC",
"name": "https://www.mail-archive.com/haproxy@formilux.org/msg45314.html"
},
{
"url": "https://www.mail-archive.com/haproxy@formilux.org/msg45315.html",
"refsource": "MISC",
"name": "https://www.mail-archive.com/haproxy@formilux.org/msg45315.html"
},
{
"url": "https://www.haproxy.org/download/3.0/src/CHANGELOG",
"refsource": "MISC",
"name": "https://www.haproxy.org/download/3.0/src/CHANGELOG"
},
{
"url": "https://www.haproxy.org/download/2.9/src/CHANGELOG",
"refsource": "MISC",
"name": "https://www.haproxy.org/download/2.9/src/CHANGELOG"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:N/S:U/UI:N",
"version": "3.1"
}
}
}

18
2024/49xxx/CVE-2024-49215.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49215",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

97
2024/9xxx/CVE-2024-9923.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9923",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal",
"cweId": "CWE-23"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "teamplus technology",
"product": {
"product_data": [
{
"product_name": "team+",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "13.5.*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8128-772aa-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8128-772aa-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8129-00002-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8129-00002-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202410003",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Update to version v14.0.0 or later.</span>\n\n<br>"
}
],
"value": "Update to version v14.0.0 or later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

98
2024/9xxx/CVE-2024-9924.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9924",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-36 Absolute Path Traversal",
"cweId": "CWE-36"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hgiga",
"product": {
"product_data": [
{
"product_name": "OAKlouds",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1162"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8130-89bb1-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8130-89bb1-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8131-0b5e1-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8131-0b5e1-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202410004",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Update OAKlouds-webbase-2.0 to version 1162 or later.</span><br><span style=\"background-color: rgb(255, 255, 255);\">Update OAKlouds-webbase-3.0 to version 1162 or later.</span>\n\n<br>"
}
],
"value": "Update OAKlouds-webbase-2.0 to version 1162 or later.\nUpdate OAKlouds-webbase-3.0 to version 1162 or later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}