admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-03 09:00:56 +00:00
parent 2393d3069f
commit ac7cf961fc
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
4 changed files with 484 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
2024/12xxx/CVE-2024-12132.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12132",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create jobs for companies that are unaffiliated with the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpjobportal",
"product": {
"product_data": [
{
"product_name": "WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.2.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d19ac6fc-029f-4f19-913e-e082acecc594?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d19ac6fc-029f-4f19-913e-e082acecc594?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3210251/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3210251/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Apostolos Sakellariou"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

219
2024/9xxx/CVE-2024-9138.json
View File

@ -1,17 +1,228 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9138",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@moxa.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Moxa\u2019s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-656: Reliance on Security Through Obscurity",
"cweId": "CWE-656"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Moxa",
"product": {
"product_data": [
{
"product_name": "EDR-810 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "5.12.37"
}
]
}
},
{
"product_name": "EDR-8010 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.13.1"
}
]
}
},
{
"product_name": "EDR-G902 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "5.7.25"
}
]
}
},
{
"product_name": "EDR-G903 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "5.7.25"
}
]
}
},
{
"product_name": "EDR-G9004 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.13.1"
}
]
}
},
{
"product_name": "EDR-G9010 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.13.1"
}
]
}
},
{
"product_name": "EDF-G1002-BP Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.13.1"
}
]
}
},
{
"product_name": "NAT-102 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "1.0.5"
}
]
}
},
{
"product_name": "OnCell G4302-LTE4 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.13"
}
]
}
},
{
"product_name": "TN-4900 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo",
"refsource": "MISC",
"name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<ul><li><p>Minimize network exposure to ensure the device is not accessible from the Internet.</p></li><li><p><span style=\"background-color: var(--wht);\">Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.</span></p></li><li><p><span style=\"background-color: var(--wht);\">Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.</span></p></li></ul>"
}
],
"value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n\n\n * Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.\n\n\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below.</p><p></p><ul><li>EDR-810 Series: Upgrade to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\">the firmware version 3.14</a>&nbsp;or later</li><li>EDR-8010 Series: Upgrade to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-8010-series#resources\">the firmware version 3.14</a><span style=\"background-color: var(--wht);\">&nbsp;or later</span></li><li>EDR-G902 Series: Upgrade to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series#resources\">the firmware version 3.14</a><span style=\"background-color: var(--wht);\">&nbsp;or later</span></li><li>EDR-G903 Series: Upgrade to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\">the firmware version 3.14</a><span style=\"background-color: var(--wht);\">&nbsp;or later</span></li><li>EDR-G9004 Series: Upgrade to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9004-series#resources\">the firmware version 3.14</a><span style=\"background-color: var(--wht);\">&nbsp;or later</span></li><li>EDR-G9010 Series: Upgrade to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\">the firmware version 3.14</a><span style=\"background-color: var(--wht);\">&nbsp;or later</span></li><li>EDF-G1002-BP Series: Upgrade to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/network-security-appliance/edf-g1002-bp-series#resources\">the firmware version 3.14</a><span style=\"background-color: var(--wht);\">&nbsp;or later</span></li><li>NAT-102 Series: An official patch or firmware update is not currently available for this product. Please refer to the Mitigations section below for recommended measures to address the vulnerability.</li><li>OnCell G4302-LTE4 Series: Please contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/support/support/technical-support\">Moxa Technical Support</a><span style=\"background-color: var(--wht);\">&nbsp;for the security patch</span></li><li><span style=\"background-color: var(--wht);\">TN-4900 Series:&nbsp;Please contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/support/support/technical-support\">Moxa Technical Support</a><span style=\"background-color: var(--wht);\">&nbsp;for the security patch</span></span></li></ul><p></p><br><br>"
}
],
"value": "Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below.\n\n\n\n * EDR-810 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \u00a0or later\n * EDR-8010 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-8010-series#resources \u00a0or later\n * EDR-G902 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series#resources \u00a0or later\n * EDR-G903 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \u00a0or later\n * EDR-G9004 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9004-series#resources \u00a0or later\n * EDR-G9010 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \u00a0or later\n * EDF-G1002-BP Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/network-security-appliance/edf-g1002-bp-series#resources \u00a0or later\n * NAT-102 Series: An official patch or firmware update is not currently available for this product. Please refer to the Mitigations section below for recommended measures to address the vulnerability.\n * OnCell G4302-LTE4 Series: Please contact Moxa Technical Support https://www.moxa.com/support/support/technical-support \u00a0for the security patch\n * TN-4900 Series:\u00a0Please contact Moxa Technical Support https://www.moxa.com/support/support/technical-support \u00a0for the security patch"
}
],
"credits": [
{
"lang": "en",
"value": "Lars Haulin"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

183
2024/9xxx/CVE-2024-9140.json
View File

@ -1,17 +1,192 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9140",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@moxa.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Moxa\u2019s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to the system\u2019s security and functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u2018OS Command Injection\u2019)",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Moxa",
"product": {
"product_data": [
{
"product_name": "EDR-8010 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.13.1"
}
]
}
},
{
"product_name": "EDR-G9004 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.13.1"
}
]
}
},
{
"product_name": "EDR-G9010 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.13.1"
}
]
}
},
{
"product_name": "EDF-G1002-BP Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.13.1"
}
]
}
},
{
"product_name": "NAT-102 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "1.0.5"
}
]
}
},
{
"product_name": "OnCell G4302-LTE4 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.13"
}
]
}
},
{
"product_name": "TN-4900 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo",
"refsource": "MISC",
"name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<ul><li><p>Minimize network exposure to ensure the device is not accessible from the Internet.</p></li><li><p><span style=\"background-color: var(--wht);\">Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.</span></p></li><li><p><span style=\"background-color: var(--wht);\">Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.</span></p></li></ul>"
}
],
"value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n\n\n * Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.\n\n\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below.</p><p></p><ul><li><span style=\"background-color: var(--wht);\">EDR-8010 Series: Upgrade to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-8010-series#resources\">the firmware version 3.14</a><span style=\"background-color: var(--wht);\">&nbsp;or later</span></li><li><span style=\"background-color: var(--wht);\">EDR-G9004 Series: Upgrade to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9004-series#resources\">the firmware version 3.14</a><span style=\"background-color: var(--wht);\">&nbsp;or later</span></li><li>EDR-G9010 Series: Upgrade to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\">the firmware version 3.14</a><span style=\"background-color: var(--wht);\">&nbsp;or later</span></li><li>EDF-G1002-BP Series: Upgrade to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/network-security-appliance/edf-g1002-bp-series#resources\">the firmware version 3.14</a><span style=\"background-color: var(--wht);\">&nbsp;or later</span></li><li>NAT-102 Series: An official patch or firmware update is not currently available for this product. Please refer to the Mitigations section below for recommended measures to address the vulnerability.</li><li>OnCell G4302-LTE4 Series: Please contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/support/support/technical-support\">Moxa Technical Support</a><span style=\"background-color: var(--wht);\">&nbsp;for the security patch</span></li><li><span style=\"background-color: var(--wht);\">TN-4900 Series:&nbsp;Please contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/support/support/technical-support\">Moxa Technical Support</a><span style=\"background-color: var(--wht);\">&nbsp;for the security patch</span></span></li></ul><p></p><br><br>"
}
],
"value": "Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below.\n\n\n\n * EDR-8010 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-8010-series#resources \u00a0or later\n * EDR-G9004 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9004-series#resources \u00a0or later\n * EDR-G9010 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \u00a0or later\n * EDF-G1002-BP Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/network-security-appliance/edf-g1002-bp-series#resources \u00a0or later\n * NAT-102 Series: An official patch or firmware update is not currently available for this product. Please refer to the Mitigations section below for recommended measures to address the vulnerability.\n * OnCell G4302-LTE4 Series: Please contact Moxa Technical Support https://www.moxa.com/support/support/technical-support \u00a0for the security patch\n * TN-4900 Series:\u00a0Please contact Moxa Technical Support https://www.moxa.com/support/support/technical-support \u00a0for the security patch"
}
],
"credits": [
{
"lang": "en",
"value": "Lars Haulin"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2025/0xxx/CVE-2025-0193.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0193",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}