admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-13 20:00:36 +00:00
parent 144e13a2f4
commit bb2e18e1b3
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
18 changed files with 959 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
2023/6xxx/CVE-2023-6597.json
View File

@ -39,29 +39,34 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_affected": "<",
"version_name": "0",
"version_value": "3.8.19"
},
{
"version_affected": "<",
"version_name": "3.9.0",
"version_value": "3.9.19"
},
{
"version_affected": "<",
"version_name": "3.10.0",
"version_value": "3.10.14"
},
{
"version_affected": "<",
"version_name": "3.11.0",
"version_value": "3.11.8"
},
{
"version_affected": "<",
"version_name": "3.12.0",
"version_value": "3.12.1"
},
{
"version_affected": "<=",
"version_name": "3.11.0",
"version_value": "3.11.7"
},
{
"version_affected": "<=",
"version_name": "3.10.0",
"version_value": "3.10.13"
},
{
"version_affected": "<=",
"version_name": "3.9.0",
"version_value": "3.9.18"
},
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.8.18"
"version_affected": "<",
"version_name": "3.13.0a1",
"version_value": "3.13.0a3"
}
]
}

49
2024/0xxx/CVE-2024-0450.json
View File

@ -40,29 +40,34 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.12.0",
"version_value": "3.12.1"
},
{
"version_affected": "<=",
"version_name": "3.11.0",
"version_value": "3.11.7"
},
{
"version_affected": "<=",
"version_name": "3.10.0",
"version_value": "3.10.13"
},
{
"version_affected": "<=",
"version_name": "3.9.0",
"version_value": "3.9.18"
},
{
"version_affected": "<=",
"version_affected": "<",
"version_name": "0",
"version_value": "3.8.18"
"version_value": "3.8.19"
},
{
"version_affected": "<",
"version_name": "3.9.0",
"version_value": "3.9.19"
},
{
"version_affected": "<",
"version_name": "3.10.0",
"version_value": "3.10.14"
},
{
"version_affected": "<",
"version_name": "3.11.0",
"version_value": "3.11.8"
},
{
"version_affected": "<",
"version_name": "3.12.0",
"version_value": "3.12.2"
},
{
"version_affected": "<",
"version_name": "3.13.0a1",
"version_value": "3.13.0a3"
}
]
}

64
2024/30xxx/CVE-2024-30057.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30057",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microsoft Edge for iOS Spoofing Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Microsoft Edge for iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.0.0",
"version_value": "126.0.2592.56"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30057",
"refsource": "MISC",
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30057"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "MEDIUM",
"baseScore": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C"
}
]
}

64
2024/30xxx/CVE-2024-30058.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30058",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Microsoft Edge (Chromium-based)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.0",
"version_value": "126.0.2592.56"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30058",
"refsource": "MISC",
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30058"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "MEDIUM",
"baseScore": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C"
}
]
}

56
2024/36xxx/CVE-2024-36586.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36586",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36586.md",
"url": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36586.md"
}
]
}

56
2024/36xxx/CVE-2024-36587.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36587",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36587.md",
"url": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36587.md"
}
]
}

56
2024/36xxx/CVE-2024-36588.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36588",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36588.md",
"url": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36588.md"
}
]
}

56
2024/36xxx/CVE-2024-36589.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36589",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and DecentralizeJustice/anonBackend commit 57837 to cd815 was discovered to store credentials in plaintext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36589.md",
"url": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36589.md"
}
]
}

76
2024/38xxx/CVE-2024-38083.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38083",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@microsoft.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Microsoft",
"product": {
"product_data": [
{
"product_name": "Microsoft Edge for iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.0.0",
"version_value": "126.0.2592.56"
}
]
}
},
{
"product_name": "Microsoft Edge for Android",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.0",
"version_value": "126.0.2592.56"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083",
"refsource": "MISC",
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseSeverity": "MEDIUM",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C"
}
]
}

50
2024/4xxx/CVE-2024-4030.json
View File

@ -79,6 +79,56 @@
"url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d"
},
{
"url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a"
},
{
"url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd"
},
{
"url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee"
},
{
"url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e"
},
{
"url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee"
},
{
"url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca"
},
{
"url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d"
},
{
"url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84"
},
{
"url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763"
},
{
"url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46"
}
]
},

68
2024/5xxx/CVE-2024-5924.json
View File

@ -1,17 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5924",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of shared folders. When syncing files from a shared folder belonging to an untrusted account, the Dropbox desktop application does not apply the Mark-of-the-Web to the local files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23991."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure",
"cweId": "CWE-693"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dropbox",
"product": {
"product_data": [
{
"product_name": "Dropbox Desktop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "198.4.7615"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-677/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-677/"
}
]
},
"source": {
"lang": "en",
"value": "Peter Girnus (@gothburz)"
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

68
2024/5xxx/CVE-2024-5947.json
View File

@ -1,17 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5947",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Deep Sea Electronics",
"product": {
"product_data": [
{
"product_name": "DSE855",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-671/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-671/"
}
]
},
"source": {
"lang": "en",
"value": "Gjoko Krstic, Zero Science Lab"
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

68
2024/5xxx/CVE-2024-5948.json
View File

@ -1,17 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5948",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of multipart boundaries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23170."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Deep Sea Electronics",
"product": {
"product_data": [
{
"product_name": "DSE855",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-672/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-672/"
}
]
},
"source": {
"lang": "en",
"value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative"
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

68
2024/5xxx/CVE-2024-5949.json
View File

@ -1,17 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5949",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of multipart boundaries. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23171."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Deep Sea Electronics",
"product": {
"product_data": [
{
"product_name": "DSE855",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-673/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-673/"
}
]
},
"source": {
"lang": "en",
"value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative"
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

68
2024/5xxx/CVE-2024-5950.json
View File

@ -1,17 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5950",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of multipart form variables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23172."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Deep Sea Electronics",
"product": {
"product_data": [
{
"product_name": "DSE855",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-674/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-674/"
}
]
},
"source": {
"lang": "en",
"value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative"
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

68
2024/5xxx/CVE-2024-5951.json
View File

@ -1,17 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5951",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23173."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Deep Sea Electronics",
"product": {
"product_data": [
{
"product_name": "DSE855",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-675/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-675/"
}
]
},
"source": {
"lang": "en",
"value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative"
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
]
}

68
2024/5xxx/CVE-2024-5952.json
View File

@ -1,17 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5952",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23174."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Deep Sea Electronics",
"product": {
"product_data": [
{
"product_name": "DSE855",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-676/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-676/"
}
]
},
"source": {
"lang": "en",
"value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative"
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

18
2024/5xxx/CVE-2024-5987.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5987",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}