admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-01 02:00:38 +00:00
parent d30f73fc59
commit df32d59393
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 551 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
2024/22xxx/CVE-2024-22372.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and earlier, WRC-X1800GSA-B v1.17 and earlier, WRC-X1800GSH-B v1.17 and earlier, WRC-X6000XS-G v1.09, and WRC-X6000XST-G v1.12 and earlier."
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product."
}
]
},
@ -88,6 +88,28 @@
}
]
}
},
{
"product_name": "WRC-X1500GS-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.11 and earlier"
}
]
}
},
{
"product_name": "WRC-X1500GSA-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.11 and earlier"
}
]
}
}
]
}

80
2024/34xxx/CVE-2024-34021.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34021",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ELECOM CO.,LTD.",
"product": {
"product_data": [
{
"product_name": "WRC-2533GS2V-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.68 and earlier"
}
]
}
},
{
"product_name": "WRC-2533GS2-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.68 and earlier"
}
]
}
},
{
"product_name": "WRC-2533GS2-W",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.68 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.elecom.co.jp/news/security/20240730-01/",
"refsource": "MISC",
"name": "https://www.elecom.co.jp/news/security/20240730-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN06672778/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN06672778/"
}
]
}

80
2024/39xxx/CVE-2024-39607.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39607",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ELECOM CO.,LTD.",
"product": {
"product_data": [
{
"product_name": "WRC-X6000XS-G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.11 and earlier"
}
]
}
},
{
"product_name": "WRC-X1500GS-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.11 and earlier"
}
]
}
},
{
"product_name": "WRC-X1500GSA-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.11 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.elecom.co.jp/news/security/20240730-01/",
"refsource": "MISC",
"name": "https://www.elecom.co.jp/news/security/20240730-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN06672778/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN06672778/"
}
]
}

80
2024/40xxx/CVE-2024-40883.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40883",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ELECOM CO.,LTD.",
"product": {
"product_data": [
{
"product_name": "WRC-X6000XS-G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.11 and earlier"
}
]
}
},
{
"product_name": "WRC-X1500GS-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.11 and earlier"
}
]
}
},
{
"product_name": "WRC-X1500GSA-B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.11 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.elecom.co.jp/news/security/20240730-01/",
"refsource": "MISC",
"name": "https://www.elecom.co.jp/news/security/20240730-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN06672778/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN06672778/"
}
]
}

18
2024/41xxx/CVE-2024-41716.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41716",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/41xxx/CVE-2024-41927.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41927",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

76
2024/6xxx/CVE-2024-6687.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6687",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender and receiver names, phone numbers, physical addresses, and email addresses"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "limpinho",
"product": {
"product_data": [
{
"product_name": "CTT Expresso para WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.2.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/13088645-8233-40fb-8755-cbdf44c0eaf7?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/13088645-8233-40fb-8755-cbdf44c0eaf7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3127496%40ctt-expresso-para-woocommerce&new=3127496%40ctt-expresso-para-woocommerce&sfp_email=&sfph_mail=#file25",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3127496%40ctt-expresso-para-woocommerce&new=3127496%40ctt-expresso-para-woocommerce&sfp_email=&sfph_mail=#file25"
}
]
},
"credits": [
{
"lang": "en",
"value": "Ricardo Silva"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

100
2024/7xxx/CVE-2024-7334.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7334",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in TOTOLINK EX1200L 9.3.5u.6146_B20201023 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion UploadCustomModule der Datei /cgi-bin/cstecgi.cgi. Mittels Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TOTOLINK",
"product": {
"product_data": [
{
"product_name": "EX1200L",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.3.5u.6146_B20201023"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.273257",
"refsource": "MISC",
"name": "https://vuldb.com/?id.273257"
},
{
"url": "https://vuldb.com/?ctiid.273257",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.273257"
},
{
"url": "https://vuldb.com/?submit.379286",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.379286"
},
{
"url": "https://github.com/ruan-uer/create/blob/main/IoT-vulnerable/TOTOLINK/EX1200/UploadCustomModule.md",
"refsource": "MISC",
"name": "https://github.com/ruan-uer/create/blob/main/IoT-vulnerable/TOTOLINK/EX1200/UploadCustomModule.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "ruaner (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}

100
2024/7xxx/CVE-2024-7335.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7335",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in TOTOLINK EX200 4.0.3c.7646_B20201211 entdeckt. Dabei betrifft es die Funktion getSaveConfig der Datei /cgi-bin/cstecgi.cgi?action=save&setting. Durch das Manipulieren des Arguments http_host mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TOTOLINK",
"product": {
"product_data": [
{
"product_name": "EX200",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.3c.7646_B20201211"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.273258",
"refsource": "MISC",
"name": "https://vuldb.com/?id.273258"
},
{
"url": "https://vuldb.com/?ctiid.273258",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.273258"
},
{
"url": "https://vuldb.com/?submit.379313",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.379313"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX200/getSaveConfig.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX200/getSaveConfig.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "yhryhryhr_tu (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}