admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-10 20:00:33 +00:00
parent 21dea094ed
commit e54755f8dc
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 435 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
2024/8xxx/CVE-2024-8232.json
View File

@ -1,17 +1,121 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8232",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SpiderControl SCADA Web Server has a vulnerability that could allow an \nattacker to upload specially crafted malicious files without \nauthentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "iniNet Solutions GmbH",
"product": {
"product_data": [
{
"product_name": "SpiderControl SCADA Web Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "v2.09"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-254-02",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-254-02"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-254-02",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IniNet Solutions reminds users that the webserver is designed to be used\n in a protected environment. IniNet Solutions GmbH recommends that users\n never connect control system software directly to the Internet. If a \nuser must connect to the Internet, IniNet Solutions GmbH recommends \nusing a managed infrastructure to do so.\n\n<br>"
}
],
"value": "IniNet Solutions reminds users that the webserver is designed to be used\n in a protected environment. IniNet Solutions GmbH recommends that users\n never connect control system software directly to the Internet. If a \nuser must connect to the Internet, IniNet Solutions GmbH recommends \nusing a managed infrastructure to do so."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IniNet Solutions has released a new version of SpiderControl SCADA \nServer, (3.2.2), to address this issue. It can be found at the following\n location: <a target=\"_blank\" rel=\"nofollow\" href=\"https://spidercontrol.net/download/download-area-2/?lang=en\">https://spidercontrol.net/download/download-area-2/?lang=en</a>\n\n<br>"
}
],
"value": "IniNet Solutions has released a new version of SpiderControl SCADA \nServer, (3.2.2), to address this issue. It can be found at the following\n location: https://spidercontrol.net/download/download-area-2/?lang=en"
}
],
"credits": [
{
"lang": "en",
"value": "elcazators ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc reported this vulnerability to CERT/CC."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

86
2024/8xxx/CVE-2024-8503.json
View File

@ -1,18 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosures@korelogic.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VICIdial",
"product": {
"product_data": [
{
"product_name": "VICIdial",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.14-917a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt",
"refsource": "MISC",
"name": "https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt"
},
{
"url": "https://www.vicidial.org/vicidial.php",
"refsource": "MISC",
"name": "https://www.vicidial.org/vicidial.php"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue has been remediated in the public svn/trunk codebase, as of revision 3848 committed 2024-07-08.<br>"
}
],
"value": "This issue has been remediated in the public svn/trunk codebase, as of revision 3848 committed 2024-07-08."
}
],
"credits": [
{
"lang": "en",
"value": "Jaggar Henry of KoreLogic, Inc."
}
]
}

86
2024/8xxx/CVE-2024-8504.json
View File

@ -1,18 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8504",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosures@korelogic.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An attacker with authenticated access to VICIdial as an \"agent\" can execute arbitrary shell commands as the \"root\" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VICIdial",
"product": {
"product_data": [
{
"product_name": "VICIdial",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.14-917a"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-012.txt",
"refsource": "MISC",
"name": "https://korelogic.com/Resources/Advisories/KL-001-2024-012.txt"
},
{
"url": "https://www.vicidial.org/vicidial.php",
"refsource": "MISC",
"name": "https://www.vicidial.org/vicidial.php"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue has been remediated in the public svn/trunk codebase, as of revision 3848 committed 2024-07-08.<br>"
}
],
"value": "This issue has been remediated in the public svn/trunk codebase, as of revision 3848 committed 2024-07-08."
}
],
"credits": [
{
"lang": "en",
"value": "Jaggar Henry of KoreLogic, Inc."
}
]
}

115
2024/8xxx/CVE-2024-8655.json
View File

@ -1,17 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Mercury MNVR816 bis 2.0.1.0.5 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /web-static/. Mittels dem Manipulieren mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible",
"cweId": "CWE-552"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mercury",
"product": {
"product_data": [
{
"product_name": "MNVR816",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.1.0.0"
},
{
"version_affected": "=",
"version_value": "2.0.1.0.1"
},
{
"version_affected": "=",
"version_value": "2.0.1.0.2"
},
{
"version_affected": "=",
"version_value": "2.0.1.0.3"
},
{
"version_affected": "=",
"version_value": "2.0.1.0.4"
},
{
"version_affected": "=",
"version_value": "2.0.1.0.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.276963",
"refsource": "MISC",
"name": "https://vuldb.com/?id.276963"
},
{
"url": "https://vuldb.com/?ctiid.276963",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.276963"
},
{
"url": "https://vuldb.com/?submit.401301",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.401301"
}
]
},
"credits": [
{
"lang": "en",
"value": "leetmoon (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
}
]
}

18
2024/8xxx/CVE-2024-8674.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8674",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8675.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8675",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8676.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8676",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}