From 311850253a75bfeec51f1ae8edce3efca8c73e22 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 28 Aug 2024 02:03:13 +0000 Subject: [PATCH] Auto-Update: 2024-08-28T02:00:17.125001+00:00 --- CVE-2024/CVE-2024-388xx/CVE-2024-38856.json | 6 +- CVE-2024/CVE-2024-40xx/CVE-2024-4067.json | 14 +- CVE-2024/CVE-2024-82xx/CVE-2024-8226.json | 141 ++++++++++++++++++++ CVE-2024/CVE-2024-82xx/CVE-2024-8227.json | 141 ++++++++++++++++++++ CVE-2024/CVE-2024-82xx/CVE-2024-8228.json | 141 ++++++++++++++++++++ CVE-2024/CVE-2024-82xx/CVE-2024-8229.json | 141 ++++++++++++++++++++ README.md | 25 ++-- _state.csv | 22 +-- 8 files changed, 603 insertions(+), 28 deletions(-) create mode 100644 CVE-2024/CVE-2024-82xx/CVE-2024-8226.json create mode 100644 CVE-2024/CVE-2024-82xx/CVE-2024-8227.json create mode 100644 CVE-2024/CVE-2024-82xx/CVE-2024-8228.json create mode 100644 CVE-2024/CVE-2024-82xx/CVE-2024-8229.json diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38856.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38856.json index dd72ec78590..98a4f819cd7 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38856.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38856.json @@ -2,9 +2,13 @@ "id": "CVE-2024-38856", "sourceIdentifier": "security@apache.org", "published": "2024-08-05T09:15:56.780", - "lastModified": "2024-08-06T13:35:01.497", + "lastModified": "2024-08-28T01:00:00.950", "vulnStatus": "Undergoing Analysis", "cveTags": [], + "cisaExploitAdd": "2024-08-27", + "cisaActionDue": "2024-09-17", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Apache OFBiz Incorrect Authorization Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-40xx/CVE-2024-4067.json b/CVE-2024/CVE-2024-40xx/CVE-2024-4067.json index 337ca00b408..ae8ef81e459 100644 --- a/CVE-2024/CVE-2024-40xx/CVE-2024-4067.json +++ b/CVE-2024/CVE-2024-40xx/CVE-2024-4067.json @@ -2,13 +2,13 @@ "id": "CVE-2024-4067", "sourceIdentifier": "596c5446-0ce5-4ba2-aa66-48b3b757a647", "published": "2024-05-14T15:42:47.947", - "lastModified": "2024-05-22T12:15:10.767", + "lastModified": "2024-08-28T00:15:04.130", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching." + "value": "The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8." }, { "lang": "es", @@ -52,20 +52,24 @@ } ], "references": [ + { + "url": "https://advisory.checkmarx.net/advisory/CVE-2024-4067/", + "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647" + }, { "url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/", "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647" }, { - "url": "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448", + "url": "https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade", "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647" }, { - "url": "https://github.com/micromatch/micromatch/issues/243", + "url": "https://github.com/micromatch/micromatch/pull/266", "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647" }, { - "url": "https://github.com/micromatch/micromatch/pull/247", + "url": "https://github.com/micromatch/micromatch/releases/tag/4.0.8", "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647" } ] diff --git a/CVE-2024/CVE-2024-82xx/CVE-2024-8226.json b/CVE-2024/CVE-2024-82xx/CVE-2024-8226.json new file mode 100644 index 00000000000..1d88cee4d44 --- /dev/null +++ b/CVE-2024/CVE-2024-82xx/CVE-2024-8226.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-8226", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-08-28T00:15:04.287", + "lastModified": "2024-08-28T00:15:04.287", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/web-bridge/O1V1.1/formSetCfm.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.275935", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.275935", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.394009", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-82xx/CVE-2024-8227.json b/CVE-2024/CVE-2024-82xx/CVE-2024-8227.json new file mode 100644 index 00000000000..83f41eff553 --- /dev/null +++ b/CVE-2024/CVE-2024-82xx/CVE-2024-8227.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-8227", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-08-28T00:15:04.550", + "lastModified": "2024-08-28T00:15:04.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/web-bridge/O1V1.1/fromDhcpSetSer.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.275936", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.275936", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.394022", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-82xx/CVE-2024-8228.json b/CVE-2024/CVE-2024-82xx/CVE-2024-8228.json new file mode 100644 index 00000000000..94737819be4 --- /dev/null +++ b/CVE-2024/CVE-2024-82xx/CVE-2024-8228.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-8228", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-08-28T00:15:04.807", + "lastModified": "2024-08-28T00:15:04.807", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda O5 1.0.0.8(5017). It has been classified as critical. This affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/web-bridge/O5V1.0/fromSafeSetMacFilter.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.275937", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.275937", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.394029", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-82xx/CVE-2024-8229.json b/CVE-2024/CVE-2024-82xx/CVE-2024-8229.json new file mode 100644 index 00000000000..5d1403d28e0 --- /dev/null +++ b/CVE-2024/CVE-2024-82xx/CVE-2024-8229.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-8229", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-08-28T01:15:03.353", + "lastModified": "2024-08-28T01:15:03.353", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been declared as critical. This vulnerability affects the function frommacFilterModify of the file /goform/operateMacFilter. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/web-bridge/O6V3.0/fromMacFilterModify.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.275938", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.275938", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.394030", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.tenda.com.cn/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 72b57f729da..50580cf63d0 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-08-27T23:55:17.221301+00:00 +2024-08-28T02:00:17.125001+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-08-27T23:15:04.207000+00:00 +2024-08-28T01:15:03.353000+00:00 ``` ### Last Data Feed Release @@ -27,32 +27,31 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-08-27T00:00:08.653711+00:00 +2024-08-28T00:00:08.672392+00:00 ``` ### Total Number of included CVEs ```plain -261334 +261338 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `4` -- [CVE-2024-8219](CVE-2024/CVE-2024-82xx/CVE-2024-8219.json) (`2024-08-27T22:15:05.340`) -- [CVE-2024-8220](CVE-2024/CVE-2024-82xx/CVE-2024-8220.json) (`2024-08-27T22:15:05.630`) -- [CVE-2024-8221](CVE-2024/CVE-2024-82xx/CVE-2024-8221.json) (`2024-08-27T22:15:05.877`) -- [CVE-2024-8222](CVE-2024/CVE-2024-82xx/CVE-2024-8222.json) (`2024-08-27T23:15:03.360`) -- [CVE-2024-8223](CVE-2024/CVE-2024-82xx/CVE-2024-8223.json) (`2024-08-27T23:15:03.650`) -- [CVE-2024-8224](CVE-2024/CVE-2024-82xx/CVE-2024-8224.json) (`2024-08-27T23:15:03.920`) -- [CVE-2024-8225](CVE-2024/CVE-2024-82xx/CVE-2024-8225.json) (`2024-08-27T23:15:04.207`) +- [CVE-2024-8226](CVE-2024/CVE-2024-82xx/CVE-2024-8226.json) (`2024-08-28T00:15:04.287`) +- [CVE-2024-8227](CVE-2024/CVE-2024-82xx/CVE-2024-8227.json) (`2024-08-28T00:15:04.550`) +- [CVE-2024-8228](CVE-2024/CVE-2024-82xx/CVE-2024-8228.json) (`2024-08-28T00:15:04.807`) +- [CVE-2024-8229](CVE-2024/CVE-2024-82xx/CVE-2024-8229.json) (`2024-08-28T01:15:03.353`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `2` +- [CVE-2024-38856](CVE-2024/CVE-2024-388xx/CVE-2024-38856.json) (`2024-08-28T01:00:00.950`) +- [CVE-2024-4067](CVE-2024/CVE-2024-40xx/CVE-2024-4067.json) (`2024-08-28T00:15:04.130`) ## Download and Usage diff --git a/_state.csv b/_state.csv index fd9148d4082..8c4a9998c82 100644 --- a/_state.csv +++ b/_state.csv @@ -255863,7 +255863,7 @@ CVE-2024-38810,0,0,a8d05ba61ad79ab8e573251f3391c7e33071f14ecb67883defa939520cad5 CVE-2024-3882,0,0,8cf286ca42c3a62eccb821d9ac0678dabad594eee248c127390ddaf169987d46,2024-05-17T02:40:10.457000 CVE-2024-3883,0,0,e6bda202b9fd54c10f25f29dd8ae0cebb83b1538aee636944c2fd66bf4045fff,2024-05-02T13:27:25.103000 CVE-2024-3885,0,0,9b28a2ee85edfe77753e71858fb1438bd68a9b6ee299843f3a5752cca4753d01,2024-05-02T18:00:37.360000 -CVE-2024-38856,0,0,5bdac33e3c1769f797760792fc523b4e832fcce7196ab622177b90376f5d9d69,2024-08-06T13:35:01.497000 +CVE-2024-38856,0,1,b96edffa3c5d3c056b0b683b5901b7d1b42d5c04f23c921a537c2a85ba0d9c15,2024-08-28T01:00:00.950000 CVE-2024-38857,0,0,857bbf4d5ee889c68ec1450930f0cf323232ab2d5a162824c8153ee668a7e638,2024-07-02T12:09:16.907000 CVE-2024-38859,0,0,593edb58800c759df69d81e4c4902db80ed6954e27fabcb131a77e637ddeaf57,2024-08-26T15:15:23.727000 CVE-2024-38867,0,0,0587553b0e73bb3d7fb83caa644dbd7ff748ca26af84fce237e8ae38fe20168b,2024-08-13T08:15:10.817000 @@ -256713,7 +256713,7 @@ CVE-2024-40647,0,0,20e5e587d0777d0bcce77df9be17d322be6b8b310278f85b131c82750480c CVE-2024-40648,0,0,e2349aa5f69c8421d1802e501ed70a5d9670cb28532fa26d74d83879e98ba750,2024-07-19T13:01:44.567000 CVE-2024-4065,0,0,e9243298c32ccba8ab1ac6d427150517ee98217790d2dec0b1b5ec685d8cbc83,2024-06-04T19:20:29.227000 CVE-2024-4066,0,0,5674d1317b0a03adb324e31f70d35a87031f26ca2ea2869349483359d081bdf7,2024-06-04T19:20:29.323000 -CVE-2024-4067,0,0,9e7f1211bf79e7110903241dcc25ab8bd46e04dab02a9e051766a97ad7f670bf,2024-05-22T12:15:10.767000 +CVE-2024-4067,0,1,cb2492818fe81f39be6108b3726f1fbc34af211b5be3405ee7a17904cdbd58f2,2024-08-28T00:15:04.130000 CVE-2024-4068,0,0,bb45b0f3c24ec800e9c86d4119a908807b555886bbc03073bf2175c668679f63,2024-07-03T02:07:03.943000 CVE-2024-40689,0,0,b737e3a1f88271d05934916a1e9611bb299eb972b578fcd1907e65284f8f8a13,2024-07-29T14:12:08.783000 CVE-2024-4069,0,0,fc5a2986d6746eec6d2dc8871a19fd31bd3dae122b27ac5ac325372fce08edbe,2024-06-04T19:20:29.457000 @@ -261326,10 +261326,14 @@ CVE-2024-8214,0,0,4dcb7a15d1cc670379c05fdff2368f173d7ee90b98293405187577c84be9ea CVE-2024-8216,0,0,ea0a96f241a82a6bacd9dc0a45665c2b7cf613b02d047fabb667e4dac6f4047d,2024-08-27T21:15:07.830000 CVE-2024-8217,0,0,83dbfc4fd39640675ea565d305d5258f4dc6ee330612479a4471b08e5f24e751,2024-08-27T21:15:08.093000 CVE-2024-8218,0,0,275286facfab355dcab0ffc6ade0f42bc2448af93fe871d1f2d5b5f4323a3a55,2024-08-27T21:15:08.350000 -CVE-2024-8219,1,1,f8ee496087bbe42bb625176d48dec98fe3e35ae622a0495aa6294d22ad10f956,2024-08-27T22:15:05.340000 -CVE-2024-8220,1,1,46dfae50e6d4bb08b354ff635eaed92e5e796757e31385ca85fda28818597d8d,2024-08-27T22:15:05.630000 -CVE-2024-8221,1,1,0a7d8161c0d4de2f776fc856b85a320cd0c3f55d8cf461808a145d7852c90043,2024-08-27T22:15:05.877000 -CVE-2024-8222,1,1,44c5b2cbec3822d2efcf28c5048900bb2633b04acc07eb5f974f81f8787fd8a8,2024-08-27T23:15:03.360000 -CVE-2024-8223,1,1,318a18f1fc7a248ee76fa735a5f5699330afe72edfaed1652605f6eb432340c6,2024-08-27T23:15:03.650000 -CVE-2024-8224,1,1,eb7cb01b938be3eaac784d7e44c25b862e816031a4c497d52444444152036dd6,2024-08-27T23:15:03.920000 -CVE-2024-8225,1,1,ca0de8328fcbb42cd7e0ff1df0545bdf503ea6a3a0f00b3aceb9d787ed4f5703,2024-08-27T23:15:04.207000 +CVE-2024-8219,0,0,f8ee496087bbe42bb625176d48dec98fe3e35ae622a0495aa6294d22ad10f956,2024-08-27T22:15:05.340000 +CVE-2024-8220,0,0,46dfae50e6d4bb08b354ff635eaed92e5e796757e31385ca85fda28818597d8d,2024-08-27T22:15:05.630000 +CVE-2024-8221,0,0,0a7d8161c0d4de2f776fc856b85a320cd0c3f55d8cf461808a145d7852c90043,2024-08-27T22:15:05.877000 +CVE-2024-8222,0,0,44c5b2cbec3822d2efcf28c5048900bb2633b04acc07eb5f974f81f8787fd8a8,2024-08-27T23:15:03.360000 +CVE-2024-8223,0,0,318a18f1fc7a248ee76fa735a5f5699330afe72edfaed1652605f6eb432340c6,2024-08-27T23:15:03.650000 +CVE-2024-8224,0,0,eb7cb01b938be3eaac784d7e44c25b862e816031a4c497d52444444152036dd6,2024-08-27T23:15:03.920000 +CVE-2024-8225,0,0,ca0de8328fcbb42cd7e0ff1df0545bdf503ea6a3a0f00b3aceb9d787ed4f5703,2024-08-27T23:15:04.207000 +CVE-2024-8226,1,1,cbf3e6b4ecb22d791af519216cb74fcbbc4675f6578fc71e665cf18ff769fb0e,2024-08-28T00:15:04.287000 +CVE-2024-8227,1,1,a036a7f97a355b868f01141cc25f285783295937f6676075846a401b1d9db578,2024-08-28T00:15:04.550000 +CVE-2024-8228,1,1,5719f117108fdb054512e608abc92c258925393788847819dabc02b4916c814c,2024-08-28T00:15:04.807000 +CVE-2024-8229,1,1,28ccc44a317b55190aff96c74708939b911208b845cddaf380e938baf9975c94,2024-08-28T01:15:03.353000