admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-13T14:00:18.248461+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-13 14:03:16 +00:00
parent 790e87a126
commit 7cb35bc388
161 changed files with 2657 additions and 514 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2022/CVE-2022-359xx/CVE-2022-35918.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-35918",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-08-01T22:15:10.223",
"lastModified": "2022-10-29T02:53:22.297",
"lastModified": "2024-08-13T12:51:00.147",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,10 +90,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:streamlit:streamlit:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:snowflake:streamlit:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.63.0",
"versionEndExcluding": "1.11.1",
"matchCriteriaId": "E7D7D21F-C83B-474E-B4B4-F9BB944F84F4"
"matchCriteriaId": "0D9D5D7A-3CEB-4445-B01C-7EDDB485E1B3"
}
]
}

4
CVE-2022/CVE-2022-383xx/CVE-2022-38382.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-38382",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-13T02:15:04.730",
"lastModified": "2024-08-13T02:15:04.730",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

6
CVE-2023/CVE-2023-274xx/CVE-2023-27494.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27494",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-03-16T21:15:13.270",
"lastModified": "2023-03-23T18:21:46.700",
"lastModified": "2024-08-13T12:51:00.147",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -76,10 +76,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:streamlit:streamlit:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:snowflake:streamlit:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.63.0",
"versionEndExcluding": "0.81.0",
"matchCriteriaId": "6812252B-AD74-44D5-A5EE-D32005DB5467"
"matchCriteriaId": "084DC2A4-F195-4A30-9D7F-C6094C326878"
}
]
}

8
CVE-2023/CVE-2023-418xx/CVE-2023-41884.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-41884",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-12T20:15:07.917",
"lastModified": "2024-08-12T20:15:07.917",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34."
},
{
"lang": "es",
"value": "ZoneMinder es una aplicaci\u00f3n de software de circuito cerrado de televisi\u00f3n gratuita y de c\u00f3digo abierto. En WWW/AJAX/watch.php, L\u00ednea: 51 toma algunos par\u00e1metros en la consulta SQL sin desinfectarlos, lo que lo hace vulnerable a la inyecci\u00f3n de SQL. Esta vulnerabilidad se solucion\u00f3 en 1.36.34."
}
],
"metrics": {

8
CVE-2023/CVE-2023-481xx/CVE-2023-48171.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-48171",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T20:15:08.213",
"lastModified": "2024-08-12T20:15:08.213",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component."
},
{
"lang": "es",
"value": "Un problema en OWASP DefectDojo anterior a v.1.5.3.1 permite a un atacante remoto escalar privilegios a trav\u00e9s del componente de permisos de usuario."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-70xx/CVE-2023-7066.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7066",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-08-12T22:15:08.770",
"lastModified": "2024-08-12T22:15:08.770",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-22xx/CVE-2024-2259.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2259",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-08-13T11:15:15.013",
"lastModified": "2024-08-13T11:15:15.013",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-281xx/CVE-2024-28166.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28166",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:06.867",
"lastModified": "2024-08-13T04:15:06.867",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-330xx/CVE-2024-33003.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33003",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:07.380",
"lastModified": "2024-08-13T04:15:07.380",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-330xx/CVE-2024-33005.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33005",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:07.740",
"lastModified": "2024-08-13T04:15:07.740",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

60
CVE-2024/CVE-2024-351xx/CVE-2024-35124.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-35124",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-13T12:15:06.163",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/290674",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7163195",
"source": "psirt@us.ibm.com"
}
]
}

4
CVE-2024/CVE-2024-357xx/CVE-2024-35775.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35775",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-12T23:15:15.467",
"lastModified": "2024-08-12T23:15:15.467",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-363xx/CVE-2024-36398.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36398",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:10.540",
"lastModified": "2024-08-13T08:15:10.540",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

56
CVE-2024/CVE-2024-372xx/CVE-2024-37287.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-37287",
"sourceIdentifier": "bressers@elastic.co",
"published": "2024-08-13T12:15:06.433",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "bressers@elastic.co",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/",
"source": "bressers@elastic.co"
}
]
}

4
CVE-2024/CVE-2024-379xx/CVE-2024-37924.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37924",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-12T23:15:15.703",
"lastModified": "2024-08-12T23:15:15.703",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-379xx/CVE-2024-37930.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37930",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-12T23:15:15.940",
"lastModified": "2024-08-12T23:15:15.940",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-379xx/CVE-2024-37935.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37935",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-13T10:15:04.883",
"lastModified": "2024-08-13T10:15:04.883",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

100
CVE-2024/CVE-2024-382xx/CVE-2024-38200.json
View File

@ -2,20 +2,44 @@
"id": "CVE-2024-38200",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-08-12T13:38:23.550",
"lastModified": "2024-08-12T13:41:36.517",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-13T13:43:16.403",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft Office"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
@ -37,8 +61,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +81,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*",
"matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*",
"matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*",
"matchCriteriaId": "72324216-4EB3-4243-A007-FEF3133C7DF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*",
"matchCriteriaId": "0FBB0E61-7997-4F26-9C07-54912D3F1C10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*",
"matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*",
"matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*",
"matchCriteriaId": "75F7306B-D1DA-48C2-AF87-4480E161D794"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*",
"matchCriteriaId": "BA9BCD55-F71E-4920-B906-A1386843776A"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-382xx/CVE-2024-38287.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38287",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-25T20:15:04.887",
"lastModified": "2024-08-01T13:54:42.590",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:34:22.057",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-640"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rhubcom:turbomeeting:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0",
"matchCriteriaId": "32333E42-D464-4970-BFB1-452AE4B59E39"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/google/security-research/security/advisories/GHSA-c84v-4pjw-4mh2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.rhubcom.com/v5/manuals.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2024/CVE-2024-382xx/CVE-2024-38288.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38288",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-25T20:15:04.953",
"lastModified": "2024-08-01T13:54:43.867",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:25:45.940",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rhubcom:turbomeeting:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0",
"matchCriteriaId": "32333E42-D464-4970-BFB1-452AE4B59E39"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/google/security-research/security/advisories/GHSA-gx6g-8mvx-3q5c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.rhubcom.com/v5/manuals.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2024/CVE-2024-382xx/CVE-2024-38289.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38289",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-25T20:15:05.017",
"lastModified": "2024-08-01T13:54:45.130",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:28:13.263",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rhubcom:turbomeeting:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0",
"matchCriteriaId": "32333E42-D464-4970-BFB1-452AE4B59E39"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/google/security-research/security/advisories/GHSA-vx5j-8pgx-v42v",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.rhubcom.com/v5/manuals.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

56
CVE-2024/CVE-2024-385xx/CVE-2024-38501.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-38501",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-08-13T13:15:12.130",
"lastModified": "2024-08-13T13:15:12.130",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-033",
"source": "info@cert.vde.com"
}
]
}

56
CVE-2024/CVE-2024-385xx/CVE-2024-38502.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-38502",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-08-13T13:15:12.460",
"lastModified": "2024-08-13T13:15:12.460",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-033",
"source": "info@cert.vde.com"
}
]
}

6
CVE-2024/CVE-2024-386xx/CVE-2024-38688.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-38688",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-13T10:15:06.677",
"lastModified": "2024-08-13T10:15:06.677",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Igor Beni\u0107 Recipe Maker For Your Food Blog from Zip Recipes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.2.6."
"value": "Missing Authorization vulnerability in Igor Beni? Recipe Maker For Your Food Blog from Zip Recipes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.2.6."
}
],
"metrics": {

4
CVE-2024/CVE-2024-386xx/CVE-2024-38699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38699",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-13T11:15:15.257",
"lastModified": "2024-08-13T11:15:15.257",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-387xx/CVE-2024-38724.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38724",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-13T11:15:15.500",
"lastModified": "2024-08-13T11:15:15.500",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-387xx/CVE-2024-38742.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38742",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-13T11:15:15.737",
"lastModified": "2024-08-13T11:15:15.737",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-387xx/CVE-2024-38747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38747",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-13T11:15:15.967",
"lastModified": "2024-08-13T11:15:15.967",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-387xx/CVE-2024-38749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38749",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-13T11:15:16.193",
"lastModified": "2024-08-13T11:15:16.193",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-387xx/CVE-2024-38752.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38752",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-13T11:15:16.417",
"lastModified": "2024-08-13T11:15:16.417",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-387xx/CVE-2024-38756.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38756",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-13T11:15:16.637",
"lastModified": "2024-08-13T11:15:16.637",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-387xx/CVE-2024-38760.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38760",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-13T11:15:16.867",
"lastModified": "2024-08-13T11:15:16.867",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-387xx/CVE-2024-38787.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38787",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-13T11:15:17.080",
"lastModified": "2024-08-13T11:15:17.080",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-395xx/CVE-2024-39591.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39591",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T05:15:13.347",
"lastModified": "2024-08-13T05:15:13.347",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-396xx/CVE-2024-39642.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39642",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-13T11:15:17.307",
"lastModified": "2024-08-13T11:15:17.307",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-396xx/CVE-2024-39651.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39651",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-13T11:15:17.523",
"lastModified": "2024-08-13T11:15:17.523",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-399xx/CVE-2024-39922.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39922",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:11.567",
"lastModified": "2024-08-13T08:15:11.567",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

56
CVE-2024/CVE-2024-39xx/CVE-2024-3913.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-3913",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-08-13T13:15:12.750",
"lastModified": "2024-08-13T13:15:12.750",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-022",
"source": "info@cert.vde.com"
}
]
}

4
CVE-2024/CVE-2024-406xx/CVE-2024-40697.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40697",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-13T11:15:17.750",
"lastModified": "2024-08-13T11:15:17.750",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-408xx/CVE-2024-40892.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-40892",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-08-12T19:15:16.403",
"lastModified": "2024-08-12T19:15:16.403",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely)."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de credencial d\u00e9bil en las versiones del software Firewalla Box anteriores a la 1.979. Esta vulnerabilidad permite que un atacante f\u00edsicamente cercano use el UUID de licencia para autenticaci\u00f3n y proporcione credenciales SSH a trav\u00e9s de la interfaz Bluetooth Low-Energy (BTLE). Una vez que un atacante obtiene acceso a la LAN, puede iniciar sesi\u00f3n en la interfaz SSH utilizando las credenciales proporcionadas. El UUID de licencia se puede adquirir mediante el rastreo de texto plano de Bluetooth, la lectura del c\u00f3digo QR en la parte inferior del dispositivo o la fuerza bruta del UUID (aunque esto es menos probable)."
}
],
"metrics": {

8
CVE-2024/CVE-2024-408xx/CVE-2024-40893.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-40893",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-08-12T19:15:16.643",
"lastModified": "2024-08-12T19:15:16.643",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software \nversions before 1.979. A physically close \nattacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network configuration service to inject commands in various configuration parameters including\u00a0networkConfig.Interface.Phy.Eth0.Extra.PingTestIP,\u00a0networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain, and\u00a0networkConfig.Interface.Phy.Eth0.Gateway6. Additionally, because the configuration can be synced to the Firewalla cloud, the attacker may be able to persist access even after hardware resets and firmware re-flashes."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos del sistema operativo (SO) autenticado en las versiones del software Firewalla Box anteriores a la 1.979. Un atacante f\u00edsicamente cercano que est\u00e9 autenticado en la interfaz Bluetooth Low-Energy (BTLE) puede usar el servicio de configuraci\u00f3n de red para inyectar comandos en varios par\u00e1metros de configuraci\u00f3n, incluidos networkConfig.Interface.Phy.Eth0.Extra.PingTestIP, networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain y networkConfig.Interface.Phy.Eth0.Gateway6. Adem\u00e1s, debido a que la configuraci\u00f3n se puede sincronizar con la nube de Firewalla, el atacante puede persistir en el acceso incluso despu\u00e9s de reiniciar el hardware y actualizar el firmware."
}
],
"metrics": {

4
CVE-2024/CVE-2024-416xx/CVE-2024-41681.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41681",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:11.847",
"lastModified": "2024-08-13T08:15:11.847",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-416xx/CVE-2024-41682.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41682",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:12.167",
"lastModified": "2024-08-13T08:15:12.167",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-416xx/CVE-2024-41683.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41683",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:12.440",
"lastModified": "2024-08-13T08:15:12.440",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-417xx/CVE-2024-41710.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41710",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T19:15:16.850",
"lastModified": "2024-08-12T19:15:16.850",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en los tel\u00e9fonos SIP Mitel de las series 6800, 6900 y 6900w, incluida la unidad de conferencia 6970, a trav\u00e9s de R6.4.0.HF1 (R6.4.0.136) podr\u00eda permitir que un atacante autenticado con privilegios administrativos lleve a cabo un ataque de inyecci\u00f3n de argumentos, debido a una desinfecci\u00f3n insuficiente de los par\u00e1metros durante el proceso de arranque. Un exploit exitoso podr\u00eda permitir a un atacante ejecutar comandos arbitrarios dentro del contexto del sistema."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-417xx/CVE-2024-41730.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41730",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:08.050",
"lastModified": "2024-08-13T04:15:08.050",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-417xx/CVE-2024-41731.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41731",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:08.330",
"lastModified": "2024-08-13T04:15:08.330",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-417xx/CVE-2024-41732.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41732",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:08.637",
"lastModified": "2024-08-13T04:15:08.637",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-417xx/CVE-2024-41733.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41733",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:08.987",
"lastModified": "2024-08-13T04:15:08.987",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-417xx/CVE-2024-41734.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41734",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T05:15:13.587",
"lastModified": "2024-08-13T05:15:13.587",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-417xx/CVE-2024-41735.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41735",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:09.323",
"lastModified": "2024-08-13T04:15:09.323",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-417xx/CVE-2024-41736.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41736",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:09.607",
"lastModified": "2024-08-13T04:15:09.607",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-417xx/CVE-2024-41737.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41737",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:10.003",
"lastModified": "2024-08-13T04:15:10.003",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-417xx/CVE-2024-41774.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41774",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-13T11:15:17.973",
"lastModified": "2024-08-13T11:15:17.973",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

59
CVE-2024/CVE-2024-418xx/CVE-2024-41808.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41808",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-25T20:15:05.153",
"lastModified": "2024-07-26T12:38:41.683",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:40:02.497",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,10 +81,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openobserve:openobserve:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.9.1",
"matchCriteriaId": "B19834C1-B457-44B3-90C0-141BF51DAEF8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76j",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-418xx/CVE-2024-41809.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41809",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-25T21:15:11.310",
"lastModified": "2024-07-26T12:38:41.683",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:43:51.613",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,22 +81,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openobserve:openobserve:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.4.4",
"versionEndExcluding": "0.10.0",
"matchCriteriaId": "5E05D552-02CC-47A9-A856-80D7A1208BE4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/openobserve/openobserve/blob/v0.5.2/web/src/views/MemberSubscription.vue#L32",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/openobserve/openobserve/commit/2334377ebc8b74beb06ab3e5712dbdb1be1eff02",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/openobserve/openobserve/commit/64587261968217dfb8af4c4f6054d58bbc6d331d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/openobserve/openobserve/security/advisories/GHSA-rw8w-37p9-mrrp",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-419xx/CVE-2024-41903.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41903",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:12.717",
"lastModified": "2024-08-13T08:15:12.717",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-419xx/CVE-2024-41904.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41904",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:13.003",
"lastModified": "2024-08-13T08:15:13.003",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-419xx/CVE-2024-41905.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41905",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:13.250",
"lastModified": "2024-08-13T08:15:13.250",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-419xx/CVE-2024-41906.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41906",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:13.560",
"lastModified": "2024-08-13T08:15:13.560",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-419xx/CVE-2024-41907.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41907",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:13.813",
"lastModified": "2024-08-13T08:15:13.813",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-419xx/CVE-2024-41908.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41908",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:14.110",
"lastModified": "2024-08-13T08:15:14.110",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

76
CVE-2024/CVE-2024-419xx/CVE-2024-41910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41910",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-08-06T14:16:04.350",
"lastModified": "2024-08-08T18:15:10.897",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-13T13:06:13.467",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,79 @@
"value": "Se descubri\u00f3 una vulnerabilidad en las versiones de firmware hasta 10.10.2.2 en dispositivos Poly Clariti Manager. El firmware conten\u00eda m\u00faltiples vulnerabilidades XXS en la versi\u00f3n de JavaScript utilizada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:poly_clariti_manager_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.10.2.2",
"matchCriteriaId": "1ECAA137-00B5-48AA-9D9B-F5ACD13D4CF4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:poly_clariti_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A692C6-384C-4802-A6A2-4881B4B73A7B"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_11006981-11007005-16/hpsbpy03960",
"source": "hp-security-alert@hp.com"
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-419xx/CVE-2024-41911.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41911",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-08-06T14:16:04.427",
"lastModified": "2024-08-06T16:30:24.547",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-13T13:06:50.707",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,79 @@
"value": "Se descubri\u00f3 una vulnerabilidad en las versiones de firmware hasta 10.10.2.2 en dispositivos Poly Clariti Manager. La falla no neutraliza adecuadamente la entrada durante la generaci\u00f3n de una p\u00e1gina web."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:poly_clariti_manager_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.10.2.2",
"matchCriteriaId": "1ECAA137-00B5-48AA-9D9B-F5ACD13D4CF4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:poly_clariti_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A692C6-384C-4802-A6A2-4881B4B73A7B"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_11006770-11006795-16/hpsbpy03959",
"source": "hp-security-alert@hp.com"
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-419xx/CVE-2024-41913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41913",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-08-06T14:16:04.480",
"lastModified": "2024-08-06T16:30:24.547",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-13T13:06:48.547",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,79 @@
"value": "Se descubri\u00f3 una vulnerabilidad en las versiones de firmware hasta 10.10.2.2 en dispositivos Poly Clariti Manager. La falla del firmware no desinfecta adecuadamente la entrada del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:poly_clariti_manager_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.10.2.2",
"matchCriteriaId": "1ECAA137-00B5-48AA-9D9B-F5ACD13D4CF4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:poly_clariti_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A692C6-384C-4802-A6A2-4881B4B73A7B"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_11006488-11006512-16/hpsbpy03957",
"source": "hp-security-alert@hp.com"
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-419xx/CVE-2024-41938.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41938",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:14.353",
"lastModified": "2024-08-13T08:15:14.353",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-419xx/CVE-2024-41939.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41939",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:14.610",
"lastModified": "2024-08-13T08:15:14.610",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-419xx/CVE-2024-41940.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41940",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:14.890",
"lastModified": "2024-08-13T08:15:14.890",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-419xx/CVE-2024-41941.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41941",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:15.160",
"lastModified": "2024-08-13T08:15:15.160",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-419xx/CVE-2024-41976.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41976",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:15.403",
"lastModified": "2024-08-13T08:15:15.403",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-419xx/CVE-2024-41977.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41977",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:15.640",
"lastModified": "2024-08-13T08:15:15.640",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-419xx/CVE-2024-41978.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41978",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:15.903",
"lastModified": "2024-08-13T08:15:15.903",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-423xx/CVE-2024-42373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42373",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T05:15:13.800",
"lastModified": "2024-08-13T05:15:13.800",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-423xx/CVE-2024-42374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42374",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:10.283",
"lastModified": "2024-08-13T04:15:10.283",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-423xx/CVE-2024-42375.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42375",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:10.567",
"lastModified": "2024-08-13T04:15:10.567",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-423xx/CVE-2024-42376.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42376",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:10.837",
"lastModified": "2024-08-13T04:15:10.837",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-423xx/CVE-2024-42377.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42377",
"sourceIdentifier": "cna@sap.com",
"published": "2024-08-13T04:15:11.290",
"lastModified": "2024-08-13T04:15:11.290",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

79
CVE-2024/CVE-2024-425xx/CVE-2024-42520.json
View File

@ -2,20 +2,91 @@
"id": "CVE-2024-42520",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T15:15:21.770",
"lastModified": "2024-08-12T18:57:29.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-13T13:19:29.207",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl."
},
{
"lang": "es",
"value": "TOTOLINK A3002R v4.0.0-B20230531.1404 contiene una vulnerabilidad de desbordamiento del b\u00fafer en /bin/boa a trav\u00e9s de formParentControl."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a3002r_firmware:4.0.0-b20230531.1404:*:*:*:*:*:*:*",
"matchCriteriaId": "E86B079B-AD4D-46EF-9E45-31EE15729291"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a3002r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBBBC48-8918-4D59-8059-285404AE7716"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/c10uds/totolink_A3002R_stackoverflow",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

80
CVE-2024/CVE-2024-425xx/CVE-2024-42543.json
View File

@ -2,20 +2,92 @@
"id": "CVE-2024-42543",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T18:15:12.423",
"lastModified": "2024-08-12T18:57:17.383",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:24:03.060",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function."
},
{
"lang": "es",
"value": "TOTOLINK A3700R v9.1.2u.5822_B20200513 tiene una vulnerabilidad de desbordamiento del b\u00fafer en el par\u00e1metro http_host en la funci\u00f3n loginauth."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.5822_b20200513:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F5D7B3-9362-4A1F-A53C-8B7DA8CAFAA0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a3700r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05777EB4-0963-4317-AB0B-287A2140915D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/loginauth.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-425xx/CVE-2024-42545.json
View File

@ -2,20 +2,92 @@
"id": "CVE-2024-42545",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T18:15:12.540",
"lastModified": "2024-08-12T18:57:17.383",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:23:46.510",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function."
},
{
"lang": "es",
"value": "TOTOLINK A3700R v9.1.2u.5822_B20200513 tiene una vulnerabilidad de desbordamiento del b\u00fafer en el par\u00e1metro ssid en la funci\u00f3n setWizardCfg."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.5822_b20200513:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F5D7B3-9362-4A1F-A53C-8B7DA8CAFAA0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:a3700r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05777EB4-0963-4317-AB0B-287A2140915D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWizardCfg.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-425xx/CVE-2024-42546.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42546",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T19:15:16.940",
"lastModified": "2024-08-12T19:15:16.940",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function."
},
{
"lang": "es",
"value": "TOTOLINK A3100R V4.1.2cu.5050_B20200504 tiene una vulnerabilidad de desbordamiento del b\u00fafer en el par\u00e1metro de contrase\u00f1a en la funci\u00f3n loginauth."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-425xx/CVE-2024-42547.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42547",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T19:15:17.030",
"lastModified": "2024-08-12T19:15:17.030",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function."
},
{
"lang": "es",
"value": "TOTOLINK A3100R V4.1.2cu.5050_B20200504 tiene una vulnerabilidad de desbordamiento del b\u00fafer en el par\u00e1metro http_host en la funci\u00f3n loginauth."
}
],
"metrics": {},

68
CVE-2024/CVE-2024-426xx/CVE-2024-42623.json
View File

@ -2,20 +2,80 @@
"id": "CVE-2024-42623",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T17:15:17.960",
"lastModified": "2024-08-12T18:57:17.383",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:24:59.710",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que FrogCMS v0.9.5 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/?/layout/delete/1"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frogcms_project:frogcms:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B03397C-68B4-4C54-B001-8B5BC5FE427A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Kirtoc/cms/tree/main/8/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-426xx/CVE-2024-42624.json
View File

@ -2,20 +2,80 @@
"id": "CVE-2024-42624",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T17:15:18.063",
"lastModified": "2024-08-12T18:57:17.383",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:24:48.877",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que FrogCMS v0.9.5 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/?/page/delete/10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frogcms_project:frogcms:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B03397C-68B4-4C54-B001-8B5BC5FE427A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Kirtoc/cms/tree/main/3/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-426xx/CVE-2024-42626.json
View File

@ -2,20 +2,80 @@
"id": "CVE-2024-42626",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T17:15:18.257",
"lastModified": "2024-08-12T18:57:17.383",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:24:29.367",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que FrogCMS v0.9.5 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/?/snippet/add."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frogcms_project:frogcms:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B03397C-68B4-4C54-B001-8B5BC5FE427A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Kirtoc/cms/tree/main/4/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-426xx/CVE-2024-42627.json
View File

@ -2,20 +2,80 @@
"id": "CVE-2024-42627",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T17:15:18.343",
"lastModified": "2024-08-12T18:57:17.383",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:24:39.387",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que FrogCMS v0.9.5 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/?/snippet/delete/3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frogcms_project:frogcms:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B03397C-68B4-4C54-B001-8B5BC5FE427A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Kirtoc/cms/tree/main/6/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-426xx/CVE-2024-42628.json
View File

@ -2,20 +2,80 @@
"id": "CVE-2024-42628",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T16:15:16.887",
"lastModified": "2024-08-12T18:57:17.383",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:18:32.317",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que FrogCMS v0.9.5 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/?/snippet/edit/3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frogcms_project:frogcms:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B03397C-68B4-4C54-B001-8B5BC5FE427A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Kirtoc/cms/tree/main/5/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-426xx/CVE-2024-42630.json
View File

@ -2,20 +2,80 @@
"id": "CVE-2024-42630",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T16:15:17.060",
"lastModified": "2024-08-12T18:57:17.383",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:20:39.450",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que FrogCMS v0.9.5 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/?/plugin/file_manager/create_file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frogcms_project:frogcms:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B03397C-68B4-4C54-B001-8B5BC5FE427A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Kirtoc/cms/tree/main/10/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-426xx/CVE-2024-42631.json
View File

@ -2,20 +2,80 @@
"id": "CVE-2024-42631",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T16:15:17.143",
"lastModified": "2024-08-12T18:57:17.383",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:20:29.147",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que FrogCMS v0.9.5 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/?/layout/edit/1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frogcms_project:frogcms:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B03397C-68B4-4C54-B001-8B5BC5FE427A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Kirtoc/cms/tree/main/7/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-426xx/CVE-2024-42632.json
View File

@ -2,20 +2,80 @@
"id": "CVE-2024-42632",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T16:15:17.223",
"lastModified": "2024-08-12T18:57:17.383",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-13T13:24:16.770",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que FrogCMS v0.9.5 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a trav\u00e9s de /admin/?/page/add."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frogcms_project:frogcms:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B03397C-68B4-4C54-B001-8B5BC5FE427A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Kirtoc/cms/tree/main/1/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-427xx/CVE-2024-42741.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42741",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T20:15:08.820",
"lastModified": "2024-08-12T20:15:08.820",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenicated Attackers can send malicious packet to execute arbitary commands."
},
{
"lang": "es",
"value": "En TOTOLINK X5000r v9.1.0cu.2350_b20230313, el archivo /cgi-bin/cstecgi.cgi contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en setL2tpServerCfg. Los atacantes autenticados pueden enviar paquetes maliciosos para ejecutar comandos arbitrarios."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-427xx/CVE-2024-42742.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42742",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T20:15:08.917",
"lastModified": "2024-08-12T20:15:08.917",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenicated Attackers can send malicious packet to execute arbitary commands."
},
{
"lang": "es",
"value": "En TOTOLINK X5000r v9.1.0cu.2350_b20230313, el archivo /cgi-bin/cstecgi.cgi contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en setUrlFilterRules. Los atacantes autenticados pueden enviar paquetes maliciosos para ejecutar comandos arbitrarios."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-427xx/CVE-2024-42743.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42743",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T20:15:09.027",
"lastModified": "2024-08-12T20:15:09.027",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenicated Attackers can send malicious packet to execute arbitary commands."
},
{
"lang": "es",
"value": "En TOTOLINK X5000r v9.1.0cu.2350_b20230313, el archivo /cgi-bin/cstecgi.cgi contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en setSyslogCfg. Los atacantes autenticados pueden enviar paquetes maliciosos para ejecutar comandos arbitrarios."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-427xx/CVE-2024-42744.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42744",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T20:15:09.110",
"lastModified": "2024-08-12T20:15:09.110",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenicated Attackers can send malicious packet to execute arbitary commands."
},
{
"lang": "es",
"value": "En TOTOLINK X5000r v9.1.0cu.2350_b20230313, el archivo /cgi-bin/cstecgi.cgi contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en setModifyVpnUser. Los atacantes autenticados pueden enviar paquetes maliciosos para ejecutar comandos arbitrarios."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-427xx/CVE-2024-42745.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42745",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T20:15:09.203",
"lastModified": "2024-08-12T20:15:09.203",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenicated Attackers can send malicious packet to execute arbitary commands."
},
{
"lang": "es",
"value": "En TOTOLINK X5000r v9.1.0cu.2350_b20230313, el archivo /cgi-bin/cstecgi.cgi contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en setUPnPCfg. Los atacantes autenticados pueden enviar paquetes maliciosos para ejecutar comandos arbitrarios."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-427xx/CVE-2024-42747.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42747",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T20:15:09.283",
"lastModified": "2024-08-12T20:15:09.283",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands."
},
{
"lang": "es",
"value": "En TOTOLINK X5000r v9.1.0cu.2350_b20230313, el archivo /cgi-bin/cstecgi.cgi contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en setWanIeCfg. Los atacantes autenticados pueden enviar paquetes maliciosos para ejecutar comandos arbitrarios."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-427xx/CVE-2024-42748.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42748",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T20:15:09.367",
"lastModified": "2024-08-12T20:15:09.367",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands."
},
{
"lang": "es",
"value": "En TOTOLINK X5000r v9.1.0cu.2350_b20230313, el archivo /cgi-bin/cstecgi.cgi contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en setWiFiWpsCfg. Los atacantes autenticados pueden enviar paquetes maliciosos para ejecutar comandos arbitrarios."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-431xx/CVE-2024-43121.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43121",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-13T11:15:18.210",
"lastModified": "2024-08-13T11:15:18.210",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-431xx/CVE-2024-43123.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43123",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-12T23:15:16.177",
"lastModified": "2024-08-12T23:15:16.177",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-431xx/CVE-2024-43124.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43124",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-08-12T23:15:16.407",
"lastModified": "2024-08-12T23:15:16.407",
"vulnStatus": "Received",
"lastModified": "2024-08-13T12:58:25.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

Some files were not shown because too many files have changed in this diff Show More