Auto-Update: 2024-12-23T03:00:21.371894+00:00

This commit is contained in:
cad-safe-bot 2024-12-23 03:03:44 +00:00
parent a5820b989e
commit ddf175e315
11 changed files with 899 additions and 13 deletions

View File

@ -0,0 +1,145 @@
{
"id": "CVE-2024-12898",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-23T01:15:06.840",
"lastModified": "2024-12-23T01:15:06.840",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/faculty_action.php. The manipulation of the argument faculty_course_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://1000projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/onupset/CVE/issues/1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.289168",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.289168",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.467424",
"source": "cna@vuldb.com"
}
]
}

View File

@ -0,0 +1,145 @@
{
"id": "CVE-2024-12899",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-23T01:15:07.020",
"lastModified": "2024-12-23T01:15:07.020",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/course_action.php. The manipulation of the argument course_code leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://1000projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/Murrayzed/CVE/issues/1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.289169",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.289169",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.467628",
"source": "cna@vuldb.com"
}
]
}

View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-12900",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-23T02:15:05.630",
"lastModified": "2024-12-23T02:15:05.630",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/iDCwOv9vfDTI",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.289170",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.289170",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.467658",
"source": "cna@vuldb.com"
}
]
}

View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-12901",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-23T02:15:06.613",
"lastModified": "2024-12-23T02:15:06.613",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-266"
},
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/8l4RPA2zcxRr",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.289171",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.289171",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.467703",
"source": "cna@vuldb.com"
}
]
}

View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-45721",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-12-23T01:15:07.200",
"lastModified": "2024-12-23T01:15:07.200",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "vultures@jpcert.or.jp",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "vultures@jpcert.or.jp",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN61635834/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html",
"source": "vultures@jpcert.or.jp"
}
]
}

View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-46873",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-12-23T01:15:07.403",
"lastModified": "2024-12-23T01:15:07.403",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "vultures@jpcert.or.jp",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "vultures@jpcert.or.jp",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-489"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN61635834/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html",
"source": "vultures@jpcert.or.jp"
}
]
}

View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-47864",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-12-23T01:15:07.553",
"lastModified": "2024-12-23T01:15:07.553",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "vultures@jpcert.or.jp",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "vultures@jpcert.or.jp",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN61635834/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html",
"source": "vultures@jpcert.or.jp"
}
]
}

View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-52321",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-12-23T01:15:07.700",
"lastModified": "2024-12-23T01:15:07.700",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "vultures@jpcert.or.jp",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "vultures@jpcert.or.jp",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-497"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN61635834/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html",
"source": "vultures@jpcert.or.jp"
}
]
}

View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-54082",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-12-23T01:15:07.840",
"lastModified": "2024-12-23T01:15:07.840",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "vultures@jpcert.or.jp",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "vultures@jpcert.or.jp",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN61635834/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://k-tai.sharp.co.jp/support/info/info083.html",
"source": "vultures@jpcert.or.jp"
}
]
}

View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-12-23T00:55:20.453102+00:00
2024-12-23T03:00:21.371894+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-12-23T00:15:05.133000+00:00
2024-12-23T02:15:06.613000+00:00
```
### Last Data Feed Release
@ -27,23 +27,28 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-12-22T01:00:04.375550+00:00
2024-12-23T01:00:04.362087+00:00
```
### Total Number of included CVEs
```plain
274557
274566
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `9`
- [CVE-2024-12896](CVE-2024/CVE-2024-128xx/CVE-2024-12896.json) (`2024-12-22T23:15:05.677`)
- [CVE-2024-12897](CVE-2024/CVE-2024-128xx/CVE-2024-12897.json) (`2024-12-23T00:15:04.940`)
- [CVE-2024-56375](CVE-2024/CVE-2024-563xx/CVE-2024-56375.json) (`2024-12-22T23:15:06.613`)
- [CVE-2024-56378](CVE-2024/CVE-2024-563xx/CVE-2024-56378.json) (`2024-12-23T00:15:05.133`)
- [CVE-2024-12898](CVE-2024/CVE-2024-128xx/CVE-2024-12898.json) (`2024-12-23T01:15:06.840`)
- [CVE-2024-12899](CVE-2024/CVE-2024-128xx/CVE-2024-12899.json) (`2024-12-23T01:15:07.020`)
- [CVE-2024-12900](CVE-2024/CVE-2024-129xx/CVE-2024-12900.json) (`2024-12-23T02:15:05.630`)
- [CVE-2024-12901](CVE-2024/CVE-2024-129xx/CVE-2024-12901.json) (`2024-12-23T02:15:06.613`)
- [CVE-2024-45721](CVE-2024/CVE-2024-457xx/CVE-2024-45721.json) (`2024-12-23T01:15:07.200`)
- [CVE-2024-46873](CVE-2024/CVE-2024-468xx/CVE-2024-46873.json) (`2024-12-23T01:15:07.403`)
- [CVE-2024-47864](CVE-2024/CVE-2024-478xx/CVE-2024-47864.json) (`2024-12-23T01:15:07.553`)
- [CVE-2024-52321](CVE-2024/CVE-2024-523xx/CVE-2024-52321.json) (`2024-12-23T01:15:07.700`)
- [CVE-2024-54082](CVE-2024/CVE-2024-540xx/CVE-2024-54082.json) (`2024-12-23T01:15:07.840`)
### CVEs modified in the last Commit

View File

@ -245068,9 +245068,13 @@ CVE-2024-12892,0,0,78fb726b8df2a16fb6eb0917a0a0e88fecc9c6f1f88ab8ca30a5dd210b4e6
CVE-2024-12893,0,0,0cecbca340b22ce3e457e2f182e11f58f94f145b2638c6f827bb0ed4008214df,2024-12-22T08:15:06.083000
CVE-2024-12894,0,0,38ca8339bb6400ff08caeebde70032264a7662949504841ad5ff150add3fcd6e,2024-12-22T12:15:16.203000
CVE-2024-12895,0,0,2693178457c1a41a6444992ddd10869064ffff2889e27b11cf327858c567765e,2024-12-22T14:15:04.923000
CVE-2024-12896,1,1,b46bab1f05703ff0008332eb402a62ef781a767148efb6c7c7134cb4f610f1e9,2024-12-22T23:15:05.677000
CVE-2024-12897,1,1,e84417159b1fa979d786feb5c9c9428d1f89aad1baca53371c1b473a818b22fd,2024-12-23T00:15:04.940000
CVE-2024-12896,0,0,b46bab1f05703ff0008332eb402a62ef781a767148efb6c7c7134cb4f610f1e9,2024-12-22T23:15:05.677000
CVE-2024-12897,0,0,e84417159b1fa979d786feb5c9c9428d1f89aad1baca53371c1b473a818b22fd,2024-12-23T00:15:04.940000
CVE-2024-12898,1,1,01cf06e013b17879e3ad11f28cc90b4f8ab9d8accfe80d6b33f345df309c44cc,2024-12-23T01:15:06.840000
CVE-2024-12899,1,1,a8156719562171ad632b82cbae15ec7c223a7a48bfe33b1a670936619c6c2e7c,2024-12-23T01:15:07.020000
CVE-2024-1290,0,0,7c95f47c5c3e77faa57d4558ce65f60c9fa0ea7551f118126af89c59b8448f97,2024-11-21T08:50:14.680000
CVE-2024-12900,1,1,1012b3733f239b410a68b2041572702d5a7f787259c3b8be862ffc1a0d536863,2024-12-23T02:15:05.630000
CVE-2024-12901,1,1,7438bb24c69768569f04db263b25be4e855460433a924b6dad82e02e6b0c486b,2024-12-23T02:15:06.613000
CVE-2024-1291,0,0,52c4840726a3cf584db63abe3d1006ff575604ba403c25fca89470816948ce5e,2024-11-21T08:50:14.863000
CVE-2024-1292,0,0,38d9bc6a557167174bf37c6662c68d5de6a783380fb5a30941c923054e3f2f16,2024-11-21T08:50:14.983000
CVE-2024-1293,0,0,a122e9ddbaac35fa4b5b33d2b10cf37b4d4e3a3677cea83da66723805eec222b,2024-11-21T08:50:15.167000
@ -264830,6 +264834,7 @@ CVE-2024-45717,0,0,d0042290bedfde686afafcdb66609ec6e09f7a07ad76868bcb14ec916e681
CVE-2024-45719,0,0,6ca7636d4f46abcbe25b85f74f485dd396329e29ed902891ee416ba7b0049fcb,2024-11-22T21:15:18.130000
CVE-2024-4572,0,0,6754f54e88e479a744a4367c8d1d2577fd697a90d0783dabcb9fc508df61090e,2024-05-14T15:44:06.153000
CVE-2024-45720,0,0,ab26e4a66e708abfafd5a0e7f8395b5431ac8a5c3efe1cec42e73393318df61a,2024-11-21T09:38:01.030000
CVE-2024-45721,1,1,9efa8d5c7cbf93ab4f729d2bd7b22842337d0ab8beb27bf5bd04ae2864f2d64d,2024-12-23T01:15:07.200000
CVE-2024-45722,0,0,a6cbff3e6d145027776ad45ff696f8999c1abb5b5325df679b4335e1344e5fc1,2024-12-10T19:49:53.693000
CVE-2024-45723,0,0,e4b82db032d3a4ca868b794df461af99089e3cf6b69e82693349f9c5b4326629,2024-10-17T17:15:12.110000
CVE-2024-45731,0,0,9e6b9f6efc83855233c254d65e09470d9fc869b8f01875e0d9ffb17f0327775d,2024-10-17T13:09:33.017000
@ -265470,6 +265475,7 @@ CVE-2024-4687,0,0,691fbe5c860edbdf18385945123ec35fc420e5337163168b9949809bc18727
CVE-2024-46870,0,0,1fd806f0972b8da340a2a96a775ca19e71689c6390ef179657882172ad5e53cb,2024-10-23T14:26:28.690000
CVE-2024-46871,0,0,8a75195bb742a7d09e2157f53cf4a29ae8646360a0fbe4ce86872d4d639a0ed3,2024-12-14T21:15:25.810000
CVE-2024-46872,0,0,b89329ee39c24a048dc575ac8e49e59d1a714d7b0226ecee7aec778895c50c1d,2024-11-08T15:00:42.473000
CVE-2024-46873,1,1,c89ea423c2376bd6f6b72fea3f01f250004a52088b70335286b91ceb3bced266,2024-12-23T01:15:07.403000
CVE-2024-46874,0,0,26c14938d3bd992112157bea5c4166c0fd1799831df9907b641db7157a63de40,2024-12-10T19:49:18.773000
CVE-2024-4688,0,0,0da5a2cc4532b2a20302b23569ddc0737195b6ffa097a6ed8db87ef0127f00f2,2024-11-21T09:43:23.167000
CVE-2024-46886,0,0,9a63353229e01fb1edd6f3ab48979b30c42407a9917c12b34caece3fb7192dd7,2024-10-10T12:56:30.817000
@ -266282,6 +266288,7 @@ CVE-2024-47854,0,0,a9f09de7f0b5818799d7735e32fab0528117f290764772f98a3e102c722b0
CVE-2024-47855,0,0,2488ce52c534b254c4fe75f30de0e6a94b0d61e1b79ce7021bafc48eccaf27dc,2024-11-07T20:35:11.733000
CVE-2024-4786,0,0,5dd0f73d93c1de75f19479b5cea5e29a1ae9a8934feaf695496bbc3c8ecfd1b2,2024-11-21T09:43:36.490000
CVE-2024-47863,0,0,e6340b76eef305e4f9a2a18e9b3431d1240e5a81cf4fe7cadb463db9ca192b6e,2024-11-25T18:15:13.063000
CVE-2024-47864,1,1,7b10b8eb7e9b4aad4b5e06fbda58fa3c7474d35f3257df4264031ed55cbc2620,2024-12-23T01:15:07.553000
CVE-2024-47865,0,0,856fbee2d0c29a916be674bec6df8b3f8c62e1515bf27cff8f7842b39f9edbc2,2024-11-21T13:57:24.187000
CVE-2024-47867,0,0,e092a653d911d624ac72fe0241f3aa280e95881b91b7bf36e469f143c2618cbf,2024-11-15T16:44:54.783000
CVE-2024-47868,0,0,f48e57a4ad7d358802e08c6ee8997c1410f483adbdf2de7ffeb891dd0fb1dab5,2024-10-17T17:04:35.547000
@ -269097,6 +269104,7 @@ CVE-2024-52317,0,0,ce73efcf7b1c232dccd668d6afadee9ebc191724bbb215d2a3cde41432512
CVE-2024-52318,0,0,9990c8ea56e7da2a0fb5af64141a1eeb644a507e2c6f41d3a96bd75739255ee9,2024-11-21T09:46:16.813000
CVE-2024-5232,0,0,9c659ab55a0398d626d6da1c09e82340b1fec2662d16e1eca07d5817bed41493,2024-11-21T09:47:14.200000
CVE-2024-52320,0,0,fbfaa1883239695b0007c9764a43ac2cebac69eb763863afcec1548f7df5c2dd,2024-12-06T18:15:25.737000
CVE-2024-52321,1,1,810125fed33d3a81fef555e63f8bd28a1a60114151ab12dec90595d5f02ee13e,2024-12-23T01:15:07.700000
CVE-2024-52323,0,0,57617b6f1b94228bad139ee211c36bd4ec7e4706388ebf89e10500861eceb01c,2024-11-27T15:15:26.377000
CVE-2024-52324,0,0,1b82757393c4b121efeb2aca56c501ac2b568f66f0e838324b89dea8626b5590,2024-12-10T19:42:56.737000
CVE-2024-5233,0,0,f7aceb9f589abd3e3127e7bdc682ef20b7c3a1e0d748898af38a399a8a8c2229,2024-11-21T09:47:14.357000
@ -270077,6 +270085,7 @@ CVE-2024-54051,0,0,3a9b3ab110d43a5a43f2119d4ad99971d223dd6716849a13bc9d084152928
CVE-2024-5406,0,0,5db0f501f7c712d4bcce798425460b3472165eeef82fd225689429d234120e5b,2024-11-21T09:47:35.457000
CVE-2024-5407,0,0,e082637321598f3dc8c3c9e1760b81a1e1197c4d13cd58fed3245c37f0bb71c9,2024-11-21T09:47:35.567000
CVE-2024-5408,0,0,0b23a712a85d13fef48f02294d854672174790bd624dfee1416450ccef66434a,2024-11-21T09:47:35.690000
CVE-2024-54082,1,1,9ebb2a96cc2d7205dc499652563889da625adbc9e224107999418bf2d0739828,2024-12-23T01:15:07.840000
CVE-2024-54083,0,0,5fd9cfa9d541ec1d140263f1195469b624b1e1b6173ea5643199f37a0fe69372,2024-12-16T08:15:05.317000
CVE-2024-5409,0,0,f7df79bf8c405f523130badde3800a80499e2a2f05cefac143617aad785ef5de,2024-11-21T09:47:35.810000
CVE-2024-54091,0,0,dc5c73da9eed4ea1b769bbbff881c5fabd4f746f0337a6f741715e6c55e58677,2024-12-12T14:15:22.953000
@ -270861,8 +270870,8 @@ CVE-2024-56358,0,0,a5242b1488bc185e31d245df23f8cd112af7bc1ad520eb610922e4932f3aa
CVE-2024-56359,0,0,57fb0eb3210037d0725af8cb3d5a41f7619e854b3139ae13f78a6461042373b7,2024-12-20T21:15:10.880000
CVE-2024-5636,0,0,be674ee7db367fbb27ae45f825fa3b6cac855c767643bde3f8b1378da8ddb51a,2024-11-21T09:48:03.883000
CVE-2024-5637,0,0,a5e32b0dfdcc3b00fa1c534a6efa8caef39b80f083f1c956c246ad8a83c6df00,2024-11-21T09:48:04.030000
CVE-2024-56375,1,1,2a34ccceff495c37ae84092fe8c0ad283727cd545575a5f30821495b0c5dc2ed,2024-12-22T23:15:06.613000
CVE-2024-56378,1,1,6719f8ca56230694a59bc1f5e75e3ab9feb822f8501e080a6c8cff7081436ef7,2024-12-23T00:15:05.133000
CVE-2024-56375,0,0,2a34ccceff495c37ae84092fe8c0ad283727cd545575a5f30821495b0c5dc2ed,2024-12-22T23:15:06.613000
CVE-2024-56378,0,0,6719f8ca56230694a59bc1f5e75e3ab9feb822f8501e080a6c8cff7081436ef7,2024-12-23T00:15:05.133000
CVE-2024-5638,0,0,4a64496852c4ee147220588b5d1940917ce749a1b3dd56d16a77a8cf3ed54b84,2024-11-21T09:48:04.153000
CVE-2024-5639,0,0,78123d59d6ff1062d5cdcc1456c84b89eb240e57bd822aee818d4edc5bb804e5,2024-11-21T09:48:04.290000
CVE-2024-5640,0,0,01c62801966d56f9308a985efd017779bd36dfe950ad675d920936fb65a56c1f,2024-11-21T09:48:04.440000

Can't render this file because it is too large.