diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9909.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9909.json new file mode 100644 index 00000000000..a0fc44c7d71 --- /dev/null +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9909.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-9909", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-13T14:15:02.857", + "lastModified": "2024-10-13T14:15:02.857", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formSetMuti of the file /goform/formSetMuti. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetMuti.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.280237", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.280237", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.418740", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.dlink.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9910.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9910.json new file mode 100644 index 00000000000..1a9e6dadd20 --- /dev/null +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9910.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-9910", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-13T15:15:11.117", + "lastModified": "2024-10-13T15:15:11.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formSetPassword.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.280238", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.280238", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.418741", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.dlink.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 78b56afeb3f..4b307930e6f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-13T14:00:17.534218+00:00 +2024-10-13T16:00:17.328694+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-13T13:15:10.880000+00:00 +2024-10-13T15:15:11.117000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -265448 +265450 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -- [CVE-2024-6959](CVE-2024/CVE-2024-69xx/CVE-2024-6959.json) (`2024-10-13T13:15:10.880`) -- [CVE-2024-9908](CVE-2024/CVE-2024-99xx/CVE-2024-9908.json) (`2024-10-13T12:15:10.087`) +- [CVE-2024-9909](CVE-2024/CVE-2024-99xx/CVE-2024-9909.json) (`2024-10-13T14:15:02.857`) +- [CVE-2024-9910](CVE-2024/CVE-2024-99xx/CVE-2024-9910.json) (`2024-10-13T15:15:11.117`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 6aaf69be182..c97f2970ce9 100644 --- a/_state.csv +++ b/_state.csv @@ -263630,7 +263630,7 @@ CVE-2024-6955,0,0,a26f625ecf124adff42bb43bc9f1e0c8d32b78d7fbf99f165aa453f32a4235 CVE-2024-6956,0,0,402b3b90bc0ef6eea6fea2da2c73e896560064f50f2a4d52cad793cf96bb3277,2024-08-21T17:35:59.550000 CVE-2024-6957,0,0,b4f44e4de7831c46c7995591b032592b6aa63f3442f007561464731699c5213c,2024-08-21T17:33:42.753000 CVE-2024-6958,0,0,815ebcc0d5fc84aab6c67001f06fe76ce9152d116a343e60ea5524ee95f4434e,2024-08-21T17:42:29.697000 -CVE-2024-6959,1,1,021cf5aa79b268589e0c20396563e26d84d5c16a23f10cdd935d279d800ddd31,2024-10-13T13:15:10.880000 +CVE-2024-6959,0,0,021cf5aa79b268589e0c20396563e26d84d5c16a23f10cdd935d279d800ddd31,2024-10-13T13:15:10.880000 CVE-2024-6960,0,0,932ef4036cbd886ee22297597ffd985e884d3c0cad50613ff0bd32ecdcd39a17,2024-08-01T14:00:50.973000 CVE-2024-6961,0,0,c26f41db6b5c6e22104567980ea901ebcdc3d0c6ac8c59905ee37ac020ae3afe,2024-08-01T14:00:51.710000 CVE-2024-6962,0,0,b8054e2d59ceccdcd4628c1dbc900d3f0c22ab58e2eaf33700d9d63f648dd237,2024-07-25T15:47:18.363000 @@ -265446,4 +265446,6 @@ CVE-2024-9904,0,0,50f6f4882220d4c8849cc257d9163a28312ac875f0e252858462cd5dc02e90 CVE-2024-9905,0,0,c0097ee89146c52d426cb05812cc5979708f04b7bbc0590dfa12a0f461909ca0,2024-10-13T03:15:02.357000 CVE-2024-9906,0,0,b8b12ad8759bf1007e1cfdf4ea1ad62f0938f515d119e896b70b10a63c4a4ac5,2024-10-13T04:15:02.473000 CVE-2024-9907,0,0,b4a306f8d3bc361a4d35b0d0c9746136d1969ea0a6c6aea23f6ad7a41d8a202f,2024-10-13T05:15:02.493000 -CVE-2024-9908,1,1,86835401d14de34741608d6f8a2a15eabd690fa9d9de4f33be75b85d7273d544,2024-10-13T12:15:10.087000 +CVE-2024-9908,0,0,86835401d14de34741608d6f8a2a15eabd690fa9d9de4f33be75b85d7273d544,2024-10-13T12:15:10.087000 +CVE-2024-9909,1,1,0117d9c3dc8af32fc2bcfba3e6cfeae13b61897a2bc0d83e07f7c55dd96fb71a,2024-10-13T14:15:02.857000 +CVE-2024-9910,1,1,1b159cab4596ebaa2f06d61d8a9081dad9c3a47f61a028b021f4e0d66d7e78a9,2024-10-13T15:15:11.117000