Skip to content

Commit

Permalink
5 changes (4 new | 1 updated):
Browse files Browse the repository at this point in the history 
      - 4 new CVEs:  CVE-2024-38309, CVE-2024-38389, CVE-2024-38658, CVE-2024-53008
      - 1 updated CVEs: CVE-2024-11667
  • Loading branch information
cvelistV5 Github Action committed Nov 28, 2024
1 parent f3879ad commit 7cc7062
Show file tree
Hide file tree
Showing 7 changed files with 409 additions and 234 deletions.
6 changes: 3 additions & 3 deletions cves/2024/11xxx/CVE-2024-11667.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"assignerShortName": "Zyxel",
"dateReserved": "2024-11-25T07:15:56.063Z",
"datePublished": "2024-11-27T09:39:41.691Z",
"dateUpdated": "2024-11-27T14:40:20.084Z"
"dateUpdated": "2024-11-28T02:11:49.265Z"
},
"containers": {
"cna": {
Expand Down Expand Up @@ -111,14 +111,14 @@
"providerMetadata": {
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel",
"dateUpdated": "2024-11-27T09:39:41.691Z"
"dateUpdated": "2024-11-28T02:11:49.265Z"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-21-2024"
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024"
}
],
"source": {
Expand Down
80 changes: 80 additions & 0 deletions cves/2024/38xxx/CVE-2024-38309.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-38309",
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"state": "PUBLISHED",
"assignerShortName": "jpcert",
"dateReserved": "2024-06-19T15:02:02.236Z",
"datePublished": "2024-11-28T02:10:32.213Z",
"dateUpdated": "2024-11-28T02:10:32.213Z"
},
"containers": {
"cna": {
"affected": [
{
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"product": "V-SFT",
"versions": [
{
"version": "v6.2.2.0 and earlier",
"status": "affected"
}
]
},
{
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"product": "TELLUS",
"versions": [
{
"version": "v4.0.19.0 and earlier",
"status": "affected"
}
]
},
{
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"product": "TELLUS Lite",
"versions": [
{
"version": "v4.0.19.0 and earlier",
"status": "affected"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier).\r\nIf a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based buffer overflow",
"lang": "en-US",
"cweId": "CWE-121",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97531313/"
}
],
"providerMetadata": {
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert",
"dateUpdated": "2024-11-28T02:10:32.213Z"
}
}
}
}
70 changes: 70 additions & 0 deletions cves/2024/38xxx/CVE-2024-38389.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-38389",
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"state": "PUBLISHED",
"assignerShortName": "jpcert",
"dateReserved": "2024-06-19T15:02:00.425Z",
"datePublished": "2024-11-28T02:11:04.326Z",
"dateUpdated": "2024-11-28T02:11:04.326Z"
},
"containers": {
"cna": {
"affected": [
{
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"product": "TELLUS",
"versions": [
{
"version": "v4.0.19.0 and earlier",
"status": "affected"
}
]
},
{
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"product": "TELLUS Lite",
"versions": [
{
"version": "v4.0.19.0 and earlier",
"status": "affected"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read",
"lang": "en-US",
"cweId": "CWE-125",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97531313/"
}
],
"providerMetadata": {
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert",
"dateUpdated": "2024-11-28T02:11:04.326Z"
}
}
}
}
70 changes: 70 additions & 0 deletions cves/2024/38xxx/CVE-2024-38658.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-38658",
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"state": "PUBLISHED",
"assignerShortName": "jpcert",
"dateReserved": "2024-06-19T15:02:01.369Z",
"datePublished": "2024-11-28T02:11:21.840Z",
"dateUpdated": "2024-11-28T02:11:21.840Z"
},
"containers": {
"cna": {
"affected": [
{
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"product": "V-Server",
"versions": [
{
"version": "v4.0.19.0 and earlier",
"status": "affected"
}
]
},
{
"vendor": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"product": "V-Server Lite",
"versions": [
{
"version": "v4.0.19.0 and earlier",
"status": "affected"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read",
"lang": "en-US",
"cweId": "CWE-125",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97531313/"
}
],
"providerMetadata": {
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert",
"dateUpdated": "2024-11-28T02:11:21.840Z"
}
}
}
}
119 changes: 119 additions & 0 deletions cves/2024/53xxx/CVE-2024-53008.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-53008",
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"state": "PUBLISHED",
"assignerShortName": "jpcert",
"dateReserved": "2024-11-18T23:29:20.816Z",
"datePublished": "2024-11-28T02:10:43.901Z",
"dateUpdated": "2024-11-28T02:10:43.901Z"
},
"containers": {
"cna": {
"affected": [
{
"vendor": "HAProxy Project",
"product": "HAProxy 2.6",
"versions": [
{
"version": "2.6.18 and earlier",
"status": "affected"
}
]
},
{
"vendor": "HAProxy Project",
"product": "HAProxy 2.8",
"versions": [
{
"version": "2.8.10 and earlier",
"status": "affected"
}
]
},
{
"vendor": "HAProxy Project",
"product": "HAProxy 2.9",
"versions": [
{
"version": "2.9.9 and earlier",
"status": "affected"
}
]
},
{
"vendor": "HAProxy Project",
"product": "HAProxy 3.0",
"versions": [
{
"version": "3.0.2 and earlier",
"status": "affected"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling')",
"lang": "en-US",
"cweId": "CWE-444",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.haproxy.org/"
},
{
"url": "https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2"
},
{
"url": "https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b"
},
{
"url": "https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71"
},
{
"url": "https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603"
},
{
"url": "https://jvn.jp/en/jp/JVN88385716/"
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
],
"cvssV3_0": {
"version": "3.0",
"baseSeverity": "MEDIUM",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
}
],
"providerMetadata": {
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert",
"dateUpdated": "2024-11-28T02:10:43.901Z"
}
}
}
}
Loading

0 comments on commit 7cc7062

Please sign in to comment.