Skip to content

Commit

Permalink
3 changes (2 new | 1 updated):
Browse files Browse the repository at this point in the history 
      - 2 new CVEs:  CVE-2024-11652, CVE-2024-53930
      - 1 updated CVEs: CVE-2024-5514
  • Loading branch information
cvelistV5 Github Action committed Nov 25, 2024
1 parent b66a5f3 commit a96d24d
Show file tree
Hide file tree
Showing 5 changed files with 309 additions and 60 deletions.
175 changes: 175 additions & 0 deletions cves/2024/11xxx/CVE-2024-11652.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,175 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-11652",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"state": "PUBLISHED",
"assignerShortName": "VulDB",
"dateReserved": "2024-11-24T15:13:51.901Z",
"datePublished": "2024-11-25T03:00:34.348Z",
"dateUpdated": "2024-11-25T03:00:34.348Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2024-11-25T03:00:34.348Z"
},
"title": "EnGenius ENH1350EXT/ENS500-AC/ENS620EXT sn_https command injection",
"problemTypes": [
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-77",
"lang": "en",
"description": "Command Injection"
}
]
},
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-74",
"lang": "en",
"description": "Injection"
}
]
}
],
"affected": [
{
"vendor": "EnGenius",
"product": "ENH1350EXT",
"versions": [
{
"version": "20241118",
"status": "affected"
}
]
},
{
"vendor": "EnGenius",
"product": "ENS500-AC",
"versions": [
{
"version": "20241118",
"status": "affected"
}
]
},
{
"vendor": "EnGenius",
"product": "ENS620EXT",
"versions": [
{
"version": "20241118",
"status": "affected"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sn_package/sn_https. The manipulation of the argument https_enable leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In EnGenius ENH1350EXT, ENS500-AC and ENS620EXT bis 20241118 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/sn_package/sn_https. Mittels Manipulieren des Arguments https_enable mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."
}
],
"metrics": [
{
"cvssV4_0": {
"version": "4.0",
"baseScore": 5.1,
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_1": {
"version": "3.1",
"baseScore": 4.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"baseScore": 4.7,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
}
}
],
"timeline": [
{
"time": "2024-11-24T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2024-11-24T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2024-11-24T16:19:21.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "liutong (VulDB User)",
"type": "reporter"
}
],
"references": [
{
"url": "https://vuldb.com/?id.285973",
"name": "VDB-285973 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT sn_https command injection",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.285973",
"name": "VDB-285973 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.446629",
"name": "Submit #446629 | EnGenius ENS500-AC 3.7.20 Command Injection",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://k9u7kv33ub.feishu.cn/wiki/Rf7wwXMpQiJkp8kp4pmcZb2tnPe",
"tags": [
"exploit"
]
}
]
}
}
}
71 changes: 71 additions & 0 deletions cves/2024/53xxx/CVE-2024-53930.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
{
"dataType": "CVE_RECORD",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-53930",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2024-11-25T02:59:39.568008",
"dateReserved": "2024-11-25T00:00:00",
"datePublished": "2024-11-25T00:00:00"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2024-11-25T02:59:39.568008"
},
"descriptions": [
{
"lang": "en",
"value": "WikiDocs before 1.0.65 allows stored XSS by authenticated users via data that comes after $$\\\\, which is mishandled by a KaTeX parser."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://github.com/Zavy86/WikiDocs/releases/tag/1.0.65"
},
{
"url": "https://github.com/Zavy86/WikiDocs/compare/1.0.64...1.0.65"
},
{
"url": "https://github.com/Zavy86/WikiDocs/commit/aa264bd046a254522da67600be73791bd4e5dafc"
},
{
"url": "https://github.com/Zavy86/WikiDocs/issues/211"
},
{
"url": "https://github.com/Zavy86/WikiDocs/pull/213"
},
{
"url": "https://www.xbow.com"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
},
"dataVersion": "5.1"
}
22 changes: 20 additions & 2 deletions cves/2024/5xxx/CVE-2024-5514.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"assignerShortName": "twcert",
"dateReserved": "2024-05-30T01:40:43.656Z",
"datePublished": "2024-05-30T02:14:46.713Z",
"dateUpdated": "2024-08-01T21:18:05.342Z"
"dateUpdated": "2024-11-25T03:04:51.155Z"
},
"containers": {
"cna": {
Expand Down Expand Up @@ -100,14 +100,32 @@
"providerMetadata": {
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert",
"dateUpdated": "2024-05-30T02:14:46.713Z"
"dateUpdated": "2024-11-25T03:04:51.155Z"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7828-c08b8-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-7831-b9a46-2.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.chtsecurity.com/news/2dde8d39-59fc-4c09-b4ad-0acf692321c5"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.chtsecurity.com/news/6b2393f5-3041-4011-b2ea-528e312c6b3c"
}
],
"solutions": [
Expand Down
74 changes: 16 additions & 58 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,68 +1,26 @@
{
"fetchTime": "2024-11-25T02:46:56.078Z",
"numberOfChanges": 10,
"fetchTime": "2024-11-25T03:09:28.961Z",
"numberOfChanges": 3,
"new": [
{
"cveId": "CVE-2024-11651",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11651",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11651.json",
"dateUpdated": "2024-11-25T02:31:24.797Z"
"cveId": "CVE-2024-11652",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11652",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11652.json",
"dateUpdated": "2024-11-25T03:00:34.348Z"
},
{
"cveId": "CVE-2024-53930",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-53930",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/53xxx/CVE-2024-53930.json",
"dateUpdated": "2024-11-25T02:59:39.568008"
}
],
"updated": [
{
"cveId": "CVE-2023-3758",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-3758",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/3xxx/CVE-2023-3758.json",
"dateUpdated": "2024-11-25T02:44:41.369Z"
},
{
"cveId": "CVE-2023-40660",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-40660",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/40xxx/CVE-2023-40660.json",
"dateUpdated": "2024-11-25T02:45:11.454Z"
},
{
"cveId": "CVE-2023-41175",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-41175",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/41xxx/CVE-2023-41175.json",
"dateUpdated": "2024-11-25T02:45:13.719Z"
},
{
"cveId": "CVE-2023-4387",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-4387",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/4xxx/CVE-2023-4387.json",
"dateUpdated": "2024-11-25T02:40:14.568Z"
},
{
"cveId": "CVE-2023-6267",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-6267",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/6xxx/CVE-2023-6267.json",
"dateUpdated": "2024-11-25T02:44:43.477Z"
},
{
"cveId": "CVE-2024-1023",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1023",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1023.json",
"dateUpdated": "2024-11-25T02:45:39.432Z"
},
{
"cveId": "CVE-2024-1300",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1300",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1300.json",
"dateUpdated": "2024-11-25T02:45:39.468Z"
},
{
"cveId": "CVE-2024-1753",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1753",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1753.json",
"dateUpdated": "2024-11-25T02:45:41.446Z"
},
{
"cveId": "CVE-2024-28834",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-28834",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/28xxx/CVE-2024-28834.json",
"dateUpdated": "2024-11-25T02:45:53.454Z"
"cveId": "CVE-2024-5514",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5514",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5514.json",
"dateUpdated": "2024-11-25T03:04:51.155Z"
}
],
"error": []
Expand Down
Loading

0 comments on commit a96d24d

Please sign in to comment.