Skip to content

Commit bd9667f

Browse files
author
cvelistV5 Github Action
committed
7 changes (5 new | 2 updated):
 - 5 new CVEs: CVE-2018-9435, CVE-2024-53938, CVE-2024-53939, CVE-2024-53940, CVE-2024-53941 - 2 updated CVEs: CVE-2024-10490, CVE-2024-11856
1 parent 2d870d0 commit bd9667f

File tree

9 files changed

+486
-11
lines changed

9 files changed

+486
-11
lines changed

cves/2018/9xxx/CVE-2018-9435.json

Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.1",
4+
"cveMetadata": {
5+
"cveId": "CVE-2018-9435",
6+
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "google_android",
9+
"dateReserved": "2018-04-05T00:00:00.000Z",
10+
"datePublished": "2024-12-02T22:12:22.069Z",
11+
"dateUpdated": "2024-12-02T22:12:22.069Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"affected": [
16+
{
17+
"defaultStatus": "unaffected",
18+
"product": "Android",
19+
"vendor": "Google",
20+
"versions": [
21+
{
22+
"status": "affected",
23+
"version": "6"
24+
},
25+
{
26+
"status": "affected",
27+
"version": "6.0.1"
28+
},
29+
{
30+
"status": "affected",
31+
"version": "7"
32+
},
33+
{
34+
"status": "affected",
35+
"version": "7.1.1"
36+
},
37+
{
38+
"status": "affected",
39+
"version": "7.1.2"
40+
},
41+
{
42+
"status": "affected",
43+
"version": "8"
44+
},
45+
{
46+
"status": "affected",
47+
"version": "8.1"
48+
}
49+
]
50+
}
51+
],
52+
"descriptions": [
53+
{
54+
"lang": "en",
55+
"supportingMedia": [
56+
{
57+
"base64": false,
58+
"type": "text/html",
59+
"value": "<span style=\"background-color: rgb(255, 255, 255);\">In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">read due to a missing bounds check. This could lead to local information&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">disclosure with no additional execution privileges needed. User interaction</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;is not needed for exploitation.</span><br>"
60+
}
61+
],
62+
"value": "In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
63+
}
64+
],
65+
"providerMetadata": {
66+
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
67+
"shortName": "google_android",
68+
"dateUpdated": "2024-12-02T22:12:22.069Z"
69+
},
70+
"references": [
71+
{
72+
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-08-01"
73+
}
74+
],
75+
"source": {
76+
"discovery": "UNKNOWN"
77+
},
78+
"x_generator": {
79+
"engine": "Vulnogram 0.2.0"
80+
}
81+
}
82+
}
83+
}

cves/2024/10xxx/CVE-2024-10490.json

Lines changed: 36 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"assignerShortName": "ABB",
99
"dateReserved": "2024-10-29T11:13:34.960Z",
1010
"datePublished": "2024-12-02T08:46:44.044Z",
11-
"dateUpdated": "2024-12-02T08:46:48.918Z"
11+
"dateUpdated": "2024-12-02T22:11:21.408Z"
1212
},
1313
"containers": {
1414
"cna": {
@@ -169,6 +169,40 @@
169169
"x_generator": {
170170
"engine": "Vulnogram 0.2.0"
171171
}
172-
}
172+
},
173+
"adp": [
174+
{
175+
"metrics": [
176+
{
177+
"other": {
178+
"type": "ssvc",
179+
"content": {
180+
"timestamp": "2024-12-02T22:11:11.404146Z",
181+
"id": "CVE-2024-10490",
182+
"options": [
183+
{
184+
"Exploitation": "none"
185+
},
186+
{
187+
"Automatable": "no"
188+
},
189+
{
190+
"Technical Impact": "partial"
191+
}
192+
],
193+
"role": "CISA Coordinator",
194+
"version": "2.0.3"
195+
}
196+
}
197+
}
198+
],
199+
"title": "CISA ADP Vulnrichment",
200+
"providerMetadata": {
201+
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
202+
"shortName": "CISA-ADP",
203+
"dateUpdated": "2024-12-02T22:11:21.408Z"
204+
}
205+
}
206+
]
173207
}
174208
}

cves/2024/11xxx/CVE-2024-11856.json

Lines changed: 36 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"assignerShortName": "hpe",
99
"dateReserved": "2024-11-27T01:24:12.689Z",
1010
"datePublished": "2024-12-02T02:43:51.554Z",
11-
"dateUpdated": "2024-12-02T02:43:51.554Z"
11+
"dateUpdated": "2024-12-02T22:13:39.635Z"
1212
},
1313
"containers": {
1414
"cna": {
@@ -131,6 +131,40 @@
131131
"x_generator": {
132132
"engine": "Vulnogram 0.2.0"
133133
}
134-
}
134+
},
135+
"adp": [
136+
{
137+
"metrics": [
138+
{
139+
"other": {
140+
"type": "ssvc",
141+
"content": {
142+
"timestamp": "2024-12-02T22:12:30.891086Z",
143+
"id": "CVE-2024-11856",
144+
"options": [
145+
{
146+
"Exploitation": "none"
147+
},
148+
{
149+
"Automatable": "no"
150+
},
151+
{
152+
"Technical Impact": "partial"
153+
}
154+
],
155+
"role": "CISA Coordinator",
156+
"version": "2.0.3"
157+
}
158+
}
159+
}
160+
],
161+
"title": "CISA ADP Vulnrichment",
162+
"providerMetadata": {
163+
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
164+
"shortName": "CISA-ADP",
165+
"dateUpdated": "2024-12-02T22:13:39.635Z"
166+
}
167+
}
168+
]
135169
}
136170
}

cves/2024/53xxx/CVE-2024-53938.json

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"cveMetadata": {
4+
"state": "PUBLISHED",
5+
"cveId": "CVE-2024-53938",
6+
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
7+
"assignerShortName": "mitre",
8+
"dateUpdated": "2024-12-02T22:13:10.889074",
9+
"dateReserved": "2024-11-25T00:00:00",
10+
"datePublished": "2024-12-02T00:00:00"
11+
},
12+
"containers": {
13+
"cna": {
14+
"providerMetadata": {
15+
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
16+
"shortName": "mitre",
17+
"dateUpdated": "2024-12-02T22:13:10.889074"
18+
},
19+
"descriptions": [
20+
{
21+
"lang": "en",
22+
"value": "An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over the router remotely without any authentication."
23+
}
24+
],
25+
"affected": [
26+
{
27+
"vendor": "n/a",
28+
"product": "n/a",
29+
"versions": [
30+
{
31+
"version": "n/a",
32+
"status": "affected"
33+
}
34+
]
35+
}
36+
],
37+
"references": [
38+
{
39+
"url": "https://github.com/actuator/cve/blob/main/Victure/Victure_RX1800_Security_Report.pdf"
40+
},
41+
{
42+
"url": "https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53938.txt"
43+
}
44+
],
45+
"problemTypes": [
46+
{
47+
"descriptions": [
48+
{
49+
"type": "text",
50+
"lang": "en",
51+
"description": "n/a"
52+
}
53+
]
54+
}
55+
]
56+
}
57+
},
58+
"dataVersion": "5.1"
59+
}

cves/2024/53xxx/CVE-2024-53939.json

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"cveMetadata": {
4+
"state": "PUBLISHED",
5+
"cveId": "CVE-2024-53939",
6+
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
7+
"assignerShortName": "mitre",
8+
"dateUpdated": "2024-12-02T22:08:09.559011",
9+
"dateReserved": "2024-11-25T00:00:00",
10+
"datePublished": "2024-12-02T00:00:00"
11+
},
12+
"containers": {
13+
"cna": {
14+
"providerMetadata": {
15+
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
16+
"shortName": "mitre",
17+
"dateUpdated": "2024-12-02T22:08:09.559011"
18+
},
19+
"descriptions": [
20+
{
21+
"lang": "en",
22+
"value": "An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on the device (with root-level permissions) via crafted input."
23+
}
24+
],
25+
"affected": [
26+
{
27+
"vendor": "n/a",
28+
"product": "n/a",
29+
"versions": [
30+
{
31+
"version": "n/a",
32+
"status": "affected"
33+
}
34+
]
35+
}
36+
],
37+
"references": [
38+
{
39+
"url": "https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53939.txt"
40+
},
41+
{
42+
"url": "https://github.com/actuator/cve/blob/main/Victure/Victure_RX1800_Security_Report.pdf"
43+
},
44+
{
45+
"url": "https://github.com/actuator/cve/blob/main/Victure/RX1800-EN_V1.0.0_r12_110933-CMD-INJ-WIFI-SHELL.gif"
46+
}
47+
],
48+
"problemTypes": [
49+
{
50+
"descriptions": [
51+
{
52+
"type": "text",
53+
"lang": "en",
54+
"description": "n/a"
55+
}
56+
]
57+
}
58+
]
59+
}
60+
},
61+
"dataVersion": "5.1"
62+
}

cves/2024/53xxx/CVE-2024-53940.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"cveMetadata": {
4+
"state": "PUBLISHED",
5+
"cveId": "CVE-2024-53940",
6+
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
7+
"assignerShortName": "mitre",
8+
"dateUpdated": "2024-12-02T22:05:26.300216",
9+
"dateReserved": "2024-11-25T00:00:00",
10+
"datePublished": "2024-12-02T00:00:00"
11+
},
12+
"containers": {
13+
"cna": {
14+
"providerMetadata": {
15+
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
16+
"shortName": "mitre",
17+
"dateUpdated": "2024-12-02T22:05:26.300216"
18+
},
19+
"descriptions": [
20+
{
21+
"lang": "en",
22+
"value": "An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling arbitrary command execution with root-level permissions on the device."
23+
}
24+
],
25+
"affected": [
26+
{
27+
"vendor": "n/a",
28+
"product": "n/a",
29+
"versions": [
30+
{
31+
"version": "n/a",
32+
"status": "affected"
33+
}
34+
]
35+
}
36+
],
37+
"references": [
38+
{
39+
"url": "https://github.com/actuator/cve/blob/main/Victure/CVE-2024-53940.txt"
40+
}
41+
],
42+
"problemTypes": [
43+
{
44+
"descriptions": [
45+
{
46+
"type": "text",
47+
"lang": "en",
48+
"description": "n/a"
49+
}
50+
]
51+
}
52+
]
53+
}
54+
},
55+
"dataVersion": "5.1"
56+
}

0 commit comments

Comments
 (0)