2 changes (1 new | 1 updated):

      - 1 new CVEs:  CVE-2024-53473
      - 1 updated CVEs: CVE-2024-54749

Author: cvelistV5 Github Action

cves/2024/53xxx/CVE-2024-53473.json

@@ -0,0 +1,65 @@
+{
+    "dataType": "CVE_RECORD",
+    "cveMetadata": {
+        "state": "PUBLISHED",
+        "cveId": "CVE-2024-53473",
+        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+        "assignerShortName": "mitre",
+        "dateUpdated": "2024-12-07T22:02:59.934766",
+        "dateReserved": "2024-11-20T00:00:00",
+        "datePublished": "2024-12-07T00:00:00"
+    },
+    "containers": {
+        "cna": {
+            "providerMetadata": {
+                "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+                "shortName": "mitre",
+                "dateUpdated": "2024-12-07T22:02:59.934766"
+            },
+            "descriptions": [
+                {
+                    "lang": "en",
+                    "value": "WeGIA 3.2.0 before 3998672 does not verify permission to change a password."
+                }
+            ],
+            "affected": [
+                {
+                    "vendor": "n/a",
+                    "product": "n/a",
+                    "versions": [
+                        {
+                            "version": "n/a",
+                            "status": "affected"
+                        }
+                    ]
+                }
+            ],
+            "references": [
+                {
+                    "url": "https://www.wegia.org"
+                },
+                {
+                    "url": "https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-53473"
+                },
+                {
+                    "url": "https://github.com/nilsonLazarin/WeGIA/commit/3998672f1b86db58eab2808a640903d73b37bd2d"
+                },
+                {
+                    "url": "https://github.com/nilsonLazarin/WeGIA/issues/791"
+                }
+            ],
+            "problemTypes": [
+                {
+                    "descriptions": [
+                        {
+                            "type": "text",
+                            "lang": "en",
+                            "description": "n/a"
+                        }
+                    ]
+                }
+            ]
+        }
+    },
+    "dataVersion": "5.1"
+}

cves/2024/54xxx/CVE-2024-54749.json

@@ -5,7 +5,7 @@
         "cveId": "CVE-2024-54749",
         "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
         "assignerShortName": "mitre",
-        "dateUpdated": "2024-12-06T16:31:05.473410",
+        "dateUpdated": "2024-12-07T22:08:11.961877Z",
         "dateReserved": "2024-12-06T00:00:00",
         "datePublished": "2024-12-06T00:00:00"
     },
@@ -14,12 +14,12 @@
             "providerMetadata": {
                 "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
                 "shortName": "mitre",
-                "dateUpdated": "2024-12-06T16:31:05.473410"
+                "dateUpdated": "2024-12-07T22:08:11.961877Z"
             },
             "descriptions": [
                 {
                     "lang": "en",
-                    "value": "Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root."
+                    "value": "Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the observation only established that a password is present in a firmware image; however, the device cannot be deployed without setting a new password during installation."
                 }
             ],
             "affected": [
@@ -49,6 +49,9 @@
                         }
                     ]
                 }
+            ],
+            "tags": [
+                "disputed"
             ]
         }
     },

cves/delta.json

@@ -1,13 +1,20 @@
 {
-  "fetchTime": "2024-12-07T21:06:22.344Z",
-  "numberOfChanges": 1,
-  "new": [],
+  "fetchTime": "2024-12-07T22:11:11.116Z",
+  "numberOfChanges": 2,
+  "new": [
+    {
+      "cveId": "CVE-2024-53473",
+      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-53473",
+      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/53xxx/CVE-2024-53473.json",
+      "dateUpdated": "2024-12-07T22:02:59.934766"
+    }
+  ],
   "updated": [
     {
-      "cveId": "CVE-2020-35357",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2020-35357",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2020/35xxx/CVE-2020-35357.json",
-      "dateUpdated": "2024-12-07T21:02:36.751Z"
+      "cveId": "CVE-2024-54749",
+      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-54749",
+      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/54xxx/CVE-2024-54749.json",
+      "dateUpdated": "2024-12-07T22:08:11.961877Z"
     }
   ],
   "error": []