-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Weston Steimel <[email protected]>
- Loading branch information
1 parent
91658db
commit c5afdd0
Showing
112 changed files
with
4,136 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "icscert", | ||
| "cveId": "CVE-2024-41722", | ||
| "description": "In the goTenna Pro ATAK Plugin there is a vulnerability that makes it \npossible to inject any custom message with any GID and Callsign using a \nsoftware defined radio in existing gotenna mesh networks. This \nvulnerability can be exploited if the device is being used in a \nunencrypted environment or if the cryptography has already been \ncompromised.", | ||
| "needsReview": true, | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05" | ||
| ], | ||
| "solutions": [ | ||
| "goTenna recommends that users mitigate these vulnerabilities by performing the following updates:\n\n\n\n * ATAK Plugin: v2.0.7 or greater" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:gotenna:atak_plugin:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "Pro ATAK Plugin", | ||
| "vendor": "goTenna", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "1.9.12", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "icscert", | ||
| "cveId": "CVE-2024-41931", | ||
| "description": "The goTenna Pro ATAK Plugin broadcast key name is always sent unencrypted and could reveal the location of operation.", | ||
| "needsReview": true, | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05" | ||
| ], | ||
| "solutions": [ | ||
| "goTenna recommends that users mitigate these vulnerabilities by performing the following updates:\n\n\n\n * ATAK Plugin: v2.0.7 or greater" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:gotenna:atak_plugin:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "Pro ATAK Plugin", | ||
| "vendor": "goTenna", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "1.9.12", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "icscert", | ||
| "cveId": "CVE-2024-43108", | ||
| "description": "The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted \nmessages without any additional integrity checking mechanisms. This \nleaves messages malleable to any attacker that can access the message.", | ||
| "needsReview": true, | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05" | ||
| ], | ||
| "solutions": [ | ||
| "goTenna recommends that users mitigate these vulnerabilities by performing the following updates:\n\n\n\n * ATAK Plugin: v2.0.7 or greater" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:gotenna:atak_plugin:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "Pro ATAK Plugin", | ||
| "vendor": "goTenna", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "1.9.12", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "icscert", | ||
| "cveId": "CVE-2024-43694", | ||
| "description": "In the goTenna Pro ATAK Plugin application, the encryption keys are \nstored along with a static IV on the device. This allows for complete \ndecryption of keys stored on the device. This allows an attacker to \ndecrypt all encrypted broadcast communications based on broadcast keys \nstored on the device.", | ||
| "needsReview": true, | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05" | ||
| ], | ||
| "solutions": [ | ||
| "goTenna recommends that users mitigate these vulnerabilities by performing the following updates:\n\n\n\n * ATAK Plugin: v2.0.7 or greater" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:gotenna:atak_plugin:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "Pro ATAK Plugin", | ||
| "vendor": "goTenna", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "1.9.12", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "icscert", | ||
| "cveId": "CVE-2024-43814", | ||
| "description": "goTenna Pro ATAK Plugin by default enables frequent unencrypted \nPosition, Location and Information (PLI) transmission. This transmission\n is done without user's knowledge, revealing the exact location \ntransmitted in unencrypted form.", | ||
| "needsReview": true, | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05" | ||
| ], | ||
| "solutions": [ | ||
| "goTenna recommends that users mitigate these vulnerabilities by performing the following updates:\n\n\n\n * ATAK Plugin: v2.0.7 or greater" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:gotenna:atak_plugin:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "Pro ATAK Plugin", | ||
| "vendor": "goTenna", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "1.9.12", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "patchstack", | ||
| "cveId": "CVE-2024-44013", | ||
| "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Innate Images LLC VR Calendar allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through 2.4.0.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://patchstack.com/database/vulnerability/vr-calendar-sync/wordpress-vr-calendar-plugin-2-4-0-local-file-inclusion-vulnerability?_s_id=cve" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "cpes": [ | ||
| "cpe:2.3:a:vr_calendar_project:vr_calendar:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "vr-calendar-sync", | ||
| "packageType": "wordpress-plugin", | ||
| "product": "VR Calendar", | ||
| "repo": "https://plugins.svn.wordpress.org/vr-calendar-sync", | ||
| "vendor": "Innate Images LLC", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "2.4.0", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/54c1eb7b-c3fe-4975-9f51-df3aba53fe46?source=cve" | ||
| } | ||
| ] | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "patchstack", | ||
| "cveId": "CVE-2024-44029", | ||
| "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in David Garlitz viala allows Reflected XSS.This issue affects viala: from n/a through 1.3.1.", | ||
| "reason": "Added CPE configurations because not yet analyzed by NVD.", | ||
| "references": [ | ||
| "https://patchstack.com/database/vulnerability/viala/wordpress-viala-theme-1-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/themes", | ||
| "cpes": [ | ||
| "cpe:2.3:a:davidgarlitz:viala:*:*:*:*:*:wordpress:*:*" | ||
| ], | ||
| "packageName": "viala", | ||
| "packageType": "wordpress-theme", | ||
| "product": "viala", | ||
| "repo": "https://themes.svn.wordpress.org/viala", | ||
| "vendor": "David Garlitz", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "1.3.1", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3107fe1e-f997-4d13-9ecb-7fe9ff5a9c55?source=cve" | ||
| } | ||
| ] | ||
| } | ||
| } |
Oops, something went wrong.