Skip to content

Commit

Permalink
Auto-Update: 2024-11-18T09:00:34.595517+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Nov 18, 2024
1 parent 8a2b62e commit b7227f8
Show file tree
Hide file tree
Showing 9 changed files with 452 additions and 31 deletions.
64 changes: 64 additions & 0 deletions CVE-2024/CVE-2024-113xx/CVE-2024-11311.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
{
"id": "CVE-2024-11311",
"sourceIdentifier": "[email protected]",
"published": "2024-11-18T07:15:13.063",
"lastModified": "2024-11-18T07:15:13.063",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/en/cp-139-8247-83457-2.html",
"source": "[email protected]"
},
{
"url": "https://www.twcert.org.tw/tw/cp-132-8246-d462a-1.html",
"source": "[email protected]"
}
]
}
64 changes: 64 additions & 0 deletions CVE-2024/CVE-2024-113xx/CVE-2024-11312.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
{
"id": "CVE-2024-11312",
"sourceIdentifier": "[email protected]",
"published": "2024-11-18T07:15:14.903",
"lastModified": "2024-11-18T07:15:14.903",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/en/cp-139-8249-65252-2.html",
"source": "[email protected]"
},
{
"url": "https://www.twcert.org.tw/tw/cp-132-8248-8dac9-1.html",
"source": "[email protected]"
}
]
}
64 changes: 64 additions & 0 deletions CVE-2024/CVE-2024-113xx/CVE-2024-11313.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
{
"id": "CVE-2024-11313",
"sourceIdentifier": "[email protected]",
"published": "2024-11-18T07:15:15.420",
"lastModified": "2024-11-18T07:15:15.420",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/en/cp-139-8251-3455e-2.html",
"source": "[email protected]"
},
{
"url": "https://www.twcert.org.tw/tw/cp-132-8250-1837b-1.html",
"source": "[email protected]"
}
]
}
64 changes: 64 additions & 0 deletions CVE-2024/CVE-2024-113xx/CVE-2024-11314.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
{
"id": "CVE-2024-11314",
"sourceIdentifier": "[email protected]",
"published": "2024-11-18T07:15:15.993",
"lastModified": "2024-11-18T07:15:15.993",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/en/cp-139-8253-bc363-2.html",
"source": "[email protected]"
},
{
"url": "https://www.twcert.org.tw/tw/cp-132-8252-91d6a-1.html",
"source": "[email protected]"
}
]
}
64 changes: 64 additions & 0 deletions CVE-2024/CVE-2024-113xx/CVE-2024-11315.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
{
"id": "CVE-2024-11315",
"sourceIdentifier": "[email protected]",
"published": "2024-11-18T07:15:16.673",
"lastModified": "2024-11-18T07:15:16.673",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/en/cp-139-8255-0bb1a-2.html",
"source": "[email protected]"
},
{
"url": "https://www.twcert.org.tw/tw/cp-132-8254-8daa2-1.html",
"source": "[email protected]"
}
]
}
44 changes: 44 additions & 0 deletions CVE-2024/CVE-2024-220xx/CVE-2024-22067.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
{
"id": "CVE-2024-22067",
"sourceIdentifier": "[email protected]",
"published": "2024-11-18T07:15:17.370",
"lastModified": "2024-11-18T07:15:17.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/6179526095692935173",
"source": "[email protected]"
}
]
}
Loading

0 comments on commit b7227f8

Please sign in to comment.