Skip to content

Commit

Permalink
2 changes (2 new | 0 updated):
Browse files Browse the repository at this point in the history 
      - 2 new CVEs:  CVE-2024-11060, CVE-2024-41992
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Nov 11, 2024
1 parent 4c7f837 commit 01a125e
Show file tree
Hide file tree
Showing 4 changed files with 243 additions and 6 deletions.
155 changes: 155 additions & 0 deletions cves/2024/11xxx/CVE-2024-11060.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,155 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-11060",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"state": "PUBLISHED",
"assignerShortName": "VulDB",
"dateReserved": "2024-11-10T08:42:34.810Z",
"datePublished": "2024-11-11T00:00:15.171Z",
"dateUpdated": "2024-11-11T00:00:15.171Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2024-11-11T00:00:15.171Z"
},
"title": "Jinher Network Collaborative Management Platform 金和数字化智能办公平台 AcceptShow.aspx sql injection",
"problemTypes": [
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-89",
"lang": "en",
"description": "SQL Injection"
}
]
},
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-74",
"lang": "en",
"description": "Injection"
}
]
}
],
"affected": [
{
"vendor": "Jinher Network",
"product": "Collaborative Management Platform 金和数字化智能办公平台",
"versions": [
{
"version": "1.0",
"status": "affected"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Jinher Network Collaborative Management Platform 金和数字化智能办公平台 1.0. Affected is an unknown function of the file /C6/JHSoft.Web.AcceptAip/AcceptShow.aspx/. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Jinher Network Collaborative Management Platform 金和数字化智能办公平台 1.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /C6/JHSoft.Web.AcceptAip/AcceptShow.aspx/. Mittels Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung."
}
],
"metrics": [
{
"cvssV4_0": {
"version": "4.0",
"baseScore": 5.3,
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_1": {
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
}
],
"timeline": [
{
"time": "2024-11-10T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2024-11-10T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2024-11-10T09:47:53.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "SunYihang (VulDB User)",
"type": "reporter"
}
],
"references": [
{
"url": "https://vuldb.com/?id.283806",
"name": "VDB-283806 | Jinher Network Collaborative Management Platform 金和数字化智能办公平台 AcceptShow.aspx sql injection",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.283806",
"name": "VDB-283806 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.440344",
"name": "Submit #440344 | Jinher Software Jinher collaborative management platform 1.0 SQL Injection",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/Sy0ung/CVE/blob/main/verdors/JinherNetwork/Jinher-OA-System/SQLi-1.md",
"tags": [
"exploit"
]
}
]
}
}
}
56 changes: 56 additions & 0 deletions cves/2024/41xxx/CVE-2024-41992.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"dataType": "CVE_RECORD",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-41992",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2024-11-11T00:13:59.897560",
"dateReserved": "2024-07-26T00:00:00",
"datePublished": "2024-11-11T00:00:00"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2024-11-11T00:13:59.897560"
},
"descriptions": [
{
"lang": "en",
"value": "Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP port 8000 or 8080 on a LAN interface. On other devices, this may be exploitable over a WAN interface."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://ssd-disclosure.com/ssd-advisory-arcadyan-fmimg51ax000j-wifi-alliance-rce/"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
},
"dataVersion": "5.1"
}
18 changes: 12 additions & 6 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,18 @@
{
"fetchTime": "2024-11-10T23:56:04.267Z",
"numberOfChanges": 1,
"fetchTime": "2024-11-11T00:18:06.811Z",
"numberOfChanges": 2,
"new": [
{
"cveId": "CVE-2023-40457",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-40457",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/40xxx/CVE-2023-40457.json",
"dateUpdated": "2024-11-10T23:53:50.333176"
"cveId": "CVE-2024-11060",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11060",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11060.json",
"dateUpdated": "2024-11-11T00:00:15.171Z"
},
{
"cveId": "CVE-2024-41992",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-41992",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/41xxx/CVE-2024-41992.json",
"dateUpdated": "2024-11-11T00:13:59.897560"
}
],
"updated": [],
Expand Down
20 changes: 20 additions & 0 deletions cves/deltaLog.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,24 @@
[
{
"fetchTime": "2024-11-11T00:18:06.811Z",
"numberOfChanges": 2,
"new": [
{
"cveId": "CVE-2024-11060",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11060",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11060.json",
"dateUpdated": "2024-11-11T00:00:15.171Z"
},
{
"cveId": "CVE-2024-41992",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-41992",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/41xxx/CVE-2024-41992.json",
"dateUpdated": "2024-11-11T00:13:59.897560"
}
],
"updated": [],
"error": []
},
{
"fetchTime": "2024-11-10T23:56:04.267Z",
"numberOfChanges": 1,
Expand Down

0 comments on commit 01a125e

Please sign in to comment.