admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-03-06 00:00:37 +00:00
parent 2831562337
commit 04993325ba
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 273 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2023/38xxx/CVE-2023-38944.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-38944",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2023-38944",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2024/Mar/0",
"url": "https://seclists.org/fulldisclosure/2024/Mar/0"
} }
] ]
} }

61
2023/43xxx/CVE-2023-43318.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-43318",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2023-43318",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/str2ver/CVE-2023-43318/tree/main",
"url": "https://github.com/str2ver/CVE-2023-43318/tree/main"
},
{
"refsource": "FULLDISC",
"name": "20240302 JetStream Smart Switch - TL-SG2210P v5.0/ Improper Access Control / CVE-2023-43318",
"url": "https://seclists.org/fulldisclosure/2024/Mar/9"
} }
] ]
} }

25
2023/44xxx/CVE-2023-44186.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "\nAn Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.\n\nThis issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions prior to 22.2R3-S2-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n * 23.2 versions prior to 23.2R2-EVO.\n\n\n\n\n\n\n" "value": "\nAn Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.\n\nThis issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions prior to 22.2R3-S2-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n"
} }
] ]
}, },
@ -91,11 +91,6 @@
"version_affected": "<", "version_affected": "<",
"version_name": "22.4", "version_name": "22.4",
"version_value": "22.4R2-S1, 22.4R3" "version_value": "22.4R2-S1, 22.4R3"
},
{
"version_affected": "<",
"version_name": "23.2",
"version_value": "23.2R2"
} }
] ]
} }
@ -148,11 +143,6 @@
"version_affected": "<", "version_affected": "<",
"version_name": "22.4", "version_name": "22.4",
"version_value": "22.4R2-S1-EVO, 22.4R3-EVO" "version_value": "22.4R2-S1-EVO, 22.4R3-EVO"
},
{
"version_affected": "<",
"version_name": "23.2",
"version_value": "23.2R2-EVO"
} }
] ]
} }
@ -198,14 +188,7 @@
"work_around": [ "work_around": [
{ {
"lang": "en", "lang": "en",
"supportingMedia": [ "value": "Current operational and security best practices, such as limiting the AS PATH length, should mitigate risk of this issue.\n\nBelow is an example configuration to limit AS PATH to 30 entries:\n\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from protocol bgp\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from as-path 31as\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 then reject\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 then accept\nset groups BASE-POLICY policy-options policy-statement Customer-IN term MaxAS-Limit from policy MaxAS-Limit-30\nset groups BASE-BGP protocols bgp group <*-CUSTOMER> import Customer-IN\nset groups BASE-PREFIX-LISTS policy-options as-path 31as \".{31,}\""
{
"base64": false,
"type": "text/html",
"value": "<p>Current operational and security best practices, such as limiting the AS PATH length, should mitigate risk of this issue.</p><p>Below is an example configuration to limit AS PATH to 30 entries:</p> <tt>set groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from protocol bgp<br></tt><tt>set groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from as-path 31as<br></tt><tt>set groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 then reject<br></tt><tt>set groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 then accept<br></tt><tt>set groups BASE-POLICY policy-options policy-statement Customer-IN term MaxAS-Limit from policy MaxAS-Limit-30<br></tt><tt>set groups BASE-BGP protocols bgp group &lt;*-CUSTOMER&gt; import Customer-IN<br></tt><tt>set groups BASE-PREFIX-LISTS policy-options as-path 31as \".{31,}\"</tt>"
}
],
"value": "Current operational and security best practices, such as limiting the AS PATH length, should mitigate risk of this issue.\n\nBelow is an example configuration to limit AS PATH to 30 entries:\n\n set groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from protocol bgp\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from as-path 31as\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 then reject\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 then accept\nset groups BASE-POLICY policy-options policy-statement Customer-IN term MaxAS-Limit from policy MaxAS-Limit-30\nset groups BASE-BGP protocols bgp group <*-CUSTOMER> import Customer-IN\nset groups BASE-PREFIX-LISTS policy-options as-path 31as \".{31,}\""
} }
], ],
"exploit": [ "exploit": [
@ -228,10 +211,10 @@
{ {
"base64": false, "base64": false,
"type": "text/html", "type": "text/html",
"value": "<p>The following software releases have been updated to resolve this specific issue: </p><p>Junos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R2, 23.3R1, and all subsequent releases.</p><p>Junos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.</p>" "value": "<p>The following software releases have been updated to resolve this specific issue: </p><p>Junos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R1, and all subsequent releases.</p><p>Junos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.</p>"
} }
], ],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R2, 23.3R1, and all subsequent releases.\n\nJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.\n\n" "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R1, and all subsequent releases.\n\nJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"
} }
], ],
"impact": { "impact": {

56
2024/22xxx/CVE-2024-22889.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-22889",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-22889",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9",
"url": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9"
} }
] ]
} }

5
2024/24xxx/CVE-2024-24806.json
View File

@ -88,6 +88,11 @@
"url": "http://www.openwall.com/lists/oss-security/2024/02/11/1", "url": "http://www.openwall.com/lists/oss-security/2024/02/11/1",
"refsource": "MISC", "refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/02/11/1" "name": "http://www.openwall.com/lists/oss-security/2024/02/11/1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html"
} }
] ]
}, },

61
2024/25xxx/CVE-2024-25817.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-25817",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-25817",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-3qx3-6hxr-j2ch",
"url": "https://github.com/advisories/GHSA-3qx3-6hxr-j2ch"
},
{
"refsource": "MISC",
"name": "https://www.cubeyond.net/blog/my-cves/eza-cve-report",
"url": "https://www.cubeyond.net/blog/my-cves/eza-cve-report"
} }
] ]
} }

58
2024/27xxx/CVE-2024-27278.json
View File

@ -1,17 +1,67 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-27278", "ID": "CVE-2024-27278",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OpenPNE Plugin \"opTimelinePlugin\" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenPNE Project",
"product": {
"product_data": [
{
"product_name": "OpenPNE Plugin \"opTimelinePlugin\"",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.2.11 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "http://www.openpne.jp/archives/13458/",
"refsource": "MISC",
"name": "http://www.openpne.jp/archives/13458/"
},
{
"url": "https://jvn.jp/en/jp/JVN78084105/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN78084105/"
} }
] ]
} }