admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-27 10:00:34 +00:00
parent 7e44d7ee51
commit 06f4a5ef4a
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
4 changed files with 366 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
2023/7xxx/CVE-2023-7270.json
View File

@ -1,18 +1,137 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-7270",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-research@sec-consult.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed.\n\n\n\n\n\nThe SoftMaker Office and FreeOffice MSI installer files were found to\n produce a visible conhost.exe window running as the SYSTEM user when \nusing the repair function of msiexec.exe.\u00a0This allows a local, \nlow-privileged attacker to use a chain of actions, to open a fully \nfunctional cmd.exe with the privileges of the SYSTEM user."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SoftMaker Software GmbH",
"product": {
"product_data": [
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "2024 / NX, revision 1214"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "FreeOffice",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "2024, revision 1215"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "2021 revision 1068"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://r.sec-consult.com/softmaker",
"refsource": "MISC",
"name": "https://r.sec-consult.com/softmaker"
},
{
"url": "https://softmaker.de/download/servicepacks",
"refsource": "MISC",
"name": "https://softmaker.de/download/servicepacks"
},
{
"url": "https://www.freeoffice.com/de/download/servicepacks",
"refsource": "MISC",
"name": "https://www.freeoffice.com/de/download/servicepacks"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>The vendor provides a service pack version 1214 for SoftMaker Office 2024 and SofMaker Office NX, which can be downloaded from:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://softmaker.de/download/servicepacks\">https://softmaker.de/download/servicepacks</a></p><p>FreeOffice 2024 revision 1215:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.freeoffice.com/de/download/servicepacks\">https://www.freeoffice.com/de/download/servicepacks</a></p><p>FreeOffice 2021 is unsupported and will not be fixed according to the vendor.</p><br>"
}
],
"value": "The vendor provides a service pack version 1214 for SoftMaker Office 2024 and SofMaker Office NX, which can be downloaded from:\n https://softmaker.de/download/servicepacks \n\nFreeOffice 2024 revision 1215:\n https://www.freeoffice.com/de/download/servicepacks \n\nFreeOffice 2021 is unsupported and will not be fixed according to the vendor."
}
],
"credits": [
{
"lang": "en",
"value": "Michael Baer | SEC Consult Vulnerability Lab"
}
]
}

89
2024/0xxx/CVE-2024-0947.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0947",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb: before v17.0.68."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
"cweId": "CWE-565"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Talya Informatics",
"product": {
"product_data": [
{
"product_name": "Elektraweb",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v17.0.68"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0808",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-24-0808"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TR-24-0808",
"defect": [
"TR-24-0808"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

143
2024/0xxx/CVE-2024-0949.json
View File

@ -1,17 +1,152 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0949",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control",
"cweId": "CWE-284"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication",
"cweId": "CWE-306"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-1390 Weak Authentication",
"cweId": "CWE-1390"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"cweId": "CWE-923"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Talya Informatics",
"product": {
"product_data": [
{
"product_name": "Elektraweb",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v17.0.68"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0808",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-24-0808"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TR-24-0808",
"defect": [
"TR-24-0808"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

18
2024/6xxx/CVE-2024-6385.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6385",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}