admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-09 04:00:35 +00:00
parent b366330554
commit 08250dfccb
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 401 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
2022/3xxx/CVE-2022-3857.json
View File

@ -1,66 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-3857", "ID": "CVE-2022-3857",
"ASSIGNER": "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC" "STATE": "REJECT"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "libpng",
"version": {
"version_data": [
{
"version_value": "Found in libpng 1.6.38"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://sourceforge.net/p/libpng/bugs/300/",
"url": "https://sourceforge.net/p/libpng/bugs/300/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230406-0004/",
"url": "https://security.netapp.com/advisory/ntap-20230406-0004/"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function." "value": "** REJECT ** Maintainer contacted. This is a false-positive. The flaw does not actually exist and was erroneously tested."
} }
] ]
} }

61
2024/25xxx/CVE-2024-25282.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-25282",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-25282",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "3DSecure 2.0 allows XSS in its 3DSMethod Authentication via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://pagosonline.redsys.es/funcionalidades-autenticacion3DS.html",
"url": "https://pagosonline.redsys.es/funcionalidades-autenticacion3DS.html"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2024/Sep/27",
"url": "https://seclists.org/fulldisclosure/2024/Sep/27"
} }
] ]
} }

61
2024/25xxx/CVE-2024-25283.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-25283",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-25283",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "3DSecure 2.0 allows reflected XSS in the 3DS Authorization Challenge via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://pagosonline.redsys.es/funcionalidades-autenticacion3DS.html",
"url": "https://pagosonline.redsys.es/funcionalidades-autenticacion3DS.html"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2024/Sep/28",
"url": "https://seclists.org/fulldisclosure/2024/Sep/28"
} }
] ]
} }

61
2024/25xxx/CVE-2024-25284.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-25284",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-25284",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "3DSecure 2.0 allows reflected XSS in the 3DS Authorization Method via the threeDsMethod.jsp threeDSMethodData parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://pagosonline.redsys.es/funcionalidades-autenticacion3DS.html",
"url": "https://pagosonline.redsys.es/funcionalidades-autenticacion3DS.html"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2024/Sep/29",
"url": "https://seclists.org/fulldisclosure/2024/Sep/29"
} }
] ]
} }

61
2024/25xxx/CVE-2024-25285.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-25285",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-25285",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "3DSecure 2.0 allows form action hijacking via threeDsMethod.jsp?threeDSMethodData= or the threeDSMethodNotificationURL parameter. The destination web site for a form submission can be modified."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://pagosonline.redsys.es/funcionalidades-autenticacion3DS.html",
"url": "https://pagosonline.redsys.es/funcionalidades-autenticacion3DS.html"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2024/Sep/30",
"url": "https://seclists.org/fulldisclosure/2024/Sep/30"
} }
] ]
} }

56
2024/25xxx/CVE-2024-25286.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-25286",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-25286",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "3DSecure 2.0 allows CSRF in the Authorization Method via modified Origin and Referer HTTP headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2024/Sep/31",
"url": "https://seclists.org/fulldisclosure/2024/Sep/31"
} }
] ]
} }

66
2024/35xxx/CVE-2024-35288.json
View File

@ -1,17 +1,71 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-35288",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-35288",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\\SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.gonitro.com/support/downloads#securityUpdates",
"refsource": "MISC",
"name": "https://www.gonitro.com/support/downloads#securityUpdates"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2024/Sep/59",
"url": "https://seclists.org/fulldisclosure/2024/Sep/59"
},
{
"refsource": "MISC",
"name": "https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-nitro-pdf-pro/",
"url": "https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-nitro-pdf-pro/"
} }
] ]
} }

56
2024/45xxx/CVE-2024-45179.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-45179",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-45179",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for example for generating new X.509 certificates, or setting the time zone. These OS command injection vulnerabilities in the script generatesslreq.pml can be exploited as a low-privileged authenticated user to execute commands in the context of the Linux user www-data via shell metacharacters in HTTP POST data (e.g., the city parameter). The OS command injection vulnerability in the script settimezone.pml or setdatetime.pml (e.g., via the year parameter) requires an administrative user for the C-MOR web interface. By also exploiting a privilege-escalation vulnerability, it is possible to execute commands on the C-MOR system with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-030.txt",
"refsource": "MISC",
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-030.txt"
} }
] ]
} }

18
2024/9xxx/CVE-2024-9676.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9676",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}