mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
0fb7ba185c
commit
08c91cdefb
@ -71,6 +71,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9056d6489f5a41cfbb67f719d2c0ce61ead72d9f",
|
||||
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9056d6489f5a41cfbb67f719d2c0ce61ead72d9f"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -48,6 +48,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://lore.kernel.org/all/20221018203258.2793282-1-edumazet@google.com/",
|
||||
"url": "https://lore.kernel.org/all/20221018203258.2793282-1-edumazet@google.com/"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -58,6 +58,11 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20230511-0002/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20230511-0002/"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -68,6 +68,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -68,6 +68,11 @@
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-5492",
|
||||
"url": "https://www.debian.org/security/2023/dsa-5492"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -67,6 +67,11 @@
|
||||
"url": "https://security.netapp.com/advisory/ntap-20230915-0013/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20230915-0013/"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -70,6 +70,11 @@
|
||||
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -65,6 +65,11 @@
|
||||
"url": "https://xenbits.xenproject.org/xsa/advisory-441.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://xenbits.xenproject.org/xsa/advisory-441.html"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -103,6 +103,11 @@
|
||||
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -167,6 +167,11 @@
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226777",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2226777"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -172,6 +172,11 @@
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18408/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18408/"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -172,6 +172,11 @@
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18866/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18866/"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -172,6 +172,11 @@
|
||||
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -73,6 +73,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -89,6 +89,11 @@
|
||||
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -89,6 +89,11 @@
|
||||
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -84,6 +84,11 @@
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -235,6 +235,11 @@
|
||||
"url": "https://www.debian.org/security/2023/dsa-5492",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.debian.org/security/2023/dsa-5492"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -89,6 +89,11 @@
|
||||
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -96,6 +96,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html",
|
||||
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -373,6 +373,11 @@
|
||||
"url": "https://www.openwall.com/lists/oss-security/2023/09/22/10",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.openwall.com/lists/oss-security/2023/09/22/10"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -187,6 +187,11 @@
|
||||
"url": "https://seclists.org/oss-sec/2023/q4/14",
|
||||
"refsource": "MISC",
|
||||
"name": "https://seclists.org/oss-sec/2023/q4/14"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -177,6 +177,11 @@
|
||||
"url": "https://seclists.org/oss-sec/2023/q3/229",
|
||||
"refsource": "MISC",
|
||||
"name": "https://seclists.org/oss-sec/2023/q3/229"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -61,6 +61,11 @@
|
||||
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.3",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.3"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -66,6 +66,11 @@
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://security.netapp.com/advisory/ntap-20231110-0001/",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20231110-0001/"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -69,6 +69,11 @@
|
||||
"url": "https://www.debian.org/security/2023/dsa-5492",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.debian.org/security/2023/dsa-5492"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -69,6 +69,11 @@
|
||||
"url": "https://www.debian.org/security/2023/dsa-5492",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.debian.org/security/2023/dsa-5492"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -69,6 +69,11 @@
|
||||
"url": "https://www.debian.org/security/2023/dsa-5492",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.debian.org/security/2023/dsa-5492"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -69,6 +69,11 @@
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -79,6 +79,11 @@
|
||||
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -74,6 +74,11 @@
|
||||
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -69,6 +69,11 @@
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -61,6 +61,11 @@
|
||||
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -61,6 +61,11 @@
|
||||
"url": "https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -61,6 +61,11 @@
|
||||
"url": "https://github.com/torvalds/linux/commit/810c38a369a0a0ce625b5c12169abce1dd9ccd53",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/torvalds/linux/commit/810c38a369a0a0ce625b5c12169abce1dd9ccd53"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -64,6 +64,11 @@
|
||||
"url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06",
|
||||
"refsource": "MISC",
|
||||
"name": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -167,6 +167,11 @@
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -64,6 +64,11 @@
|
||||
"url": "https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b",
|
||||
"refsource": "MISC",
|
||||
"name": "https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -64,6 +64,11 @@
|
||||
"url": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1",
|
||||
"refsource": "MISC",
|
||||
"name": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -1,17 +1,105 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-0227",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "disclosure@synopsys.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "\nDevise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's (TOTP) inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks.\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
|
||||
"cweId": "CWE-307"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Synopsys",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "devise-two-factor",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"status": "unknown",
|
||||
"version": "0"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-chcr-x7hc-8fp8",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-chcr-x7hc-8fp8"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Christian Reitter (Radically Open Security)"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Chris MacNaughton (Centauri Solutions)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,104 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-0423",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250442 is the identifier assigned to this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "Eine problematische Schwachstelle wurde in CodeAstro Online Food Ordering System 1.0 ausgemacht. Dies betrifft einen unbekannten Teil der Datei dishes.php. Mittels dem Manipulieren des Arguments res_id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Cross Site Scripting",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "CodeAstro",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Online Food Ordering System",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.250442",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.250442"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.250442",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.250442"
|
||||
},
|
||||
{
|
||||
"url": "https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing",
|
||||
"refsource": "MISC",
|
||||
"name": "https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "ABHISHEK K.A (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 3.5,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 3.5,
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 4,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,104 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-0424",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250443."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "Es wurde eine Schwachstelle in CodeAstro Simple Banking System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei createuser.php der Komponente Create a User Page. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Cross Site Scripting",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "CodeAstro",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Simple Banking System",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.250443",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.250443"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.250443",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.250443"
|
||||
},
|
||||
{
|
||||
"url": "https://drive.google.com/file/d/1jr5YRrESDjcNmhpQRK5yHvvxNlYJp2oK/view?usp=sharing",
|
||||
"refsource": "MISC",
|
||||
"name": "https://drive.google.com/file/d/1jr5YRrESDjcNmhpQRK5yHvvxNlYJp2oK/view?usp=sharing"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "ABHISHEK K.A (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 3.5,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 3.5,
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 4,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,104 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-0425",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "In ForU CMS bis 2020-06-23 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /admin/index.php?act=reset_admin_psw. Durch das Manipulieren mit unbekannten Daten kann eine weak password recovery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-640 Weak Password Recovery",
|
||||
"cweId": "CWE-640"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "ForU",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "CMS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2020-06-23"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.250444",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.250444"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.250444",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.250444"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Mi2ac1e (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 5.3,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 5.3,
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 5,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
18
2024/0xxx/CVE-2024-0437.json
Normal file
18
2024/0xxx/CVE-2024-0437.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-0437",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/0xxx/CVE-2024-0438.json
Normal file
18
2024/0xxx/CVE-2024-0438.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-0438",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/0xxx/CVE-2024-0439.json
Normal file
18
2024/0xxx/CVE-2024-0439.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-0439",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,17 +1,90 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-22196",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Nginx-UI is an online statistics for Server Indicators\u200b\u200b Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `\"desc\"` and `\"id\"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9.\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
|
||||
"cweId": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "0xJacky",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "nginx-ui",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 2.0.0.beta.9"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-h374-mm57-879c",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 7,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,115 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-22198",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
|
||||
"cweId": "CWE-77"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "0xJacky",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "nginx-ui",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 2.0.0.beta.9"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/system/settings.go#L18",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/system/settings.go#L18"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/terminal/pty.go#L11",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/terminal/pty.go#L11"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/internal/pty/pipeline.go#L29",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/internal/pty/pipeline.go#L29"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/router/middleware.go#L45",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/router/middleware.go#L45"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/settings/server.go#L12",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/settings/server.go#L12"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-8r25-68wm-jw35",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 7.1,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user