admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-18 09:00:37 +00:00
parent 7104114066
commit 0dfbeffb71
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 467 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2024/11xxx/CVE-2024-11318.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11318",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

7
2024/38xxx/CVE-2024-38472.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and\u00a0malicious requests or content \nUsers are recommended to upgrade to version 2.4.60 which fixes this issue.\u00a0 Note: Existing configurations that access UNC paths will have to configure new directive \"UNCList\" to allow access during request processing."
"value": "SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and\u00a0malicious requests or content \nUsers are recommended to upgrade to version 2.4.60 which fixes this issue.\u00a0 Note: Existing configurations that access UNC paths will have to configure new directive \"UNCList\" to allow access during request processing."
}
]
},
@ -59,11 +59,6 @@
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240712-0001/"
}
]
},

78
2024/41xxx/CVE-2024-41151.json
View File

@ -1,18 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41151",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of Untrusted Data vulnerability in Apache HertzBeat.\n\nThis vulnerability can only be exploited by authorized attackers.\n\n\nThis issue affects Apache HertzBeat: before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache HertzBeat",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/p33tg0vo5nh6kscth4262ktsqo3h5lqo",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/p33tg0vo5nh6kscth4262ktsqo3h5lqo"
},
{
"url": "https://lists.apache.org/thread/oor9nw6nh2ojnfw8d8oxrv40cbtk5mwj",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/oor9nw6nh2ojnfw8d8oxrv40cbtk5mwj"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Li Yi Wei"
},
{
"lang": "en",
"value": "Elin Kai"
}
]
}

86
2024/45xxx/CVE-2024-45505.json
View File

@ -1,18 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).\n\nThis vulnerability can only be exploited by authorized attackers.\nThis issue affects Apache HertzBeat (incubating): before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache HertzBeat",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/h8k14o1bfyod66p113pkgnt1s52p6p19",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/h8k14o1bfyod66p113pkgnt1s52p6p19"
},
{
"url": "https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Unam4"
},
{
"lang": "en",
"value": "Springkilll"
},
{
"lang": "en",
"value": "yemoli"
},
{
"lang": "en",
"value": "yulate"
}
]
}

74
2024/45xxx/CVE-2024-45791.json
View File

@ -1,18 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45791",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat.\n\nThis issue affects Apache HertzBeat: before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache HertzBeat",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/jmbsfjsvrfnvosh1ftrm3ry4j3sb7doz",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/jmbsfjsvrfnvosh1ftrm3ry4j3sb7doz"
},
{
"url": "https://lists.apache.org/thread/lvsczrp8kdynppmzyxtkh4ord4gpw1ph",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/lvsczrp8kdynppmzyxtkh4ord4gpw1ph"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "\u00cdcaro Torres"
}
]
}

93
2024/47xxx/CVE-2024-47208.json
View File

@ -1,18 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47208",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 18.12.17.\n\nUsers are recommended to upgrade to version 18.12.17, which fixes the issue."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache OFBiz",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "18.12.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://ofbiz.apache.org/download.html",
"refsource": "MISC",
"name": "https://ofbiz.apache.org/download.html"
},
{
"url": "https://ofbiz.apache.org/security.html",
"refsource": "MISC",
"name": "https://ofbiz.apache.org/security.html"
},
{
"url": "https://issues.apache.org/jira/browse/OFBIZ-13158",
"refsource": "MISC",
"name": "https://issues.apache.org/jira/browse/OFBIZ-13158"
},
{
"url": "https://lists.apache.org/thread/022r19skfofhv3lzql33vowlrvqndh11",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/022r19skfofhv3lzql33vowlrvqndh11"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "\u5b59\u76f8 (Sun Xiang)"
}
]
}

106
2024/48xxx/CVE-2024-48962.json
View File

@ -1,18 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48962",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 18.12.17.\n\nUsers are recommended to upgrade to version 18.12.17, which fixes the issue."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"cweId": "CWE-1336"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache OFBiz",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "18.12.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://ofbiz.apache.org/download.html",
"refsource": "MISC",
"name": "https://ofbiz.apache.org/download.html"
},
{
"url": "https://ofbiz.apache.org/security.html",
"refsource": "MISC",
"name": "https://ofbiz.apache.org/security.html"
},
{
"url": "https://issues.apache.org/jira/browse/OFBIZ-13162",
"refsource": "MISC",
"name": "https://issues.apache.org/jira/browse/OFBIZ-13162"
},
{
"url": "https://lists.apache.org/thread/6sddh4pts90cp8ktshqb4xykdp6lb6q6",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/6sddh4pts90cp8ktshqb4xykdp6lb6q6"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Sebastiano Sartor <s@sebsrt.xyz>"
},
{
"lang": "en",
"value": "Ryan <marimoo.eth@gmail.com>"
}
]
}

18
2024/52xxx/CVE-2024-52958.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52958",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/52xxx/CVE-2024-52959.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52959",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}