admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-28 09:00:34 +00:00
parent 48b20eec0d
commit 0fbc6b8bc6
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
22 changed files with 205 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2023/0xxx/CVE-2023-0213.json
View File

@ -56,9 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0213/",
"url": "https://product.m-files.com/security-advisories/cve-2023-0213/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0213/"
"name": "https://product.m-files.com/security-advisories/cve-2023-0213/"
}
]
},

12
2023/0xxx/CVE-2023-0382.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption."
"value": "User-controlled operations could have allowed Denial of Service in M-Files Server\u00a0before 23.4.12528.1\n\n due to uncontrolled memory consumption."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
"value": "CWE-770 Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
@ -56,9 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0382/",
"url": "https://product.m-files.com/security-advisories/cve-2023-0382/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0382/"
"name": "https://product.m-files.com/security-advisories/cve-2023-0382/"
}
]
},
@ -78,7 +78,7 @@
"value": "Update to patched version.<br>"
}
],
"value": "Update to patched version.\n"
"value": "Update to patched version."
}
],
"impact": {

14
2023/0xxx/CVE-2023-0383.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nUser-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1\n\n due to uncontrolled memory consumption.\n\n\n\n"
"value": "User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1\n\n due to uncontrolled memory consumption."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
"value": "CWE-770 Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
@ -56,9 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0383/",
"url": "https://product.m-files.com/security-advisories/cve-2023-0383/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0383/"
"name": "https://product.m-files.com/security-advisories/cve-2023-0383/"
}
]
},
@ -75,10 +75,10 @@
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate to patched version.<br>\n\n<br>"
"value": "Update to patched version.<br>\n\n<br>"
}
],
"value": "\nUpdate to patched version.\n\n\n\n"
"value": "Update to patched version."
}
],
"impact": {

10
2023/0xxx/CVE-2023-0384.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nUser-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1\n\n due to uncontrolled memory consumption for a scheduled job.\n\n\n\n"
"value": "User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1\n\n due to uncontrolled memory consumption for a scheduled job."
}
]
},
@ -56,9 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0384/",
"url": "https://product.m-files.com/security-advisories/cve-2023-0384/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0384/"
"name": "https://product.m-files.com/security-advisories/cve-2023-0384/"
}
]
},
@ -75,10 +75,10 @@
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate to patched version.<br>\n\n<br>"
"value": "Update to patched version.<br>\n\n<br>"
}
],
"value": "\nUpdate to patched version.\n\n\n\n"
"value": "Update to patched version."
}
],
"impact": {

8
2023/2xxx/CVE-2023-2112.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.\u00a0"
"value": "Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0."
}
]
},
@ -56,9 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2112/",
"url": "https://product.m-files.com/security-advisories/cve-2023-2112/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2112/"
"name": "https://product.m-files.com/security-advisories/cve-2023-2112/"
}
]
},
@ -78,7 +78,7 @@
"value": "Update to the patched version.&nbsp;"
}
],
"value": "Update to the patched version.\u00a0"
"value": "Update to the patched version."
}
],
"impact": {

19
2023/2xxx/CVE-2023-2325.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Stored XSS Vulnerability in M-Files Classic Web versions before 23.10\u00a0and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.\n\n"
"value": "Stored XSS Vulnerability in M-Files Classic Web versions before 23.10\u00a0and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document."
}
]
},
@ -73,9 +73,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2325/",
"url": "https://product.m-files.com/security-advisories/cve-2023-2325/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2325/"
"name": "https://product.m-files.com/security-advisories/cve-2023-2325/"
}
]
},
@ -88,19 +88,6 @@
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "None"
}
],
"value": "None"
}
],
"solution": [
{
"lang": "en",

4
2023/2xxx/CVE-2023-2480.json
View File

@ -69,9 +69,9 @@
"references": {
"reference_data": [
{
"url": "https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2480/",
"url": "https://product.m-files.com/security-advisories/cve-2023-2480/",
"refsource": "MISC",
"name": "https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2480/"
"name": "https://product.m-files.com/security-advisories/cve-2023-2480/"
}
]
},

4
2023/3xxx/CVE-2023-3405.json
View File

@ -69,9 +69,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405",
"url": "https://product.m-files.com/security-advisories/cve-2023-3405/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405"
"name": "https://product.m-files.com/security-advisories/cve-2023-3405/"
}
]
},

4
2023/3xxx/CVE-2023-3406.json
View File

@ -69,9 +69,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3406",
"url": "https://product.m-files.com/security-advisories/cve-2023-3406/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3406"
"name": "https://product.m-files.com/security-advisories/cve-2023-3406/"
}
]
},

8
2023/3xxx/CVE-2023-3425.json
View File

@ -69,9 +69,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3425",
"url": "https://product.m-files.com/security-advisories/cve-2023-3425/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3425"
"name": "https://product.m-files.com/security-advisories/cve-2023-3425/"
}
]
},
@ -91,7 +91,7 @@
"value": "None publicly available<br>"
}
],
"value": "None publicly available\n"
"value": "None publicly available"
}
],
"solution": [
@ -104,7 +104,7 @@
"value": "Update to M-Files release versions 23.8 or newer, or update to LTS versions 23.2 SR3 or newer<br>"
}
],
"value": "Update to M-Files release versions 23.8 or newer, or update to LTS versions 23.2 SR3 or newer\n"
"value": "Update to M-Files release versions 23.8 or newer, or update to LTS versions 23.2 SR3 or newer"
}
],
"impact": {

4
2023/4xxx/CVE-2023-4479.json
View File

@ -56,9 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-4479/",
"url": "https://product.m-files.com/security-advisories/cve-2023-4479/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-4479/"
"name": "https://product.m-files.com/security-advisories/cve-2023-4479/"
}
]
},

6
2023/5xxx/CVE-2023-5523.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows \n\nRemote Code Execution\u00a0\n\n"
"value": "Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows \n\nRemote Code Execution"
}
]
},
@ -69,9 +69,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5523/",
"url": "https://product.m-files.com/security-advisories/cve-2023-5523/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5523/"
"name": "https://product.m-files.com/security-advisories/cve-2023-5523/"
}
]
},

6
2023/5xxx/CVE-2023-5524.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows \n\nRemote Code Execution\n\n via specific file types\n\n"
"value": "Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows \n\nRemote Code Execution\n\n via specific file types"
}
]
},
@ -69,9 +69,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5524/",
"url": "https://product.m-files.com/security-advisories/cve-2023-5524/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5524/"
"name": "https://product.m-files.com/security-advisories/cve-2023-5524/"
}
]
},

8
2023/6xxx/CVE-2023-6117.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
"value": "CWE-770 Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
@ -56,9 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6117/",
"url": "https://product.m-files.com/security-advisories/cve-2023-6117/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6117/"
"name": "https://product.m-files.com/security-advisories/cve-2023-6117/"
}
]
},

10
2023/6xxx/CVE-2023-6189.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nMissing access permissions checks\n\n in\u00a0the M-Files server\u00a0before 23.11.13156.0 allow attackers to perform data write and export\n\njobs using the\u00a0M-Files API methods."
"value": "Missing access permissions checks\n\n in\u00a0the M-Files server\u00a0before 23.11.13156.0 allow attackers to perform data write and export\n\njobs using the\u00a0M-Files API methods."
}
]
},
@ -56,9 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6189/",
"url": "https://product.m-files.com/security-advisories/cve-2023-6189/",
"refsource": "MISC",
"name": "https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6189/"
"name": "https://product.m-files.com/security-advisories/cve-2023-6189/"
}
]
},
@ -75,10 +75,10 @@
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate to the patched version.\n\n<br>"
"value": "Update to the patched version.\n\n<br>"
}
],
"value": "\nUpdate to the patched version.\n\n\n"
"value": "Update to the patched version."
}
],
"impact": {

6
2023/6xxx/CVE-2023-6239.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.\n"
"value": "Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object."
}
]
},
@ -64,9 +64,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6239/",
"url": "https://product.m-files.com/security-advisories/cve-2023-6239/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6239/"
"name": "https://product.m-files.com/security-advisories/cve-2023-6239/"
}
]
},

12
2023/6xxx/CVE-2023-6910.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
"value": "CWE-770 Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
@ -73,9 +73,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6910",
"url": "https://product.m-files.com/security-advisories/cve-2023-6910/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6910"
"name": "https://product.m-files.com/security-advisories/cve-2023-6910/"
}
]
},
@ -92,10 +92,10 @@
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate to patched version.<br>"
"value": "Update to patched version.<br>"
}
],
"value": "\nUpdate to patched version.\n"
"value": "Update to patched version."
}
],
"impact": {

8
2023/6xxx/CVE-2023-6912.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.\n"
"value": "Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords."
}
]
},
@ -73,9 +73,9 @@
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6912/",
"url": "https://product.m-files.com/security-advisories/cve-2023-6912/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6912/"
"name": "https://product.m-files.com/security-advisories/cve-2023-6912/"
}
]
},
@ -95,7 +95,7 @@
"value": "Update to patched version.<br>"
}
],
"value": "Update to patched version.\n"
"value": "Update to patched version."
}
],
"impact": {

36
2024/4xxx/CVE-2024-4606.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.2.\n\n"
"value": "Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.3."
}
]
},
@ -40,9 +40,24 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.6.2"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "2.0.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -68,6 +83,19 @@
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;2.0.4 or a higher version."
}
],
"value": "Update to\u00a02.0.4 or a higher version."
}
],
"credits": [
{
"lang": "en",

91
2024/5xxx/CVE-2024-5546.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5546",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@manageengine.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zohocorp\u00a0ManageEngine Password Manager Pro versions before 12431 and\u00a0ManageEngine PAM360 versions\u00a0before 7001 are affected by\u00a0authenticated SQL Injection vulnerability via a global search option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ManageEngine",
"product": {
"product_data": [
{
"product_name": "Password Manager Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "12431"
}
]
}
},
{
"product_name": "PAM360",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "7001"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2024-5546.html",
"refsource": "MISC",
"name": "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2024-5546.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
]
}

2
2024/7xxx/CVE-2024-7608.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An authenticated user can download sensitive files from Trellix products NX, EX, FX, AX, IVX, and CMS using path traversal for the URL of network anomaly download_artifact."
"value": "An authenticated user can download sensitive files from NX, EX, FX, AX, IVX, and CMS using path traversal for the URL of network anomaly download_artifact."
}
]
},

18
2024/8xxx/CVE-2024-8258.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8258",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}