admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-29 16:00:36 +00:00
parent f5320a3d6c
commit 1656739560
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
14 changed files with 624 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2013/3xxx/CVE-2013-3498.json
View File

@ -57,11 +57,6 @@
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028529"
},
{
"name": "https://kb.juniper.net/KB27375",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/KB27375"
},
{
"name": "juniper-smartpass-cve20133498-xss(84110)",
"refsource": "XF",
@ -71,6 +66,11 @@
"name": "53359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53359"
},
{
"refsource": "CONFIRM",
"name": "https://supportportal.juniper.net/JSA10568",
"url": "https://supportportal.juniper.net/JSA10568"
}
]
}

5
2023/29xxx/CVE-2023-29055.json
View File

@ -59,6 +59,11 @@
"url": "https://lists.apache.org/thread/o1bvyv9wnfkx7dxpfjlor20nykgsoh6r",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/o1bvyv9wnfkx7dxpfjlor20nykgsoh6r"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/29/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/29/1"
}
]
},

53
2023/5xxx/CVE-2023-5981.json
View File

@ -137,6 +137,41 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.7.6-23.el9_3.3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.7.6-23.el9_3.3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"version": {
@ -183,19 +218,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -269,6 +291,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0451"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0533",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5981",
"refsource": "MISC",

75
2024/0xxx/CVE-2024-0567.json
View File

@ -60,6 +60,47 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.7.6-23.el9_3.3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.7.6-23.el9_3.3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -111,25 +152,6 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.11",
"version": {
@ -182,6 +204,11 @@
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0533",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0567",
"refsource": "MISC",
@ -197,15 +224,15 @@
"refsource": "MISC",
"name": "https://gitlab.com/gnutls/gnutls/-/issues/1521"
},
{
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html",
"refsource": "MISC",
"name": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"
},
{
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html",
"refsource": "MISC",
"name": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
}
]
},

103
2024/1xxx/CVE-2024-1006.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1006",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252275. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in Shanxi Diankeyun Technology NODERP bis 6.0.2 gefunden. Davon betroffen ist unbekannter Code der Datei application/index/common.php der Komponente Cookie Handler. Dank Manipulation des Arguments Nod_User_Id/Nod_User_Token mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Shanxi Diankeyun Technology",
"product": {
"product_data": [
{
"product_name": "NODERP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0.0"
},
{
"version_affected": "=",
"version_value": "6.0.1"
},
{
"version_affected": "=",
"version_value": "6.0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.252275",
"refsource": "MISC",
"name": "https://vuldb.com/?id.252275"
},
{
"url": "https://vuldb.com/?ctiid.252275",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.252275"
},
{
"url": "https://note.zhaoj.in/share/vWuVlU2eg79t",
"refsource": "MISC",
"name": "https://note.zhaoj.in/share/vWuVlU2eg79t"
}
]
},
"credits": [
{
"lang": "en",
"value": "glzjin (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

95
2024/1xxx/CVE-2024-1007.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1007",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_profile.php. The manipulation of the argument txtfullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252276."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in SourceCodester Employee Management System 1.0 ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei edit_profile.php. Mit der Manipulation des Arguments txtfullname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Employee Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.252276",
"refsource": "MISC",
"name": "https://vuldb.com/?id.252276"
},
{
"url": "https://vuldb.com/?ctiid.252276",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.252276"
},
{
"url": "https://www.youtube.com/watch?v=1yesMwvWcL4",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=1yesMwvWcL4"
}
]
},
"credits": [
{
"lang": "en",
"value": "matheuzsec (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

95
2024/1xxx/CVE-2024-1008.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1008",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Profile Page. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252277 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In SourceCodester Employee Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei edit-photo.php der Komponente Profile Page. Durch die Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Employee Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.252277",
"refsource": "MISC",
"name": "https://vuldb.com/?id.252277"
},
{
"url": "https://vuldb.com/?ctiid.252277",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.252277"
},
{
"url": "https://www.youtube.com/watch?v=z4gcLZCOcnc",
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=z4gcLZCOcnc"
}
]
},
"credits": [
{
"lang": "en",
"value": "matheuzsec (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.7,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
}
]
}

18
2024/1xxx/CVE-2024-1037.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1037",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/1xxx/CVE-2024-1038.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1038",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/1xxx/CVE-2024-1039.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1039",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/1xxx/CVE-2024-1040.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1040",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

19
2024/21xxx/CVE-2024-21612.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.2R3-S7-EVO;\n * 21.3 versions earlier than 21.3R3-S5-EVO ;\n * 21.4 versions earlier than 21.4R3-S5-EVO;\n * 22.1 versions earlier than 22.1R3-S4-EVO;\n * 22.2 versions earlier than 22.2R3-S3-EVO ;\n * 22.3 versions earlier than 22.3R3-EVO;\n * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n"
"value": "\n\n\n\n\nAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\n\n\n\n\n\nThis issue affects:\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.2R3-S7-EVO;\n * 21.3 versions earlier than 21.3R3-S5-EVO ;\n * 21.4 versions earlier than 21.4R3-S5-EVO;\n * 22.1 versions earlier than 22.1R3-S4-EVO;\n * 22.2 versions earlier than 22.2R3-S3-EVO ;\n * 22.3 versions earlier than 22.3R3-EVO;\n * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n"
}
]
},
@ -115,6 +115,19 @@
],
"discovery": "USER"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>To be affected by this issue, OFP needs to be enabled. Execute the following command to check if OFP is running and on which ports.</p><code>[ show system connections | match ofp | match LISTEN ]</code><br>\n\n<br>"
}
],
"value": "\nTo be affected by this issue, OFP needs to be enabled. Execute the following command to check if OFP is running and on which ports.\n\n[ show system connections | match ofp | match LISTEN ]\n\n\n\n"
}
],
"work_around": [
{
"lang": "en",
@ -122,10 +135,10 @@
{
"base64": false,
"type": "text/html",
"value": "<p>In order to prevent this issue, following firewall filter need to be added to filter out both the OFP port.</p><p> </p> <tt>[ firewall family inet filter mgmt-filter term discard_ofp from protocol tcp ]<br></tt><tt>[ firewall family inet filter mgmt-filter term discard_ofp from destination-port 61014 ]<br></tt><tt>[ firewall family inet filter mgmt-filter term discard_ofp from destination-port 61015 ]<br></tt><tt>[ firewall family inet filter mgmt-filter term discard_ofp then discard ]<br></tt><tt>[ firewall family inet filter mgmt-filter term 2 then accept ]<br><br></tt><tt>[ interfaces re0:mgmt-0 unit 0 family inet filter input mgmt-filter ]<br></tt><tt>[ interfaces re1:mgmt-0 unit 0 family inet filter input mgmt-filter ]</tt>"
"value": "\n\n<p>In order to prevent this issue, following firewall filter needs to be added for each OFP port.</p><tt>[ firewall family inet filter mgmt-filter term discard_ofp from protocol tcp ]<br>[ firewall family inet filter mgmt-filter term discard_ofp from destination-port &lt;ofp_port_1&gt; ]<br>[ firewall family inet filter mgmt-filter term discard_ofp from destination-port &lt;ofp_port_2&gt; ]<br>[ firewall family inet filter mgmt-filter term discard_ofp then discard ]<br>[ firewall family inet filter mgmt-filter term 2 then accept ]<br></tt><br><tt>[ interfaces re0:mgmt-0 unit 0 family inet filter input mgmt-filter ]<br>[ interfaces re1:mgmt-0 unit 0 family inet filter input mgmt-filter ]</tt><br>\n\n<tt></tt>"
}
],
"value": "In order to prevent this issue, following firewall filter need to be added to filter out both the OFP port.\n\n \n\n [ firewall family inet filter mgmt-filter term discard_ofp from protocol tcp ]\n[ firewall family inet filter mgmt-filter term discard_ofp from destination-port 61014 ]\n[ firewall family inet filter mgmt-filter term discard_ofp from destination-port 61015 ]\n[ firewall family inet filter mgmt-filter term discard_ofp then discard ]\n[ firewall family inet filter mgmt-filter term 2 then accept ]\n\n[ interfaces re0:mgmt-0 unit 0 family inet filter input mgmt-filter ]\n[ interfaces re1:mgmt-0 unit 0 family inet filter input mgmt-filter ]"
"value": "\nIn order to prevent this issue, following firewall filter needs to be added for each OFP port.\n\n[ firewall family inet filter mgmt-filter term discard_ofp from protocol tcp ]\n[ firewall family inet filter mgmt-filter term discard_ofp from destination-port <ofp_port_1> ]\n[ firewall family inet filter mgmt-filter term discard_ofp from destination-port <ofp_port_2> ]\n[ firewall family inet filter mgmt-filter term discard_ofp then discard ]\n[ firewall family inet filter mgmt-filter term 2 then accept ]\n\n[ interfaces re0:mgmt-0 unit 0 family inet filter input mgmt-filter ]\n[ interfaces re1:mgmt-0 unit 0 family inet filter input mgmt-filter ]\n\n\n"
}
],
"exploit": [

81
2024/23xxx/CVE-2024-23822.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23822",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as Path Traversal or Directory Traversal. Version 3.12 fixes the issue.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "sni",
"product": {
"product_data": [
{
"product_name": "Thruk",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/sni/Thruk/security/advisories/GHSA-4mrh-mx7x-rqjx",
"refsource": "MISC",
"name": "https://github.com/sni/Thruk/security/advisories/GHSA-4mrh-mx7x-rqjx"
},
{
"url": "https://github.com/sni/Thruk/commit/1aa9597cdf2722a69651124f68cbb449be12cc39",
"refsource": "MISC",
"name": "https://github.com/sni/Thruk/commit/1aa9597cdf2722a69651124f68cbb449be12cc39"
}
]
},
"source": {
"advisory": "GHSA-4mrh-mx7x-rqjx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

81
2024/23xxx/CVE-2024-23826.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23826",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is due to no limitation of the length of the filename and the costly use of the Unicode normalization with the form NFKD on Windows OS. This vulnerability was fixed in the 2024.01.29 release."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "spbu-se",
"product": {
"product_data": [
{
"product_name": "spbu_se_site",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2024.01.29"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/spbu-se/spbu_se_site/security/advisories/GHSA-5vfc-v7hg-pvwm",
"refsource": "MISC",
"name": "https://github.com/spbu-se/spbu_se_site/security/advisories/GHSA-5vfc-v7hg-pvwm"
},
{
"url": "https://github.com/spbu-se/spbu_se_site/commit/5ad623eb0405260763046343c5785bc588d8a57d",
"refsource": "MISC",
"name": "https://github.com/spbu-se/spbu_se_site/commit/5ad623eb0405260763046343c5785bc588d8a57d"
}
]
},
"source": {
"advisory": "GHSA-5vfc-v7hg-pvwm",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
]
}