mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-06 18:53:08 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
36c8641970
commit
1fbe6dc24d
@ -1,18 +1,124 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-47109",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: allow NUD_NOARP entries to be forced GCed\n\nIFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to\nfill up the neighbour table with enough entries that it will overflow for\nvalid connections after that.\n\nThis behaviour is more prevalent after commit 58956317c8de (\"neighbor:\nImprove garbage collection\") is applied, as it prevents removal from\nentries that are not NUD_FAILED, unless they are more than 5s old."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "58956317c8de",
|
||||
"version_value": "d99029e6aab6"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "5.0",
|
||||
"status": "affected"
|
||||
},
|
||||
{
|
||||
"version": "0",
|
||||
"lessThan": "5.0",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.4.125",
|
||||
"lessThanOrEqual": "5.4.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.10.43",
|
||||
"lessThanOrEqual": "5.10.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.12.10",
|
||||
"lessThanOrEqual": "5.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.13",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,114 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-47110",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kvm: Disable kvmclock on all CPUs on shutdown\n\nCurrenly, we disable kvmclock from machine_shutdown() hook and this\nonly happens for boot CPU. We need to disable it for all CPUs to\nguard against memory corruption e.g. on restore from hibernate.\n\nNote, writing '0' to kvmclock MSR doesn't clear memory location, it\njust prevents hypervisor from updating the location so for the short\nwhile after write and while CPU is still alive, the clock remains usable\nand correct so we don't need to switch to some other clocksource."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1da177e4c3f4",
|
||||
"version_value": "9084fe1b3572"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "5.4.125",
|
||||
"lessThanOrEqual": "5.4.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.10.43",
|
||||
"lessThanOrEqual": "5.10.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.12.10",
|
||||
"lessThanOrEqual": "5.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.13",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/9084fe1b3572664ad276f427dce575f580c9799a",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/9084fe1b3572664ad276f427dce575f580c9799a"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/3b0becf8b1ecf642a9edaf4c9628ffc641e490d6",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/3b0becf8b1ecf642a9edaf4c9628ffc641e490d6"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/1df2dc09926f61319116c80ee85701df33577d70",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/1df2dc09926f61319116c80ee85701df33577d70"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/c02027b5742b5aa804ef08a4a9db433295533046",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/c02027b5742b5aa804ef08a4a9db433295533046"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,113 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-47111",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netback: take a reference to the RX task thread\n\nDo this in order to prevent the task from being freed if the thread\nreturns (which can be triggered by the frontend) before the call to\nkthread_stop done as part of the backend tear down. Not taking the\nreference will lead to a use-after-free in that scenario. Such\nreference was taken before but dropped as part of the rework done in\n2ac061ce97f4.\n\nReintroduce the reference taking and add a comment this time\nexplaining why it's needed.\n\nThis is XSA-374 / CVE-2021-28691."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "2ac061ce97f4",
|
||||
"version_value": "6b53db8c4c14"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "5.5",
|
||||
"status": "affected"
|
||||
},
|
||||
{
|
||||
"version": "0",
|
||||
"lessThan": "5.5",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.10.43",
|
||||
"lessThanOrEqual": "5.10.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.12.10",
|
||||
"lessThanOrEqual": "5.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.13",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/6b53db8c4c14b4e7256f058d202908b54a7b85b4",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/6b53db8c4c14b4e7256f058d202908b54a7b85b4"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/caec9bcaeb1a5f03f2d406305355c853af10c13e",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/caec9bcaeb1a5f03f2d406305355c853af10c13e"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/107866a8eb0b664675a260f1ba0655010fac1e08",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/107866a8eb0b664675a260f1ba0655010fac1e08"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,114 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-47112",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kvm: Teardown PV features on boot CPU as well\n\nVarious PV features (Async PF, PV EOI, steal time) work through memory\nshared with hypervisor and when we restore from hibernation we must\nproperly teardown all these features to make sure hypervisor doesn't\nwrite to stale locations after we jump to the previously hibernated kernel\n(which can try to place anything there). For secondary CPUs the job is\nalready done by kvm_cpu_down_prepare(), register syscore ops to do\nthe same for boot CPU."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1da177e4c3f4",
|
||||
"version_value": "7620a669111b"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "5.4.125",
|
||||
"lessThanOrEqual": "5.4.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.10.43",
|
||||
"lessThanOrEqual": "5.10.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.12.10",
|
||||
"lessThanOrEqual": "5.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.13",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/7620a669111b52f224d006dea9e1e688e2d62c54",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/7620a669111b52f224d006dea9e1e688e2d62c54"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/38b858da1c58ad46519a257764e059e663b59ff2",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/38b858da1c58ad46519a257764e059e663b59ff2"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/d1629b5b925de9b27979e929dae7fcb766daf6b6",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/d1629b5b925de9b27979e929dae7fcb766daf6b6"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/8b79feffeca28c5459458fe78676b081e87c93a4",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/8b79feffeca28c5459458fe78676b081e87c93a4"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,103 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-47113",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: abort in rename_exchange if we fail to insert the second ref\n\nError injection stress uncovered a problem where we'd leave a dangling\ninode ref if we failed during a rename_exchange. This happens because\nwe insert the inode ref for one side of the rename, and then for the\nother side. If this second inode ref insert fails we'll leave the first\none dangling and leave a corrupt file system behind. Fix this by\naborting if we did the insert for the first inode ref."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1da177e4c3f4",
|
||||
"version_value": "0df50d47d174"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "5.10.43",
|
||||
"lessThanOrEqual": "5.10.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.12.10",
|
||||
"lessThanOrEqual": "5.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.13",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/0df50d47d17401f9f140dfbe752a65e5d72f9932",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/0df50d47d17401f9f140dfbe752a65e5d72f9932"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/ff8de2cec65a8c8521faade12a31b39c80e49f5b",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/ff8de2cec65a8c8521faade12a31b39c80e49f5b"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/dc09ef3562726cd520c8338c1640872a60187af5",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/dc09ef3562726cd520c8338c1640872a60187af5"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,158 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-47114",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix data corruption by fallocate\n\nWhen fallocate punches holes out of inode size, if original isize is in\nthe middle of last cluster, then the part from isize to the end of the\ncluster will be zeroed with buffer write, at that time isize is not yet\nupdated to match the new size, if writeback is kicked in, it will invoke\nocfs2_writepage()->block_write_full_page() where the pages out of inode\nsize will be dropped. That will cause file corruption. Fix this by\nzero out eof blocks when extending the inode size.\n\nRunning the following command with qemu-image 4.2.1 can get a corrupted\ncoverted image file easily.\n\n qemu-img convert -p -t none -T none -f qcow2 $qcow_image \\\n -O qcow2 -o compat=1.1 $qcow_image.conv\n\nThe usage of fallocate in qemu is like this, it first punches holes out\nof inode size, then extend the inode size.\n\n fallocate(11, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 2276196352, 65536) = 0\n fallocate(11, 0, 2276196352, 65536) = 0\n\nv1: https://www.spinics.net/lists/linux-fsdevel/msg193999.html\nv2: https://lore.kernel.org/linux-fsdevel/20210525093034.GB4112@quack2.suse.cz/T/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1da177e4c3f4",
|
||||
"version_value": "624fa7baa378"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "4.4.272",
|
||||
"lessThanOrEqual": "4.4.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "4.9.272",
|
||||
"lessThanOrEqual": "4.9.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "4.14.236",
|
||||
"lessThanOrEqual": "4.14.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "4.19.194",
|
||||
"lessThanOrEqual": "4.19.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.4.125",
|
||||
"lessThanOrEqual": "5.4.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.10.43",
|
||||
"lessThanOrEqual": "5.10.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.12.10",
|
||||
"lessThanOrEqual": "5.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.13",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/624fa7baa3788dc9e57840ba5b94bc22b03cda57",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/624fa7baa3788dc9e57840ba5b94bc22b03cda57"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/33e03adafb29eedae1bae9cdb50c1385279fcf65",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/33e03adafb29eedae1bae9cdb50c1385279fcf65"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/a1700479524bb9cb5e8ae720236a6fabd003acae",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/a1700479524bb9cb5e8ae720236a6fabd003acae"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/cec4e857ffaa8c447f51cd8ab4e72350077b6770",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/cec4e857ffaa8c447f51cd8ab4e72350077b6770"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/cc2edb99ea606a45182b5ea38cc8f4e583aa0774",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/cc2edb99ea606a45182b5ea38cc8f4e583aa0774"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/c8d5faee46242c3f33b8a71a4d7d52214785bfcc",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/c8d5faee46242c3f33b8a71a4d7d52214785bfcc"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/0a31dd6fd2f4e7db538fb6eb1f06973d81f8dd3b",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/0a31dd6fd2f4e7db538fb6eb1f06973d81f8dd3b"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/6bba4471f0cc1296fe3c2089b9e52442d3074b2e",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/6bba4471f0cc1296fe3c2089b9e52442d3074b2e"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,168 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-47115",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect\n\nIt's possible to trigger NULL pointer dereference by local unprivileged\nuser, when calling getsockname() after failed bind() (e.g. the bind\nfails because LLCP_SAP_MAX used as SAP):\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n CPU: 1 PID: 426 Comm: llcp_sock_getna Not tainted 5.13.0-rc2-next-20210521+ #9\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1 04/01/2014\n Call Trace:\n llcp_sock_getname+0xb1/0xe0\n __sys_getpeername+0x95/0xc0\n ? lockdep_hardirqs_on_prepare+0xd5/0x180\n ? syscall_enter_from_user_mode+0x1c/0x40\n __x64_sys_getpeername+0x11/0x20\n do_syscall_64+0x36/0x70\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThis can be reproduced with Syzkaller C repro (bind followed by\ngetpeername):\nhttps://syzkaller.appspot.com/x/repro.c?x=14def446e00000"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "d646960f7986",
|
||||
"version_value": "eb6875d48590"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "3.3",
|
||||
"status": "affected"
|
||||
},
|
||||
{
|
||||
"version": "0",
|
||||
"lessThan": "3.3",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "4.4.272",
|
||||
"lessThanOrEqual": "4.4.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "4.9.272",
|
||||
"lessThanOrEqual": "4.9.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "4.14.236",
|
||||
"lessThanOrEqual": "4.14.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "4.19.194",
|
||||
"lessThanOrEqual": "4.19.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.4.125",
|
||||
"lessThanOrEqual": "5.4.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.10.43",
|
||||
"lessThanOrEqual": "5.10.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.12.10",
|
||||
"lessThanOrEqual": "5.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.13",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/eb6875d48590d8e564092e831ff07fa384d7e477",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/eb6875d48590d8e564092e831ff07fa384d7e477"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/39c15bd2e5d11bcf7f4c3dba2aad9e1e110a5d94",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/39c15bd2e5d11bcf7f4c3dba2aad9e1e110a5d94"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/ffff05b9ee5c74c04bba2801c1f99b31975d74d9",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/ffff05b9ee5c74c04bba2801c1f99b31975d74d9"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/48ee0db61c8299022ec88c79ad137f290196cac2",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/48ee0db61c8299022ec88c79ad137f290196cac2"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/0c4559736d9a4ec1ca58ba98ca34e7c4da4c422b",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/0c4559736d9a4ec1ca58ba98ca34e7c4da4c422b"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/4ac06a1e013cf5fdd963317ffd3b968560f33bba",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/4ac06a1e013cf5fdd963317ffd3b968560f33bba"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,103 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-47116",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@kernel.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leak in ext4_mb_init_backend on error path.\n\nFix a memory leak discovered by syzbot when a file system is corrupted\nwith an illegally large s_log_groups_per_flex."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Linux",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1da177e4c3f4",
|
||||
"version_value": "2050c6e5b161"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "5.10.43",
|
||||
"lessThanOrEqual": "5.10.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.12.10",
|
||||
"lessThanOrEqual": "5.12.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "5.13",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/2050c6e5b161e5e25ce3c420fef58b24fa388a49",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/2050c6e5b161e5e25ce3c420fef58b24fa388a49"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/04fb2baa0b147f51db065a1b13a11954abe592d0",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/04fb2baa0b147f51db065a1b13a11954abe592d0"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/a8867f4e3809050571c98de7a2d465aff5e4daf5",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/a8867f4e3809050571c98de7a2d465aff5e4daf5"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
}
|
||||
}
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-42286",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2023-42286",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/Nacl122/CVEReport/blob/main/CVE-2023-42286/CVE-2023-42286.md",
|
||||
"url": "https://github.com/Nacl122/CVEReport/blob/main/CVE-2023-42286/CVE-2023-42286.md"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -82,7 +82,7 @@
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "6.8-rc2",
|
||||
"version": "6.8",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
|
||||
@ -85,7 +85,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat OpenStack Platform 17.1",
|
||||
"product_name": "Red Hat OpenStack Platform 17.1 for RHEL 8",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -101,7 +101,14 @@
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
},
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
@ -115,7 +122,14 @@
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
},
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Red Hat OpenStack Platform 17.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
|
||||
@ -68,6 +68,16 @@
|
||||
"url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K52QRRYBHLP73RAS3CGOPBWYT7EZVP6O/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K52QRRYBHLP73RAS3CGOPBWYT7EZVP6O/"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O/"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,17 +1,88 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-1795",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@wordfence.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The HUSKY \u2013 Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL Injection via the 'name' parameter in the woof shortcode in all versions up to, and including, 1.3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "realmag777",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "HUSKY \u2013 Products Filter Professional for WooCommerce",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "*",
|
||||
"version_value": "1.3.5.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fff8dfbc-fd59-47db-85bb-de2a7c6a9a5f?source=cve",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fff8dfbc-fd59-47db-85bb-de2a7c6a9a5f?source=cve"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051027%40woocommerce-products-filter&new=3051027%40woocommerce-products-filter&sfp_email=&sfph_mail=",
|
||||
"refsource": "MISC",
|
||||
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051027%40woocommerce-products-filter&new=3051027%40woocommerce-products-filter&sfp_email=&sfph_mail="
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Krzysztof Zaj\u0105c"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Bassem Essam"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,84 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-1796",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@wordfence.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The HUSKY \u2013 Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'woof' shortcode in all versions up to, and including, 1.3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'swoof_slug'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "realmag777",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "HUSKY \u2013 Products Filter Professional for WooCommerce",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "*",
|
||||
"version_value": "1.3.5.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/748bc714-25ba-404e-ac3d-e588fd95b2f9?source=cve",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/748bc714-25ba-404e-ac3d-e588fd95b2f9?source=cve"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045600%40woocommerce-products-filter&new=3045600%40woocommerce-products-filter&sfp_email=&sfph_mail=",
|
||||
"refsource": "MISC",
|
||||
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045600%40woocommerce-products-filter&new=3045600%40woocommerce-products-filter&sfp_email=&sfph_mail="
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Bassem Essam"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
|
||||
"baseScore": 6.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,92 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-1853",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "help@fluidattacks.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers.\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-283: Unverified Ownership",
|
||||
"cweId": "CWE-283"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Zemena",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "AntiLogger",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.74.204.664"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://fluidattacks.com/advisories/ellington/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://fluidattacks.com/advisories/ellington/"
|
||||
},
|
||||
{
|
||||
"url": "https://zemana.com/us/antilogger.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://zemana.com/us/antilogger.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -41,7 +41,7 @@
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "9.0",
|
||||
"version_value": "9.1.27"
|
||||
"version_value": "9.1.26"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
18
2024/21xxx/CVE-2024-21784.json
Normal file
18
2024/21xxx/CVE-2024-21784.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-21784",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/22xxx/CVE-2024-22184.json
Normal file
18
2024/22xxx/CVE-2024-22184.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-22184",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/23xxx/CVE-2024-23489.json
Normal file
18
2024/23xxx/CVE-2024-23489.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-23489",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/24xxx/CVE-2024-24977.json
Normal file
18
2024/24xxx/CVE-2024-24977.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-24977",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-25227",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2024-25227",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://thetrueartist.wixsite.com/cveblog/post/understanding-the-potential-impact-of-cve-2024-25227-what-you-need-to-know-and-how-it-was-discovered",
|
||||
"url": "https://thetrueartist.wixsite.com/cveblog/post/understanding-the-potential-impact-of-cve-2024-25227-what-you-need-to-know-and-how-it-was-discovered"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,73 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-26163",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Security Feature Bypass"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Microsoft",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Microsoft Edge (Chromium-based)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1.0.0",
|
||||
"version_value": "122.0.2365.92"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26163",
|
||||
"refsource": "MISC",
|
||||
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26163"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseSeverity": "MEDIUM",
|
||||
"baseScore": 4.7,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -41,7 +41,7 @@
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1.0.0",
|
||||
"version_value": "1.XX.X"
|
||||
"version_value": "1.87.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -39,8 +39,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "N/A"
|
||||
"version_affected": "<",
|
||||
"version_name": "1.0.0",
|
||||
"version_value": "122.0.2365.92"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -41,7 +41,7 @@
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1.0.0",
|
||||
"version_value": "2402"
|
||||
"version_value": "1.2402.12"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,73 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-26246",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Security Feature Bypass"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Microsoft",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Microsoft Edge for Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "1.0.0",
|
||||
"version_value": "122.0.2365.92"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26246",
|
||||
"refsource": "MISC",
|
||||
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26246"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseSeverity": "LOW",
|
||||
"baseScore": 3.9,
|
||||
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-26475",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2024-26475",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/TronciuVlad/CVE-2024-26475",
|
||||
"url": "https://github.com/TronciuVlad/CVE-2024-26475"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -55,40 +55,18 @@
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "bb7403655b3c",
|
||||
"version_value": "e622502c310f"
|
||||
"version_name": "6.1.75",
|
||||
"version_value": "6.1.77"
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "6.1.77",
|
||||
"lessThanOrEqual": "6.1.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "6.6.16",
|
||||
"lessThanOrEqual": "6.6.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "6.7.4",
|
||||
"lessThanOrEqual": "6.7.*",
|
||||
"status": "unaffected",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "6.8-rc3",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
"version_affected": "<",
|
||||
"version_name": "6.6.14",
|
||||
"version_value": "6.6.16"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "6.7.2",
|
||||
"version_value": "6.7.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -115,15 +93,10 @@
|
||||
"url": "https://git.kernel.org/stable/c/2e8c9ae40adda2be1ba41c05fd3cd1e61cce3207",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/2e8c9ae40adda2be1ba41c05fd3cd1e61cce3207"
|
||||
},
|
||||
{
|
||||
"url": "https://git.kernel.org/stable/c/e622502c310f1069fd9f41cd38210553115f610a",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/e622502c310f1069fd9f41cd38210553115f610a"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-8df59b4913de"
|
||||
}
|
||||
}
|
||||
@ -76,7 +76,7 @@
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"version": "6.8-rc2",
|
||||
"version": "6.8",
|
||||
"lessThanOrEqual": "*",
|
||||
"status": "unaffected",
|
||||
"versionType": "original_commit_for_fix"
|
||||
|
||||
@ -40,7 +40,7 @@
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "Android kernel"
|
||||
"version_value": "13"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -40,7 +40,7 @@
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "Android kernel"
|
||||
"version_value": "13"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In tmu_config_gov_params of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
"value": "In tmu_config_gov_params of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -40,7 +40,7 @@
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "Android kernel"
|
||||
"version_value": "13"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Android kernel allows Remote code execution."
|
||||
"value": "A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -40,7 +40,7 @@
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "Android kernel"
|
||||
"version_value": "13"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In TBD of TBD, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
"value": "there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -40,7 +40,7 @@
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "Android kernel"
|
||||
"version_value": "13"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -40,7 +40,7 @@
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "Android kernel"
|
||||
"version_value": "13"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -40,7 +40,7 @@
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "Android kernel"
|
||||
"version_value": "13"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -40,7 +40,7 @@
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "Android kernel"
|
||||
"version_value": "13"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -40,7 +40,7 @@
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "Android kernel"
|
||||
"version_value": "13"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In plugin_extern_func of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
"value": "In plugin_extern_func of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -40,7 +40,7 @@
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "Android kernel"
|
||||
"version_value": "13"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -40,7 +40,7 @@
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "Android kernel"
|
||||
"version_value": "13"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -40,7 +40,7 @@
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "Android kernel"
|
||||
"version_value": "13"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-27756",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2024-27756",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An issue in GLPI v.10.0.12 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the title field."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://medium.com/@cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092",
|
||||
"url": "https://medium.com/@cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,110 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28253",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and therefore after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/policies` which gets handled by `PolicyResource.createOrUpdate()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-252`. This issue may lead to Remote Code Execution and has been addressed in version 1.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
|
||||
"cweId": "CWE-94"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "open-metadata",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "OpenMetadata",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 1.3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-7vf4-x5m2-r6gr",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-7vf4-x5m2-r6gr"
|
||||
},
|
||||
{
|
||||
"url": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection",
|
||||
"refsource": "MISC",
|
||||
"name": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java#L693",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java#L693"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java#L219",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java#L219"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/policies/PolicyResource.java#L365",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/policies/PolicyResource.java#L365"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/PolicyRepository.java#L113",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/PolicyRepository.java#L113"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-7vf4-x5m2-r6gr",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 9.4,
|
||||
"baseSeverity": "CRITICAL",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,105 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28254",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `\u200eAlertUtil::validateExpression` method evaluates an SpEL expression using `getValue` which by default uses the `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/events/subscriptions/validation/condition/<expression>` endpoint passes user-controlled data `AlertUtil::validateExpession` allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since `Authorizer.authorize()` is never called in the affected path and, therefore, any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-235`. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
|
||||
"cweId": "CWE-78"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "open-metadata",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "OpenMetadata",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 1.2.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-j86m-rrpr-g8gw",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-j86m-rrpr-g8gw"
|
||||
},
|
||||
{
|
||||
"url": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection",
|
||||
"refsource": "MISC",
|
||||
"name": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/blob/84054a85d3478e3e3795fe92daa633ec11c9d6d9/openmetadata-service/src/main/java/org/openmetadata/service/events/subscription/AlertUtil.java#L101",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/blob/84054a85d3478e3e3795fe92daa633ec11c9d6d9/openmetadata-service/src/main/java/org/openmetadata/service/events/subscription/AlertUtil.java#L101"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/blob/84054a85d3478e3e3795fe92daa633ec11c9d6d9/openmetadata-service/src/main/java/org/openmetadata/service/events/subscription/AlertUtil.java#L108",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/blob/84054a85d3478e3e3795fe92daa633ec11c9d6d9/openmetadata-service/src/main/java/org/openmetadata/service/events/subscription/AlertUtil.java#L108"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/spring-projects/spring-framework/blob/4e2d3573189b7c0afce62bce29cd915de4077f56/spring-expression/src/main/java/org/springframework/expression/spel/standard/SpelExpression.java#L106",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/spring-projects/spring-framework/blob/4e2d3573189b7c0afce62bce29cd915de4077f56/spring-expression/src/main/java/org/springframework/expression/spel/standard/SpelExpression.java#L106"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-j86m-rrpr-g8gw",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,95 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28255",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-287: Improper Authentication",
|
||||
"cweId": "CWE-287"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "open-metadata",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "OpenMetadata",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 1.2.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-6wx7-qw5p-wh84",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-6wx7-qw5p-wh84"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/blob/e2043a3f31312ebb42391d6c93a67584d798de52/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java#L111",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/blob/e2043a3f31312ebb42391d6c93a67584d798de52/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java#L111"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/blob/e2043a3f31312ebb42391d6c93a67584d798de52/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java#L113",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/blob/e2043a3f31312ebb42391d6c93a67584d798de52/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java#L113"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-6wx7-qw5p-wh84",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,110 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28847",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptionRepository.prepare()`, which can lead to Remote Code Execution. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that, even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and, therefore, after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/events/subscriptions` which gets handled by `EventSubscriptionResource.createOrUpdateEventSubscription()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-251`."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
|
||||
"cweId": "CWE-94"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "open-metadata",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "OpenMetadata",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 1.2.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-8p5r-6mvv-2435",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-8p5r-6mvv-2435"
|
||||
},
|
||||
{
|
||||
"url": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection",
|
||||
"refsource": "MISC",
|
||||
"name": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java#L693",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java#L693"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EventSubscriptionRepository.java#L69-L83",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EventSubscriptionRepository.java#L69-L83"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java#L219",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java#L219"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/events/subscription/EventSubscriptionResource.java#L289",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/events/subscription/EventSubscriptionResource.java#L289"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-8p5r-6mvv-2435",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,100 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28848",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `\u200eCompiledRule::validateExpression` method evaluates an SpEL expression using an `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/policies/validation/condition/<expression>` endpoint passes user-controlled data `CompiledRule::validateExpession` allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since `Authorizer.authorize()` is never called in the affected path and therefore any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-236`. This issue may lead to Remote Code Execution and has been resolved in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
|
||||
"cweId": "CWE-94"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "open-metadata",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "OpenMetadata",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 1.2.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5xv3-fm7g-865r",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5xv3-fm7g-865r"
|
||||
},
|
||||
{
|
||||
"url": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection",
|
||||
"refsource": "MISC",
|
||||
"name": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L51",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L51"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L57",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L57"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-5xv3-fm7g-865r",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
18
2024/28xxx/CVE-2024-28876.json
Normal file
18
2024/28xxx/CVE-2024-28876.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28876",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/28xxx/CVE-2024-28887.json
Normal file
18
2024/28xxx/CVE-2024-28887.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28887",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/28xxx/CVE-2024-28946.json
Normal file
18
2024/28xxx/CVE-2024-28946.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28946",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/28xxx/CVE-2024-28947.json
Normal file
18
2024/28xxx/CVE-2024-28947.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28947",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/28xxx/CVE-2024-28953.json
Normal file
18
2024/28xxx/CVE-2024-28953.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28953",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29015.json
Normal file
18
2024/29xxx/CVE-2024-29015.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29015",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29043.json
Normal file
18
2024/29xxx/CVE-2024-29043.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29043",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29044.json
Normal file
18
2024/29xxx/CVE-2024-29044.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29044",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29045.json
Normal file
18
2024/29xxx/CVE-2024-29045.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29045",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29046.json
Normal file
18
2024/29xxx/CVE-2024-29046.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29046",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29047.json
Normal file
18
2024/29xxx/CVE-2024-29047.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29047",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29048.json
Normal file
18
2024/29xxx/CVE-2024-29048.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29048",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29049.json
Normal file
18
2024/29xxx/CVE-2024-29049.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29049",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29050.json
Normal file
18
2024/29xxx/CVE-2024-29050.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29050",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29051.json
Normal file
18
2024/29xxx/CVE-2024-29051.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29051",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29052.json
Normal file
18
2024/29xxx/CVE-2024-29052.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29052",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29053.json
Normal file
18
2024/29xxx/CVE-2024-29053.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29053",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29054.json
Normal file
18
2024/29xxx/CVE-2024-29054.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29054",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29055.json
Normal file
18
2024/29xxx/CVE-2024-29055.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29055",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29056.json
Normal file
18
2024/29xxx/CVE-2024-29056.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29056",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29057.json
Normal file
18
2024/29xxx/CVE-2024-29057.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29057",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29058.json
Normal file
18
2024/29xxx/CVE-2024-29058.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29058",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29059.json
Normal file
18
2024/29xxx/CVE-2024-29059.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29059",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29060.json
Normal file
18
2024/29xxx/CVE-2024-29060.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29060",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29061.json
Normal file
18
2024/29xxx/CVE-2024-29061.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29061",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29062.json
Normal file
18
2024/29xxx/CVE-2024-29062.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29062",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29063.json
Normal file
18
2024/29xxx/CVE-2024-29063.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29063",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29064.json
Normal file
18
2024/29xxx/CVE-2024-29064.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29064",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29065.json
Normal file
18
2024/29xxx/CVE-2024-29065.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29065",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29066.json
Normal file
18
2024/29xxx/CVE-2024-29066.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29066",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29067.json
Normal file
18
2024/29xxx/CVE-2024-29067.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29067",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29068.json
Normal file
18
2024/29xxx/CVE-2024-29068.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29068",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29069.json
Normal file
18
2024/29xxx/CVE-2024-29069.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29069",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/29xxx/CVE-2024-29070.json
Normal file
18
2024/29xxx/CVE-2024-29070.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29070",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,17 +1,92 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2180",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "help@fluidattacks.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
|
||||
"cweId": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Zemana",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "AntiLogger",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.74.204.664"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://fluidattacks.com/advisories/gomez/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://fluidattacks.com/advisories/gomez/"
|
||||
},
|
||||
{
|
||||
"url": "https://zemana.com/us/antilogger.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://zemana.com/us/antilogger.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,92 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2204",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "help@fluidattacks.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service (DoS) vulnerability by triggering the 0x80002004 and 0x80002010 IOCTL codes of the zam64.sys and zamguard64.sys drivers."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-476 NULL Pointer Dereference",
|
||||
"cweId": "CWE-476"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Zemana",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "AntiLogger",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.74.204.664"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://fluidattacks.com/advisories/hassan/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://fluidattacks.com/advisories/hassan/"
|
||||
},
|
||||
{
|
||||
"url": "https://zemana.com/us/antilogger.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://zemana.com/us/antilogger.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,84 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2249",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@wordfence.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "choijun",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "LA-Studio Element Kit for Elementor",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "*",
|
||||
"version_value": "1.3.7.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5113170a-5a53-4e53-84e6-56d9ba0740ed?source=cve",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5113170a-5a53-4e53-84e6-56d9ba0740ed?source=cve"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/changeset/3050316/lastudio-element-kit/trunk/includes/extensions/elementor/wrapper-link.php",
|
||||
"refsource": "MISC",
|
||||
"name": "https://plugins.trac.wordpress.org/changeset/3050316/lastudio-element-kit/trunk/includes/extensions/elementor/wrapper-link.php"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Francesco Carlucci"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
|
||||
"baseScore": 6.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,89 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2399",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@wordfence.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Premium Addons for Elementor",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Premium Addons Pro for Elementor",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "*",
|
||||
"version_value": "4.10.23"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc057069-15cd-477f-9106-e616e919c62f?source=cve",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc057069-15cd-477f-9106-e616e919c62f?source=cve"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.10.23/widgets/premium-media-wheel.php#L2753",
|
||||
"refsource": "MISC",
|
||||
"name": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.10.23/widgets/premium-media-wheel.php#L2753"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/changeset/3051259/premium-addons-for-elementor/trunk/widgets/premium-media-wheel.php",
|
||||
"refsource": "MISC",
|
||||
"name": "https://plugins.trac.wordpress.org/changeset/3051259/premium-addons-for-elementor/trunk/widgets/premium-media-wheel.php"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "wesley"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
|
||||
"baseScore": 6.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
18
2024/2xxx/CVE-2024-2475.json
Normal file
18
2024/2xxx/CVE-2024-2475.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2475",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/2xxx/CVE-2024-2476.json
Normal file
18
2024/2xxx/CVE-2024-2476.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2476",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/2xxx/CVE-2024-2477.json
Normal file
18
2024/2xxx/CVE-2024-2477.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2477",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
105
2024/2xxx/CVE-2024-2478.json
Normal file
105
2024/2xxx/CVE-2024-2478.json
Normal file
@ -0,0 +1,105 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2478",
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability was found in BradWenqiang HR 2.0. It has been rated as critical. Affected by this issue is the function selectAll of the file /bishe/register of the component Background Management. The manipulation of the argument userName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256886 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "Eine kritische Schwachstelle wurde in BradWenqiang HR 2.0 ausgemacht. Es geht hierbei um die Funktion selectAll der Datei /bishe/register der Komponente Background Management. Durch die Manipulation des Arguments userName mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-89 SQL Injection",
|
||||
"cweId": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "BradWenqiang",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "HR",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.256886",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.256886"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.256886",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.256886"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/zuizui35/cve/blob/main/cve.md",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/zuizui35/cve/blob/main/cve.md"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "zuizui (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 6.3,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 6.3,
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
105
2024/2xxx/CVE-2024-2479.json
Normal file
105
2024/2xxx/CVE-2024-2479.json
Normal file
@ -0,0 +1,105 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2479",
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability classified as problematic has been found in MHA Sistemas arMHAzena 9.6.0.0. This affects an unknown part of the component Cadastro Page. The manipulation of the argument Query leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256887. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "Es wurde eine Schwachstelle in MHA Sistemas arMHAzena 9.6.0.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Komponente Cadastro Page. Durch Manipulation des Arguments Query mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Cross Site Scripting",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "MHA Sistemas",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "arMHAzena",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "9.6.0.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.256887",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.256887"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.256887",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.256887"
|
||||
},
|
||||
{
|
||||
"url": "https://johnermac.github.io/cve/xss/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://johnermac.github.io/cve/xss/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Johnermac (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 3.5,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 3.5,
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 4,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
105
2024/2xxx/CVE-2024-2480.json
Normal file
105
2024/2xxx/CVE-2024-2480.json
Normal file
@ -0,0 +1,105 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2480",
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. This vulnerability affects unknown code of the component Executa Page. The manipulation of the argument Companhia/Planta/Agente de/Agente at\u00e9 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256888. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "In MHA Sistemas arMHAzena 9.6.0.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente Executa Page. Mittels dem Manipulieren des Arguments Companhia/Planta/Agente de/Agente at\u00e9 mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-89 SQL Injection",
|
||||
"cweId": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "MHA Sistemas",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "arMHAzena",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "9.6.0.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.256888",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.256888"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.256888",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.256888"
|
||||
},
|
||||
{
|
||||
"url": "https://johnermac.github.io/cve/sqli/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://johnermac.github.io/cve/sqli/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Johnermac (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 6.3,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 6.3,
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
113
2024/2xxx/CVE-2024-2481.json
Normal file
113
2024/2xxx/CVE-2024-2481.json
Normal file
@ -0,0 +1,113 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2481",
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "Es wurde eine Schwachstelle in Surya2Developer Hostel Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /admin/manage-students.php. Durch das Manipulieren des Arguments del mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-284 Improper Access Controls",
|
||||
"cweId": "CWE-284"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Surya2Developer",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Hostel Management System",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.256890",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.256890"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.256890",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.256890"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/Broken_Access_Control%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/Broken_Access_Control%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "C.P. Rivera"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "blackslim3 (VulDB User)"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "blackslim3 (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.4,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
113
2024/2xxx/CVE-2024-2482.json
Normal file
113
2024/2xxx/CVE-2024-2482.json
Normal file
@ -0,0 +1,113 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2482",
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword leads to observable response discrepancy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256891."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "In Surya2Developer Hostel Management Service 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /check_availability.php der Komponente HTTP POST Request Handler. Durch Manipulieren des Arguments oldpassword mit unbekannten Daten kann eine observable response discrepancy-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-204 Observable Response Discrepancy",
|
||||
"cweId": "CWE-204"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Surya2Developer",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Hostel Management Service",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.256891",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.256891"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.256891",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.256891"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/Username_and_Password_Enumeration%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/Username_and_Password_Enumeration%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "C.P. Rivera"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "blackslim3 (VulDB User)"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "blackslim3 (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 3.7,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 3.7,
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 2.6,
|
||||
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/2xxx/CVE-2024-2489.json
Normal file
18
2024/2xxx/CVE-2024-2489.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2489",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/2xxx/CVE-2024-2490.json
Normal file
18
2024/2xxx/CVE-2024-2490.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2490",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/2xxx/CVE-2024-2491.json
Normal file
18
2024/2xxx/CVE-2024-2491.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2491",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/2xxx/CVE-2024-2492.json
Normal file
18
2024/2xxx/CVE-2024-2492.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2492",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/2xxx/CVE-2024-2546.json
Normal file
18
2024/2xxx/CVE-2024-2546.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2546",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/2xxx/CVE-2024-2547.json
Normal file
18
2024/2xxx/CVE-2024-2547.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2547",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user