admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-08 17:01:20 +00:00
parent bfa51f55e5
commit 20933a8157
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
21 changed files with 363 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2023/25xxx/CVE-2023-25841.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nThere is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 \u2013 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.\n\nMitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities.\n\n\n"
"value": "There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 \u2013 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.\n\nMitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities."
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Server",
"product_name": "ArcGIS Enterprise Server",
"version": {
"version_data": [
{

4
2023/25xxx/CVE-2023-25848.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\n\n\n\n\nArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. \n\nThe information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.\n\n\n\n\n\n\n\n\n"
"value": "ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. \n\nThe information disclosed is limited to a single attribute in a database connection string. No business data is disclosed."
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Server",
"product_name": "ArcGIS Enterprise Server",
"version": {
"version_data": [
{

2
2024/25xxx/CVE-2024-25691.json
View File

@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Portal",
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{

2
2024/25xxx/CVE-2024-25695.json
View File

@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Portal",
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{

2
2024/25xxx/CVE-2024-25696.json
View File

@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Portal",
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{

4
2024/25xxx/CVE-2024-25697.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nThere is a Cross-site Scripting vulnerability\u00a0in Portal for ArcGIS in versions <=11.1 that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. \u00a0The privileges required to execute this attack are low.\n\n"
"value": "There is a Cross-site Scripting vulnerability\u00a0in Portal for ArcGIS in versions <=11.1 that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. \u00a0The privileges required to execute this attack are low."
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Portal",
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{

2
2024/25xxx/CVE-2024-25698.json
View File

@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Portal",
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{

6
2024/25xxx/CVE-2024-25699.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-323: Reusing a Nonce, Key Pair in Encryption",
"cweId": "CWE-323"
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Portal",
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{

2
2024/25xxx/CVE-2024-25705.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** \nThis CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.\n\n"
"value": "** REJECT ** There is a cross site scripting vulnerability in the Esri Portal for ArcGIS Experience Builder 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser. The privileges required to execute this attack are low."
}
]
}

2
2024/25xxx/CVE-2024-25706.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** \nThis CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.\n\n"
"value": "** REJECT ** There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks."
}
]
}

2
2024/25xxx/CVE-2024-25707.json
View File

@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Portal",
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{

2
2024/25xxx/CVE-2024-25709.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** \nThis CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.\n\n"
"value": "** REJECT ** There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 10.8.1 \u2013 1121 that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim\u2019s browser. The privileges required to execute this attack are high."
}
]
}

2
2024/38xxx/CVE-2024-38037.json
View File

@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Portal",
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{

2
2024/38xxx/CVE-2024-38038.json
View File

@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Portal",
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{

2
2024/38xxx/CVE-2024-38039.json
View File

@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Portal",
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{

92
2024/3xxx/CVE-2024-3057.json
View File

@ -1,17 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3057",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@purestorage.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PureStorage",
"product": {
"product_data": [
{
"product_name": "FlashArray",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.6.2",
"version_value": "6.6.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.purestorage.com/category/m_pure_storage_product_security",
"refsource": "MISC",
"name": "https://support.purestorage.com/category/m_pure_storage_product_security"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue is resolved in FlashArray Purity (OE) versions 6.6.6 and later.</span><br>"
}
],
"value": "This issue is resolved in FlashArray Purity (OE) versions 6.6.6 and later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

61
2024/44xxx/CVE-2024-44349.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44349",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cybergon.com/",
"refsource": "MISC",
"name": "https://cybergon.com/"
},
{
"refsource": "MISC",
"name": "https://blog.cybergon.com/posts/cve-2024-44349/",
"url": "https://blog.cybergon.com/posts/cve-2024-44349/"
}
]
}

87
2024/47xxx/CVE-2024-47011.json
View File

@ -1,17 +1,96 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47011",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "responsible.disclosure@ivanti.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ivanti",
"product": {
"product_data": [
{
"product_name": "Avalanche",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "6.4.5",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://forums.ivanti.com/s/article/Ivanti-Avalanche-6-4-5-Security-Advisory",
"refsource": "MISC",
"name": "https://forums.ivanti.com/s/article/Ivanti-Avalanche-6-4-5-Security-Advisory"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

2
2024/8xxx/CVE-2024-8148.json
View File

@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Portal",
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{

2
2024/8xxx/CVE-2024-8149.json
View File

@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Portal",
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{

120
2024/8xxx/CVE-2024-8626.json
View File

@ -1,18 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8626",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "CompactLogix 5380 controllers",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v33.011 <"
}
]
}
},
{
"product_name": "Compact GuardLogix\u00ae 5380 controllers",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v33.011<"
}
]
}
},
{
"product_name": "CompactLogix 5480 controllers",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v33.011<"
}
]
}
},
{
"product_name": "GuardLogix 5580 controllers",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v33.011<"
}
]
}
},
{
"product_name": "1756-EN4TR",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v3.002"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html",
"refsource": "MISC",
"name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SD1706",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<table><tbody><tr><td><p><br>Affected Product&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>First Known in firmware Revision</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>Corrected in Firmware Revision</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5380 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011 &lt;</p><p>&nbsp;</p><p>&nbsp;</p></td><td rowspan=\"5\"><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>v33.015 and later for versions 33</p></li></ul><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>v34.011 and later</p></li></ul><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>Compact GuardLogix\u00ae 5380 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5480 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>ControlLogix 5580 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>GuardLogix 5580 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>1756-EN4TR</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v3.002</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>4.001 and later</p></li></ul><p>&nbsp;</p><p>&nbsp;</p></td></tr></tbody></table><br>\n\n<p>Mitigations and Workarounds </p><p>Customers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. </p><ul><li><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a>&nbsp;</p></li></ul>\n\n<br>"
}
],
"value": "Affected Product\u00a0\n\n\u00a0\n\n\u00a0\n\nFirst Known in firmware Revision\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in Firmware Revision\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5380 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011 <\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n * v33.015 and later for versions 33\n\n\n\n\n\u00a0\n\n\u00a0\n\n * v34.011 and later\n\n\n\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompact GuardLogix\u00ae 5380 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5480 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nControlLogix 5580 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nGuardLogix 5580 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n1756-EN4TR\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv3.002\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n * 4.001 and later\n\n\n\n\n\u00a0\n\n\u00a0\n\n\n\n\nMitigations and Workarounds \n\nCustomers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. \n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
]
}