admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-18 20:00:36 +00:00
parent 75fac49072
commit 223eb81401
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 311 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2024/0xxx/CVE-2024-0697.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0697",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/0xxx/CVE-2024-0698.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0698",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

98
2024/22xxx/CVE-2024-22212.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22212",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.1.0, < 1.4.1"
},
{
"version_affected": "=",
"version_value": ">= 2.0.0, < 2.1.2"
},
{
"version_affected": "=",
"version_value": ">= 2.2.0, < 2.3.4"
},
{
"version_affected": "=",
"version_value": ">= 2.4.0, < 2.4.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-f63m-wp77",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-f63m-wp77"
},
{
"url": "https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce4109b6bcccccd893ee",
"refsource": "MISC",
"name": "https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce4109b6bcccccd893ee"
},
{
"url": "https://hackerone.com/reports/2248689",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2248689"
}
]
},
"source": {
"advisory": "GHSA-vj5q-f63m-wp77",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

90
2024/22xxx/CVE-2024-22213.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22213",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.9.0, < 1.9.5"
},
{
"version_affected": "=",
"version_value": ">= 1.10.0, < 1.11.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc"
},
{
"url": "https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd",
"refsource": "MISC",
"name": "https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd"
},
{
"url": "https://hackerone.com/reports/2058556",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2058556"
}
]
},
"source": {
"advisory": "GHSA-mg7w-x9fm-9wwc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
}
]
}

99
2024/22xxx/CVE-2024-22400.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22400",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 5.0.0, < 5.1.5"
},
{
"version_affected": "=",
"version_value": ">= 5.2.0, < 5.2.5"
},
{
"version_affected": "=",
"version_value": ">= 6.0.0, < 6.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7"
},
{
"url": "https://github.com/nextcloud/user_saml/pull/788",
"refsource": "MISC",
"name": "https://github.com/nextcloud/user_saml/pull/788"
},
{
"url": "https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a",
"refsource": "MISC",
"name": "https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a"
},
{
"url": "https://hackerone.com/reports/2263044",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2263044"
}
]
},
"source": {
"advisory": "GHSA-622q-xhfr-xmv7",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}