admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-19 19:00:32 +00:00
parent 0d4a81c04e
commit 26d6198eec
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
4 changed files with 328 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2022/4xxx/CVE-2022-4967.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4967",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

91
2024/31xxx/CVE-2024-31450.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31450",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are saved on disk. The parameter name is taken from the JSON request and directly appended to the filepath that points to the emoji to delete. By using path traversal sequences (../), attackers with administrative privileges can exploit this endpoint to delete arbitrary files on the system, outside of the emoji directory. This vulnerability is fixed in 0.1.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "owncast",
"product": {
"product_data": [
{
"product_name": "owncast",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-277_Owncast/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2023-277_Owncast/"
},
{
"url": "https://github.com/owncast/owncast/commit/1b14800c7d7f54be14ed4d130bfe7f480645076e",
"refsource": "MISC",
"name": "https://github.com/owncast/owncast/commit/1b14800c7d7f54be14ed4d130bfe7f480645076e"
},
{
"url": "https://github.com/owncast/owncast/blob/v0.1.2/controllers/admin/emoji.go#L63",
"refsource": "MISC",
"name": "https://github.com/owncast/owncast/blob/v0.1.2/controllers/admin/emoji.go#L63"
},
{
"url": "https://github.com/owncast/owncast/releases/tag/v0.1.3",
"refsource": "MISC",
"name": "https://github.com/owncast/owncast/releases/tag/v0.1.3"
}
]
},
"source": {
"advisory": "GHSA-9355-27m8-h74v",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

86
2024/32xxx/CVE-2024-32652.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32652",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a hostname such as an empty string, slashes `/`, and other strings. The version 1.10.1 includes the fix for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755: Improper Handling of Exceptional Conditions",
"cweId": "CWE-755"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "honojs",
"product": {
"product_data": [
{
"product_name": "node-server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.3.0, < 1.10.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/honojs/node-server/security/advisories/GHSA-hgxw-5xg3-69jx",
"refsource": "MISC",
"name": "https://github.com/honojs/node-server/security/advisories/GHSA-hgxw-5xg3-69jx"
},
{
"url": "https://github.com/honojs/node-server/issues/159",
"refsource": "MISC",
"name": "https://github.com/honojs/node-server/issues/159"
},
{
"url": "https://github.com/honojs/node-server/commit/d847e60249fd8183ba0998bc379ba20505643204",
"refsource": "MISC",
"name": "https://github.com/honojs/node-server/commit/d847e60249fd8183ba0998bc379ba20505643204"
}
]
},
"source": {
"advisory": "GHSA-hgxw-5xg3-69jx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

145
2024/3xxx/CVE-2024-3979.json
View File

@ -1,17 +1,154 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3979",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Affected by this issue is some unknown functionality. The manipulation leads to race condition. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261596."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in COVESA vsomeip bis 3.4.10 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion. Mittels dem Manipulieren mit unbekannten Daten kann eine race condition-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition",
"cweId": "CWE-362"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "COVESA",
"product": {
"product_data": [
{
"product_name": "vsomeip",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.4.0"
},
{
"version_affected": "=",
"version_value": "3.4.1"
},
{
"version_affected": "=",
"version_value": "3.4.2"
},
{
"version_affected": "=",
"version_value": "3.4.3"
},
{
"version_affected": "=",
"version_value": "3.4.4"
},
{
"version_affected": "=",
"version_value": "3.4.5"
},
{
"version_affected": "=",
"version_value": "3.4.6"
},
{
"version_affected": "=",
"version_value": "3.4.7"
},
{
"version_affected": "=",
"version_value": "3.4.8"
},
{
"version_affected": "=",
"version_value": "3.4.9"
},
{
"version_affected": "=",
"version_value": "3.4.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.261596",
"refsource": "MISC",
"name": "https://vuldb.com/?id.261596"
},
{
"url": "https://vuldb.com/?ctiid.261596",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.261596"
},
{
"url": "https://vuldb.com/?submit.312410",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.312410"
},
{
"url": "https://github.com/COVESA/vsomeip/issues/663",
"refsource": "MISC",
"name": "https://github.com/COVESA/vsomeip/issues/663"
},
{
"url": "https://github.com/COVESA/vsomeip/files/14904610/details.zip",
"refsource": "MISC",
"name": "https://github.com/COVESA/vsomeip/files/14904610/details.zip"
}
]
},
"credits": [
{
"lang": "en",
"value": "xuguosheng (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.4,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 3.2,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P"
}
]
}