admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-13 17:00:36 +00:00
parent 876af6b436
commit 271475c5fe
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
4 changed files with 285 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2024/35xxx/CVE-2024-35325.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35325",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c",
"url": "https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c"
}
]
}

56
2024/35xxx/CVE-2024-35326.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35326",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35326.c",
"url": "https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35326.c"
}
]
}

79
2024/37xxx/CVE-2024-37280.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37280",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@elastic.co",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of \u201cpassthrough\u201d type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elastic",
"product": {
"product_data": [
{
"product_name": "Elasticsearch",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "8.13.1",
"version_value": "8.13.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-14/361007",
"refsource": "MISC",
"name": "https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-14/361007"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

114
2024/37xxx/CVE-2024-37307.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37307",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of `cilium-bugtool` can contain sensitive data when the tool is run (with the `--envoy-dump` flag set) against Cilium deployments with the Envoy proxy enabled. Users of the TLS inspection, Ingress with TLS termination, Gateway API with TLS termination, and Kafka network policies with API key filtering features are affected. The sensitive data includes the CA certificate, certificate chain, and private key used by Cilium HTTP Network Policies, and when using Ingress/Gateway API and the API keys used in Kafka-related network policy. `cilium-bugtool` is a debugging tool that is typically invoked manually and does not run during the normal operation of a Cilium cluster. This issue has been patched in Cilium v1.15.6, v1.14.12, and v1.13.17. There is no workaround to this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cilium",
"product": {
"product_data": [
{
"product_name": "cilium",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.13.0, < 1.13.17"
},
{
"version_affected": "=",
"version_value": ">= 1.14.0, < 1.14.12"
},
{
"version_affected": "=",
"version_value": ">= 1.15.0, < 1.15.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-wh78-7948-358j",
"refsource": "MISC",
"name": "https://github.com/cilium/cilium/security/advisories/GHSA-wh78-7948-358j"
},
{
"url": "https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407",
"refsource": "MISC",
"name": "https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407"
},
{
"url": "https://github.com/cilium/cilium/commit/224e288a5bf40d0bb0f16c9413693b319633431a",
"refsource": "MISC",
"name": "https://github.com/cilium/cilium/commit/224e288a5bf40d0bb0f16c9413693b319633431a"
},
{
"url": "https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741",
"refsource": "MISC",
"name": "https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741"
},
{
"url": "https://github.com/cilium/cilium/commit/958d7b77274bf2c272d8cdfd812631d644250653",
"refsource": "MISC",
"name": "https://github.com/cilium/cilium/commit/958d7b77274bf2c272d8cdfd812631d644250653"
},
{
"url": "https://github.com/cilium/cilium/commit/9eb25ba40391a9b035d7e66401b862818f4aac4b",
"refsource": "MISC",
"name": "https://github.com/cilium/cilium/commit/9eb25ba40391a9b035d7e66401b862818f4aac4b"
},
{
"url": "https://github.com/cilium/cilium/commit/bf9a1ae1b2d2b2c9cca329d7aa96aa4858032a61",
"refsource": "MISC",
"name": "https://github.com/cilium/cilium/commit/bf9a1ae1b2d2b2c9cca329d7aa96aa4858032a61"
}
]
},
"source": {
"advisory": "GHSA-wh78-7948-358j",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
]
}