admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-01 14:00:31 +00:00
parent 926606f2c6
commit 2a748d6442
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
15 changed files with 432 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

136
2024/10xxx/CVE-2024-10655.json
View File

@ -1,17 +1,145 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file /pda/reportshop/new.php. The manipulation of the argument repid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In Tongda OA 2017 bis 11.9 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /pda/reportshop/new.php. Durch die Manipulation des Arguments repid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tongda",
"product": {
"product_data": [
{
"product_name": "OA 2017",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0"
},
{
"version_affected": "=",
"version_value": "11.1"
},
{
"version_affected": "=",
"version_value": "11.2"
},
{
"version_affected": "=",
"version_value": "11.3"
},
{
"version_affected": "=",
"version_value": "11.4"
},
{
"version_affected": "=",
"version_value": "11.5"
},
{
"version_affected": "=",
"version_value": "11.6"
},
{
"version_affected": "=",
"version_value": "11.7"
},
{
"version_affected": "=",
"version_value": "11.8"
},
{
"version_affected": "=",
"version_value": "11.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.282670",
"refsource": "MISC",
"name": "https://vuldb.com/?id.282670"
},
{
"url": "https://vuldb.com/?ctiid.282670",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.282670"
},
{
"url": "https://vuldb.com/?submit.433515",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.433515"
},
{
"url": "https://github.com/LvZCh/td/issues/11",
"refsource": "MISC",
"name": "https://github.com/LvZCh/td/issues/11"
}
]
},
"credits": [
{
"lang": "en",
"value": "LVZC2 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2024/10xxx/CVE-2024-10678.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10678",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10679.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10679",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10680.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10680",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

113
2024/37xxx/CVE-2024-37094.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Access Control vulnerability in StylemixThemes MasterStudy LMS allows .\n\nThis issue affects MasterStudy LMS: from n/a through 3.2.12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "StylemixThemes",
"product": {
"product_data": [
{
"product_name": "MasterStudy LMS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "n/a",
"lessThanOrEqual": "3.2.12",
"changes": [
{
"at": "3.2.13",
"status": "unaffected"
}
],
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/masterstudy-lms-learning-management-system/wordpress-masterstudy-lms-plugin-3-2-12-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/masterstudy-lms-learning-management-system/wordpress-masterstudy-lms-plugin-3-2-12-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"value": "Update to 3.2.13 or a higher version.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Update to 3.2.13 or a higher version."
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Majed Refaea (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseSeverity": "HIGH",
"baseScore": 8.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
}
]
}

4
2024/39xxx/CVE-2024-39719.json
View File

@ -54,8 +54,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://oligosecurity.webflow.io/blog/more-models-more-probllms",
"url": "https://oligosecurity.webflow.io/blog/more-models-more-probllms"
"name": "https://www.oligo.security/blog/more-models-more-probllms",
"url": "https://www.oligo.security/blog/more-models-more-probllms"
}
]
}

4
2024/39xxx/CVE-2024-39720.json
View File

@ -59,8 +59,8 @@
},
{
"refsource": "MISC",
"name": "https://oligosecurity.webflow.io/blog/more-models-more-probllms",
"url": "https://oligosecurity.webflow.io/blog/more-models-more-probllms"
"name": "https://oligo.security/blog/more-models-more-probllms",
"url": "https://oligo.security/blog/more-models-more-probllms"
}
]
}

4
2024/39xxx/CVE-2024-39721.json
View File

@ -64,8 +64,8 @@
},
{
"refsource": "MISC",
"name": "https://oligosecurity.webflow.io/blog/more-models-more-probllms",
"url": "https://oligosecurity.webflow.io/blog/more-models-more-probllms"
"name": "https://www.oligo.security/blog/more-models-more-probllms",
"url": "https://www.oligo.security/blog/more-models-more-probllms"
}
]
}

4
2024/39xxx/CVE-2024-39722.json
View File

@ -54,8 +54,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://oligosecurity.webflow.io/blog/more-models-more-probllms",
"url": "https://oligosecurity.webflow.io/blog/more-models-more-probllms"
"name": "https://www.oligo.security/blog/more-models-more-probllms",
"url": "https://www.oligo.security/blog/more-models-more-probllms"
}
]
}

12
2024/48xxx/CVE-2024-48063.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE."
"value": "** DISPUTED ** In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing."
}
]
},
@ -61,6 +61,16 @@
"refsource": "MISC",
"name": "https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065",
"url": "https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065"
},
{
"refsource": "MISC",
"name": "https://github.com/pytorch/pytorch/issues/129228",
"url": "https://github.com/pytorch/pytorch/issues/129228"
},
{
"refsource": "MISC",
"name": "https://github.com/pytorch/pytorch/security/policy#using-distributed-features",
"url": "https://github.com/pytorch/pytorch/security/policy#using-distributed-features"
}
]
}

61
2024/48xxx/CVE-2024-48270.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48270",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/misstt123/oasys",
"refsource": "MISC",
"name": "https://github.com/misstt123/oasys"
},
{
"url": "https://github.com/majic-banana/vulnerability/blob/main/POC/Verification%20Code%20Reuse--misstt123oasys.md",
"refsource": "MISC",
"name": "https://github.com/majic-banana/vulnerability/blob/main/POC/Verification%20Code%20Reuse--misstt123oasys.md"
}
]
}

2
2024/48xxx/CVE-2024-48733.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request."
"value": "** DISPUTED ** SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users."
}
]
},

2
2024/48xxx/CVE-2024-48734.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "*Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files."
"value": "** DISPUTED ** Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users."
}
]
},

2
2024/48xxx/CVE-2024-48735.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download."
"value": "** DISPUTED ** Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized users."
}
]
},

66
2024/51xxx/CVE-2024-51406.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-51406",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-51406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/floodlight/floodlight/issues/870",
"url": "https://github.com/floodlight/floodlight/issues/870"
},
{
"refsource": "MISC",
"name": "https://ieeexplore.ieee.org/document/10246976",
"url": "https://ieeexplore.ieee.org/document/10246976"
},
{
"refsource": "MISC",
"name": "https://github.com/floodlight/floodlight",
"url": "https://github.com/floodlight/floodlight"
}
]
}