admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-02 11:00:32 +00:00
parent fef9f8a06b
commit 2afd0c0e20
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 492 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
2024/35xxx/CVE-2024-35294.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35294",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schneider Elektronik",
"product": {
"product_data": [
{
"product_name": "Series 700",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.0.0.0",
"version_value": "0.1.17.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.schneider-elektronik.de/wp-content/uploads/2024/07/SAR-202405-2.pdf",
"refsource": "MISC",
"name": "https://www.schneider-elektronik.de/wp-content/uploads/2024/07/SAR-202405-2.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Felix Eberstaller and David Schauer from Limes Security"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

58
2024/3xxx/CVE-2024-3727.json
View File

@ -516,6 +516,34 @@
"product_name": "Red Hat OpenShift Container Platform 4.15",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3:4.4.1-30.rhaos4.15.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.11.3-4.rhaos4.15.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
@ -606,6 +634,20 @@
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v4.16.0-202409231504.p0.g342902b.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
@ -1022,12 +1064,6 @@
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
@ -1357,6 +1393,16 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:7174",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:7174"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:7182",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:7182"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-3727",
"refsource": "MISC",

130
2024/7xxx/CVE-2024-7558.json
View File

@ -1,17 +1,139 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7558",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@ubuntu.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"cweId": "CWE-337"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-340: Generation of Predictable Numbers or Identifiers",
"cweId": "CWE-340"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-1391: Use of Weak Credentials",
"cweId": "CWE-1391"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Canonical Ltd.",
"product": {
"product_data": [
{
"product_name": "Juju",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.5",
"version_value": "3.5.4"
},
{
"version_affected": "<",
"version_name": "3.4",
"version_value": "3.4.6"
},
{
"version_affected": "<",
"version_name": "3.3",
"version_value": "3.3.7"
},
{
"version_affected": "<",
"version_name": "3.1",
"version_value": "3.1.10"
},
{
"version_affected": "<",
"version_name": "2.9",
"version_value": "2.9.51"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4",
"refsource": "MISC",
"name": "https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7558",
"refsource": "MISC",
"name": "https://www.cve.org/CVERecord?id=CVE-2024-7558"
}
]
},
"credits": [
{
"lang": "en",
"value": "Harry Pidcock"
},
{
"lang": "en",
"value": "Harry Pidcock"
},
{
"lang": "en",
"value": "Mark Esler"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
]
}

111
2024/8xxx/CVE-2024-8037.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8037",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@ubuntu.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Canonical Ltd.",
"product": {
"product_data": [
{
"product_name": "Juju",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.5",
"version_value": "3.5.4"
},
{
"version_affected": "<",
"version_name": "3.4",
"version_value": "3.4.6"
},
{
"version_affected": "<",
"version_name": "3.3",
"version_value": "3.3.7"
},
{
"version_affected": "<",
"version_name": "3.1",
"version_value": "3.1.10"
},
{
"version_affected": "<",
"version_name": "2.9",
"version_value": "2.9.51"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/juju/juju/security/advisories/GHSA-8v4w-f4r9-7h6x",
"refsource": "MISC",
"name": "https://github.com/juju/juju/security/advisories/GHSA-8v4w-f4r9-7h6x"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8037",
"refsource": "MISC",
"name": "https://www.cve.org/CVERecord?id=CVE-2024-8037"
}
]
},
"credits": [
{
"lang": "en",
"value": "Pedro Guimaraes"
},
{
"lang": "en",
"value": "Harry Pidcock"
},
{
"lang": "en",
"value": "Mark Esler"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

112
2024/8xxx/CVE-2024-8038.json
View File

@ -1,17 +1,121 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8038",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@ubuntu.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-420",
"cweId": "CWE-420"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Canonical Ltd.",
"product": {
"product_data": [
{
"product_name": "Juju",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.5",
"version_value": "3.5.4"
},
{
"version_affected": "<",
"version_name": "3.4",
"version_value": "3.4.6"
},
{
"version_affected": "<",
"version_name": "3.3",
"version_value": "3.3.7"
},
{
"version_affected": "<",
"version_name": "3.1",
"version_value": "3.1.10"
},
{
"version_affected": "<",
"version_name": "2.9",
"version_value": "2.9.51"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq",
"refsource": "MISC",
"name": "https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8038",
"refsource": "MISC",
"name": "https://www.cve.org/CVERecord?id=CVE-2024-8038"
}
]
},
"credits": [
{
"lang": "en",
"value": "Harry Pidcock"
},
{
"lang": "en",
"value": "Harry Pidcock"
},
{
"lang": "en",
"value": "Mark Esler"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"baseScore": 7.9,
"baseSeverity": "HIGH"
}
]
}

18
2024/9xxx/CVE-2024-9430.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9430",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}