admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-16 13:00:35 +00:00
parent 5c071a2e4a
commit 2b7cd3feb6
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 245 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
2024/26xxx/CVE-2024-26821.json
View File

@ -5,110 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-26821",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: relax mount_setattr() permission checks\n\nWhen we added mount_setattr() I added additional checks compared to the\nlegacy do_reconfigure_mnt() and do_change_type() helpers used by regular\nmount(2). If that mount had a parent then verify that the caller and the\nmount namespace the mount is attached to match and if not make sure that\nit's an anonymous mount.\n\nThe real rootfs falls into neither category. It is neither an anoymous\nmount because it is obviously attached to the initial mount namespace\nbut it also obviously doesn't have a parent mount. So that means legacy\nmount(2) allows changing mount properties on the real rootfs but\nmount_setattr(2) blocks this. I never thought much about this but of\ncourse someone on this planet of earth changes properties on the real\nrootfs as can be seen in [1].\n\nSince util-linux finally switched to the new mount api in 2.39 not so\nlong ago it also relies on mount_setattr() and that surfaced this issue\nwhen Fedora 39 finally switched to it. Fix this."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "95de4ad173ca"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.79",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.18",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.6",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/95de4ad173ca0e61034f3145d66917970961c210",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/95de4ad173ca0e61034f3145d66917970961c210"
},
{
"url": "https://git.kernel.org/stable/c/31f71f2d7a081fc6c6bdf06865beedf6db5b0ca4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/31f71f2d7a081fc6c6bdf06865beedf6db5b0ca4"
},
{
"url": "https://git.kernel.org/stable/c/2a7a31e1fb9717845d9d5e2a8c6e48848147801e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2a7a31e1fb9717845d9d5e2a8c6e48848147801e"
},
{
"url": "https://git.kernel.org/stable/c/46f5ab762d048dad224436978315cbc2fa79c630",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/46f5ab762d048dad224436978315cbc2fa79c630"
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
}
}

68
2024/4xxx/CVE-2024-4826.json
View File

@ -1,18 +1,76 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4826",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability could allow an attacker to retrieve all the information stored in the database by sending a specially crafted SQL query, due to the lack of proper sanitisation of the category_id parameter in the category.php file."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Asaancart",
"product": {
"product_data": [
{
"product_name": "Simple PHP Shopping Cart",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-simple-php-shopping-cart",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-simple-php-shopping-cart"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Rafael Pedrero"
}
]
}

18
2024/4xxx/CVE-2024-4998.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4998",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

126
2024/4xxx/CVE-2024-4999.json Normal file
View File

@ -0,0 +1,126 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-4999",
"ASSIGNER": "research@onekey.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote\u00a0attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ligowave",
"product": {
"product_data": [
{
"product_name": "UNITY",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "6.95-2"
}
]
}
},
{
"product_name": "PRO",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "6.95-1.rt3883"
}
]
}
},
{
"product_name": "MIMO",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "6.95-1.rt2880"
}
]
}
},
{
"product_name": "APC Propeller",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2-5.95-4.rt3352"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices/",
"refsource": "MISC",
"name": "https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This product being EOL, Ligowave will not patch the vulnerability. If replacement of the EOL device is not possible, ensure access to the administration interface is restricted to administration network zones only, to reduce likelihood of exploitation."
}
],
"value": "This product being EOL, Ligowave will not patch the vulnerability. If replacement of the EOL device is not possible, ensure access to the administration interface is restricted to administration network zones only, to reduce likelihood of exploitation."
}
],
"credits": [
{
"lang": "en",
"value": "Quentin Kaiser from ONEKEY Research Labs"
}
]
}

18
2024/5xxx/CVE-2024-5000.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5000",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5001.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5001",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}