admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-30 23:00:36 +00:00
parent fce4c465c0
commit 2cddaf4f21
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 286 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
2024/1xxx/CVE-2024-1394.json
View File

@ -475,7 +475,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.25.3-5.2.rhaos4.12.git44a2cb2.el9",
"version": "0:1.25.5-13.1.rhaos4.12.git76343da.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -517,7 +517,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8",
"version": "0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -531,7 +531,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3:4.4.1-2.1.rhaos4.12.el8",
"version": "3:4.2.0-7.2.rhaos4.12.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -559,7 +559,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.9.4-3.2.rhaos4.12.el9",
"version": "2:1.9.4-3.2.rhaos4.12.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -608,7 +608,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.26.5-11.1.rhaos4.13.git919cc6e.el8",
"version": "0:1.26.5-11.1.rhaos4.13.git919cc6e.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -650,7 +650,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el9",
"version": "0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -678,7 +678,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4:1.1.12-1.1.rhaos4.13.el8",
"version": "4:1.1.12-1.1.rhaos4.13.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -741,7 +741,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el8",
"version": "0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -755,7 +755,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.27.0-3.1.el9",
"version": "0:1.27.0-3.1.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -783,7 +783,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el9",
"version": "0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -797,7 +797,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el9",
"version": "0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -811,7 +811,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3:4.4.1-11.3.rhaos4.14.el9",
"version": "3:4.4.1-11.3.rhaos4.14.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -937,7 +937,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el9",
"version": "0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -979,7 +979,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el9",
"version": "0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1007,7 +1007,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el9",
"version": "0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1049,7 +1049,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4:1.1.12-1.2.rhaos4.14.el8",
"version": "4:1.1.12-1.2.rhaos4.14.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1098,7 +1098,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1:1.29.1-20.3.rhaos4.15.el9",
"version": "1:1.29.1-20.3.rhaos4.15.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1182,7 +1182,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el9",
"version": "0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1196,7 +1196,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el8",
"version": "0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1210,7 +1210,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3:4.4.1-21.1.rhaos4.15.el8",
"version": "3:4.4.1-21.1.rhaos4.15.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1224,7 +1224,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4:1.1.12-1.1.rhaos4.15.el9",
"version": "4:1.1.12-1.1.rhaos4.15.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1238,7 +1238,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.11.2-21.2.rhaos4.15.el9",
"version": "2:1.11.2-21.2.rhaos4.15.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"

5
2024/28xxx/CVE-2024-28182.json
View File

@ -83,6 +83,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXJO2EASHM2OQQLGVDY5ZSO7UVDVHTDK/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXJO2EASHM2OQQLGVDY5ZSO7UVDVHTDK/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html"
}
]
},

105
2024/32xxx/CVE-2024-32970.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32970",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities https://github.com/phlex-ruby/phlex/security/advisories/GHSA-242p-4v39-2v8g and https://github.com/phlex-ruby/phlex/security/advisories/GHSA-g7xq-xv8c-h98c, we have invested in extensive browser tests. It was these new tests that helped us uncover these issues. As of now the project exercises every possible attack vector the developers can think of \u2014 including enumerating every ASCII character, and we run these tests in Chrome, Firefox and Safari. Additionally, we test against a list of 6613 known XSS payloads (see: payloadbox/xss-payload-list). The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browsers are when it comes to executing unsafe JavaScript via HTML attributes. If you render an `<a>` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. If you splat user-provided attributes when rendering any HTML or SVG tag, malicious event attributes could be included in the output, executing JavaScript when the events are triggered by another user. Patches are available on RubyGems for all minor versions released in the last year. Users are advised to upgrade. Users unable to upgrade should configure a Content Security Policy that does not allow `unsafe-inline` which would effectively prevent this vulnerability from being exploited. Users who upgrade are also advised to configure a Content Security Policy header that does not allow `unsafe-inline`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "phlex-ruby",
"product": {
"product_data": [
{
"product_name": "phlex",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.9.3"
},
{
"version_affected": "=",
"version_value": ">= 1.10.0, < 1.10.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/phlex-ruby/phlex/security/advisories/GHSA-9p57-h987-4vgx",
"refsource": "MISC",
"name": "https://github.com/phlex-ruby/phlex/security/advisories/GHSA-9p57-h987-4vgx"
},
{
"url": "https://github.com/phlex-ruby/phlex/commit/da8f94342a84cff9d78c98bcc3b3604ee2e577d2",
"refsource": "MISC",
"name": "https://github.com/phlex-ruby/phlex/commit/da8f94342a84cff9d78c98bcc3b3604ee2e577d2"
},
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy",
"refsource": "MISC",
"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy"
},
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline",
"refsource": "MISC",
"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline"
},
{
"url": "https://github.com/payloadbox/xss-payload-list",
"refsource": "MISC",
"name": "https://github.com/payloadbox/xss-payload-list"
},
{
"url": "https://rubygems.org/gems/phlex",
"refsource": "MISC",
"name": "https://rubygems.org/gems/phlex"
}
]
},
"source": {
"advisory": "GHSA-9p57-h987-4vgx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
]
}

62
2024/34xxx/CVE-2024-34149.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-34149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check (for example, because they agree with the objective but disagree with the technical mechanism, or because they have a different objective)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/bitcoin/bitcoin/pull/29769",
"refsource": "MISC",
"name": "https://github.com/bitcoin/bitcoin/pull/29769"
}
]
}
}

100
2024/4xxx/CVE-2024-4349.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4349",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262489 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In SourceCodester Pisay Online E-Learning System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /lesson/controller.php. Durch das Manipulieren des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Pisay Online E-Learning System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.262489",
"refsource": "MISC",
"name": "https://vuldb.com/?id.262489"
},
{
"url": "https://vuldb.com/?ctiid.262489",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.262489"
},
{
"url": "https://vuldb.com/?submit.324929",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.324929"
},
{
"url": "https://github.com/CveSecLook/cve/issues/19",
"refsource": "MISC",
"name": "https://github.com/CveSecLook/cve/issues/19"
}
]
},
"credits": [
{
"lang": "en",
"value": "laowang (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}