admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-03 20:00:34 +00:00
parent 8d30d8ab0b
commit 2fc9417d5e
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
16 changed files with 858 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2024/33xxx/CVE-2024-33663.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-33663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mpdavis/python-jose/issues/346",
"refsource": "MISC",
"name": "https://github.com/mpdavis/python-jose/issues/346"
},
{
"refsource": "MISC",
"name": "https://www.vicarius.io/vsociety/posts/algorithm-confusion-in-python-jose-cve-2024-33663",
"url": "https://www.vicarius.io/vsociety/posts/algorithm-confusion-in-python-jose-cve-2024-33663"
}
]
}

61
2024/41xxx/CVE-2024-41435.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41435",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-41435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the \"insert into\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yugabyte/yugabyte-db/issues/22967",
"refsource": "MISC",
"name": "https://github.com/yugabyte/yugabyte-db/issues/22967"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/ycybfhb/1427881e7db911786837d32b0669e06b",
"url": "https://gist.github.com/ycybfhb/1427881e7db911786837d32b0669e06b"
}
]
}

20
2024/41xxx/CVE-2024-41517.json
View File

@ -52,20 +52,20 @@
},
"references": {
"reference_data": [
{
"url": "http://feripro.com",
"refsource": "MISC",
"name": "http://feripro.com"
},
{
"url": "http://mecodia.com",
"refsource": "MISC",
"name": "http://mecodia.com"
},
{
"refsource": "CONFIRM",
"name": "https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/",
"url": "https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/"
},
{
"refsource": "MISC",
"name": "http://feripro.de",
"url": "http://feripro.de"
},
{
"refsource": "MISC",
"name": "http://mecodia.de",
"url": "http://mecodia.de"
}
]
}

20
2024/41xxx/CVE-2024-41518.json
View File

@ -52,20 +52,20 @@
},
"references": {
"reference_data": [
{
"url": "http://feripro.com",
"refsource": "MISC",
"name": "http://feripro.com"
},
{
"url": "http://mecodia.com",
"refsource": "MISC",
"name": "http://mecodia.com"
},
{
"refsource": "CONFIRM",
"name": "https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/",
"url": "https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/"
},
{
"refsource": "MISC",
"name": "http://feripro.de",
"url": "http://feripro.de"
},
{
"refsource": "MISC",
"name": "http://mecodia.de",
"url": "http://mecodia.de"
}
]
}

20
2024/41xxx/CVE-2024-41519.json
View File

@ -52,20 +52,20 @@
},
"references": {
"reference_data": [
{
"url": "http://feripro.com",
"refsource": "MISC",
"name": "http://feripro.com"
},
{
"url": "http://mecodia.com",
"refsource": "MISC",
"name": "http://mecodia.com"
},
{
"refsource": "CONFIRM",
"name": "https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/",
"url": "https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/"
},
{
"refsource": "MISC",
"name": "http://feripro.de",
"url": "http://feripro.de"
},
{
"refsource": "MISC",
"name": "http://mecodia.de",
"url": "http://mecodia.de"
}
]
}

61
2024/45xxx/CVE-2024-45180.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45180",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-45180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SquaredUp DS for SCOM 6.2.1.11104 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://squaredup.com",
"refsource": "MISC",
"name": "https://squaredup.com"
},
{
"refsource": "CONFIRM",
"name": "https://scomsupport.squaredup.com/reference/security-advisory/cve-2024-45180-stored-cross-site-scripting-knowledge-editor-tile",
"url": "https://scomsupport.squaredup.com/reference/security-advisory/cve-2024-45180-stored-cross-site-scripting-knowledge-editor-tile"
}
]
}

90
2024/45xxx/CVE-2024-45307.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45307",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the `-config` command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is affected. Other versions (e.g. v8) are not affected. Users should upgrade to version 9.26.7 to receive a patch. A workaround would be to create a command permission overwrite in the Database. A SQL statement provided in the GitHub Security Advisor can be executed to create a overwrite that disallows users without `ManageGuild` permission to run the `-config` command. Run the SQL statement for every server the bot is in, and replace `<guild_id>` with the appropriate Guild ID each time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization",
"cweId": "CWE-285"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "onesoft-sudo",
"product": {
"product_data": [
{
"product_name": "sudobot",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 9.0.0, < 9.26.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/onesoft-sudo/sudobot/security/advisories/GHSA-crgg-w3rr-r9h4",
"refsource": "MISC",
"name": "https://github.com/onesoft-sudo/sudobot/security/advisories/GHSA-crgg-w3rr-r9h4"
},
{
"url": "https://github.com/onesoft-sudo/sudobot/commit/ef46ca98562f3c1abef4ff7dd94d8f7b8155ee50",
"refsource": "MISC",
"name": "https://github.com/onesoft-sudo/sudobot/commit/ef46ca98562f3c1abef4ff7dd94d8f7b8155ee50"
}
]
},
"source": {
"advisory": "GHSA-crgg-w3rr-r9h4",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
}
]
}

109
2024/45xxx/CVE-2024-45310.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3.\n\nSome workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual\nuser on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-363: Race Condition Enabling Link Following",
"cweId": "CWE-363"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"cweId": "CWE-61"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "opencontainers",
"product": {
"product_data": [
{
"product_name": "runc",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.1.14"
},
{
"version_affected": "=",
"version_value": ">= 1.2.0-rc-1, < 1.2.0-rc.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv",
"refsource": "MISC",
"name": "https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv"
},
{
"url": "https://github.com/opencontainers/runc/pull/4359",
"refsource": "MISC",
"name": "https://github.com/opencontainers/runc/pull/4359"
},
{
"url": "https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7",
"refsource": "MISC",
"name": "https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7"
},
{
"url": "https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e",
"refsource": "MISC",
"name": "https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e"
},
{
"url": "https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf",
"refsource": "MISC",
"name": "https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf"
}
]
},
"source": {
"advisory": "GHSA-jfvp-7x6p-h2pv",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
]
}

86
2024/45xxx/CVE-2024-45389.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45389",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of `document.currentScript.src`. Prior to Pagefind version 1.1.1, it is possible to \"clobber\" this lookup with otherwise benign HTML on the page. This will cause `document.currentScript.src` to resolve as an external domain, which will then be used by Pagefind to load dependencies. This exploit would only work in the case that an attacker could inject HTML to a live, hosted, website. In these cases, this would act as a way to escalate the privilege available to an attacker. This assumes they have the ability to add some elements to the page (for example, `img` tags with a `name` attribute), but not others, as adding a `script` to the page would itself be the cross-site scripting vector. Pagefind has tightened this resolution in version 1.1.1 by ensuring the source is loaded from a valid script element. There are no reports of this being exploited in the wild via Pagefind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CloudCannon",
"product": {
"product_data": [
{
"product_name": "pagefind",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/CloudCannon/pagefind/security/advisories/GHSA-gprj-6m2f-j9hx",
"refsource": "MISC",
"name": "https://github.com/CloudCannon/pagefind/security/advisories/GHSA-gprj-6m2f-j9hx"
},
{
"url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
"refsource": "MISC",
"name": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
},
{
"url": "https://github.com/CloudCannon/pagefind/commit/14ec96864eabaf1d7d809d5da0186a8856261eeb",
"refsource": "MISC",
"name": "https://github.com/CloudCannon/pagefind/commit/14ec96864eabaf1d7d809d5da0186a8856261eeb"
}
]
},
"source": {
"advisory": "GHSA-gprj-6m2f-j9hx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
]
}

81
2024/45xxx/CVE-2024-45390.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45390",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrusted input as the template display name, or don't use the display name feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "blakeembrey",
"product": {
"product_data": [
{
"product_name": "js-template",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/blakeembrey/js-template/security/advisories/GHSA-q765-wm9j-66qj",
"refsource": "MISC",
"name": "https://github.com/blakeembrey/js-template/security/advisories/GHSA-q765-wm9j-66qj"
},
{
"url": "https://github.com/blakeembrey/js-template/commit/b8d9aa999e464816c6cfb14acd1ad0f5d1e335aa",
"refsource": "MISC",
"name": "https://github.com/blakeembrey/js-template/commit/b8d9aa999e464816c6cfb14acd1ad0f5d1e335aa"
}
]
},
"source": {
"advisory": "GHSA-q765-wm9j-66qj",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

86
2024/45xxx/CVE-2024-45391.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45391",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tinacms",
"product": {
"product_data": [
{
"product_name": "tinacms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.6.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-4qrm-9h4r-v2fx",
"refsource": "MISC",
"name": "https://github.com/tinacms/tinacms/security/advisories/GHSA-4qrm-9h4r-v2fx"
},
{
"url": "https://github.com/tinacms/tinacms/pull/4758",
"refsource": "MISC",
"name": "https://github.com/tinacms/tinacms/pull/4758"
},
{
"url": "https://github.com/tinacms/tinacms/commit/110f1ceea4574d636a64526648f7c8bf6539b26a",
"refsource": "MISC",
"name": "https://github.com/tinacms/tinacms/commit/110f1ceea4574d636a64526648f7c8bf6539b26a"
}
]
},
"source": {
"advisory": "GHSA-4qrm-9h4r-v2fx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

87
2024/45xxx/CVE-2024-45678.json Normal file
View File

@ -0,0 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-45678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.yubico.com/support/security-advisories/ysa-2024-03/",
"refsource": "MISC",
"name": "https://www.yubico.com/support/security-advisories/ysa-2024-03/"
},
{
"url": "https://support.yubico.com/hc/en-us/articles/15705749884444",
"refsource": "MISC",
"name": "https://support.yubico.com/hc/en-us/articles/15705749884444"
},
{
"url": "https://ninjalab.io/eucleak/",
"refsource": "MISC",
"name": "https://ninjalab.io/eucleak/"
},
{
"url": "https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf",
"refsource": "MISC",
"name": "https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf"
},
{
"url": "https://news.ycombinator.com/item?id=41434500",
"refsource": "MISC",
"name": "https://news.ycombinator.com/item?id=41434500"
},
{
"url": "https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/",
"refsource": "MISC",
"name": "https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/"
}
]
}
}

111
2024/4xxx/CVE-2024-4629.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4629",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Enforcement of a Single, Unique Action",
"cweId": "CWE-837"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Build of Keycloak",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Single Sign-On 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-4629",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2024-4629"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

2
2024/5xxx/CVE-2024-5154.json
View File

@ -126,7 +126,7 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
"defaultStatus": "unaffected"
}
}
]

18
2024/8xxx/CVE-2024-8400.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8400",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8401.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8401",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}