admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-09 06:00:30 +00:00
parent 8d3660c470
commit 3149f96b5e
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
8 changed files with 470 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2023/36xxx/CVE-2023-36325.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36325",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-36325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it may be dropped, or may result in a Wrong Destination response). An attack would take days to complete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://xeiaso.net/blog/CVE-2023-36325",
"url": "https://xeiaso.net/blog/CVE-2023-36325"
},
{
"refsource": "MISC",
"name": "https://geti2p.net/en/blog/post/2023/06/25/new_release_2.3.0",
"url": "https://geti2p.net/en/blog/post/2023/06/25/new_release_2.3.0"
},
{
"refsource": "MISC",
"name": "https://i2pgit.org/i2p-hackers/i2p.i2p/-/commit/82aa4e19fbb37ca1bd752ec1b836120beec0985f",
"url": "https://i2pgit.org/i2p-hackers/i2p.i2p/-/commit/82aa4e19fbb37ca1bd752ec1b836120beec0985f"
}
]
}

66
2023/37xxx/CVE-2023-37154.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37154",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-37154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \\${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nagios-plugins/nagios-plugins/commit/e8810de21be80148562b7e0168b0a62aeedffde6",
"refsource": "MISC",
"name": "https://github.com/nagios-plugins/nagios-plugins/commit/e8810de21be80148562b7e0168b0a62aeedffde6"
},
{
"refsource": "MISC",
"name": "https://github.com/monitoring-plugins/monitoring-plugins/security/advisories/GHSA-p3gv-vmpx-hhw4",
"url": "https://github.com/monitoring-plugins/monitoring-plugins/security/advisories/GHSA-p3gv-vmpx-hhw4"
},
{
"refsource": "MISC",
"name": "https://joshua.hu/nagios-hacking-cve-2023-37154",
"url": "https://joshua.hu/nagios-hacking-cve-2023-37154"
}
]
}

61
2023/45xxx/CVE-2023-45359.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45359",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-45359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T340217",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T340217"
},
{
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/c17b956e0750e051ac7c1098e3ff625f0db82b2c",
"url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/c17b956e0750e051ac7c1098e3ff625f0db82b2c"
}
]
}

61
2023/45xxx/CVE-2023-45361.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45361",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-45361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to incorrect web pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T340220",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T340220"
},
{
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/2a452b7e2562cba32b8a17bc91dc5abb531f0a1c",
"url": "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/skins/Vector/+/2a452b7e2562cba32b8a17bc91dc5abb531f0a1c"
}
]
}

76
2024/45xxx/CVE-2024-45160.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45160",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-45160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags",
"refsource": "MISC",
"name": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags"
},
{
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3223",
"refsource": "MISC",
"name": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3223"
},
{
"refsource": "MISC",
"name": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/06d771cbc2d5c752354c50f83e4912e5879f9aa2",
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/06d771cbc2d5c752354c50f83e4912e5879f9aa2"
},
{
"refsource": "MISC",
"name": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7",
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7"
},
{
"refsource": "MISC",
"name": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d",
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d"
}
]
}

91
2024/47xxx/CVE-2024-47191.json
View File

@ -1,17 +1,96 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47191",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-47191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/43",
"refsource": "MISC",
"name": "https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/43"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2024/10/04/2",
"url": "https://www.openwall.com/lists/oss-security/2024/10/04/2"
},
{
"refsource": "MISC",
"name": "https://security.opensuse.org/2024/10/04/oath-toolkit-vulnerability.html",
"url": "https://security.opensuse.org/2024/10/04/oath-toolkit-vulnerability.html"
},
{
"refsource": "MISC",
"name": "https://www.nongnu.org/oath-toolkit/security/CVE-2024-47191",
"url": "https://www.nongnu.org/oath-toolkit/security/CVE-2024-47191"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/60d9902b5c20f27e70f8e9c816bfdc0467567e1a",
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/60d9902b5c20f27e70f8e9c816bfdc0467567e1a"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3235a52f6b87cd1c5da6508f421ac261f5e33a70",
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3235a52f6b87cd1c5da6508f421ac261f5e33a70"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3271139989fde35ab0163b558fc29e80c3a280e5",
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3271139989fde35ab0163b558fc29e80c3a280e5"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/95ef255e6a401949ce3f67609bf8aac2029db418",
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/95ef255e6a401949ce3f67609bf8aac2029db418"
}
]
}

72
2024/5xxx/CVE-2024-5968.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5968",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Photo Gallery by 10Web",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.8.28"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/db73e8d8-feb1-4daa-937e-a73969a93bcc/",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/db73e8d8-feb1-4daa-937e-a73969a93bcc/"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

18
2024/9xxx/CVE-2024-9677.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9677",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}