"-Synchronized-Data."

This commit is contained in:
CVE Team 2024-02-16 21:00:33 +00:00
parent 903c547ad4
commit 3329e289ec
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 239 additions and 12 deletions

View File

@ -126,6 +126,11 @@
"refsource": "MISC",
"name": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf",
"url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities",
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2"
}
]
}

View File

@ -96,6 +96,11 @@
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1219826",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219826"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities",
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2"
}
]
}

View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21987",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@netapp.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SnapCenter versions 4.8 prior to 5.0 are susceptible to a \nvulnerability which could allow an authenticated SnapCenter Server user \nto modify system logging configuration settings\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NetApp",
"product": {
"product_data": [
{
"product_name": "SnapCenter",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.8",
"version_value": "5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240216-0001/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "NTAP-20240216-0001",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25627",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an XSS payload. This issue has been addressed in version 2.0-M4-2402. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "alfio-event",
"product": {
"product_data": [
{
"product_name": "alf.io",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.0-M4-2304"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/alfio-event/alf.io/security/advisories/GHSA-gpmg-8f92-37cf",
"refsource": "MISC",
"name": "https://github.com/alfio-event/alf.io/security/advisories/GHSA-gpmg-8f92-37cf"
}
]
},
"source": {
"advisory": "GHSA-gpmg-8f92-37cf",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-613: Insufficient Session Expiration",
"cweId": "CWE-613"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "alfio-event",
"product": {
"product_data": [
{
"product_name": "alf.io",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.0-M4-2402"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/alfio-event/alf.io/security/advisories/GHSA-8p6m-mm22-q893",
"refsource": "MISC",
"name": "https://github.com/alfio-event/alf.io/security/advisories/GHSA-8p6m-mm22-q893"
}
]
},
"source": {
"advisory": "GHSA-8p6m-mm22-q893",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
]
}