admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-23 16:00:32 +00:00
parent 743760cf87
commit 365ab5b36a
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
11 changed files with 535 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
2024/42xxx/CVE-2024-42364.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-42364",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will ask a user to visit his/her website. The attacker website will then change the DNS records of their domain from their IP address to the internal IP address of the homepage instance. To tell which IP addresses are valid, we can rebind a subdomain to each IP address we want to check, and see if there is a response. Once potential candidates have been found, the attacker can launch the attack by reading the response of the webserver after the IP address has changed. When the attacker domain is fetched, the response will be from the homepage instance, not the attacker website, because the IP address has been changed. Due to a lack of authentication, a user\u2019s private information such as API keys (fixed after first report) and other private information can then be extracted by the attacker website."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action",
"cweId": "CWE-350"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gethomepage",
"product": {
"product_data": [
{
"product_name": "homepage",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 0.9.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-096_homepage/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-096_homepage/"
}
]
},
"source": {
"advisory": "GHSA-8564-h4vv-h8c9",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

61
2024/42xxx/CVE-2024-42523.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-42523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-42523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitee.com/sanluan/PublicCMS/issues/IADVDM",
"refsource": "MISC",
"name": "https://gitee.com/sanluan/PublicCMS/issues/IADVDM"
},
{
"refsource": "CONFIRM",
"name": "https://gist.github.com/ilikeoyt/3dbbca2679c2551eaaeaea9c83acf1a1",
"url": "https://gist.github.com/ilikeoyt/3dbbca2679c2551eaaeaea9c83acf1a1"
}
]
}

56
2024/42xxx/CVE-2024-42636.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-42636",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-42636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/iami233/cve/issues/1",
"url": "https://github.com/iami233/cve/issues/1"
}
]
}

61
2024/42xxx/CVE-2024-42756.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-42756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-42756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.netgear.com/about/security/",
"refsource": "MISC",
"name": "https://www.netgear.com/about/security/"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/Nop3z/CVE/blob/main/Netgear/Netgear%20DGN1000%20RCE/Netgear%20DGN1000%20RCE.md",
"url": "https://github.com/Nop3z/CVE/blob/main/Netgear/Netgear%20DGN1000%20RCE/Netgear%20DGN1000%20RCE.md"
}
]
}

61
2024/42xxx/CVE-2024-42915.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-42915",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-42915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/debashish-choudhury/staff-appraisal-system/",
"refsource": "MISC",
"name": "https://github.com/debashish-choudhury/staff-appraisal-system/"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/soursec/CVEs/tree/main/CVE-2024-42915",
"url": "https://github.com/soursec/CVEs/tree/main/CVE-2024-42915"
}
]
}

66
2024/43xxx/CVE-2024-43031.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43031",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-43031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "autMan v2.9.6 was discovered to contain an access control issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://autman.com",
"refsource": "MISC",
"name": "http://autman.com"
},
{
"url": "https://github.com/hdbjlizhe/fanli",
"refsource": "MISC",
"name": "https://github.com/hdbjlizhe/fanli"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/Nop3z/CVE/blob/main/dlink/DI-8100/Dlink-di8100-dbsrv_asp-overflow.md",
"url": "https://github.com/Nop3z/CVE/blob/main/dlink/DI-8100/Dlink-di8100-dbsrv_asp-overflow.md"
}
]
}

61
2024/43xxx/CVE-2024-43032.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-43032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "autMan v2.9.6 allows attackers to bypass authentication via a crafted web request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/hdbjlizhe/fanli/releases/tag/2.9.6",
"refsource": "MISC",
"name": "https://github.com/hdbjlizhe/fanli/releases/tag/2.9.6"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/Nop3z/CVE/blob/main/dlink/DI-8100/Dlink-di8100-dbsrv_asp-overflow.md",
"url": "https://github.com/Nop3z/CVE/blob/main/dlink/DI-8100/Dlink-di8100-dbsrv_asp-overflow.md"
}
]
}

5
2024/43xxx/CVE-2024-43033.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://github.com/lazy-forever/CVE-Reference/tree/main/2024/43033",
"url": "https://github.com/lazy-forever/CVE-Reference/tree/main/2024/43033"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/lazy-forever/CVE-Reference/tree/main/2024/43033",
"url": "https://github.com/lazy-forever/CVE-Reference/tree/main/2024/43033"
}
]
}

61
2024/44xxx/CVE-2024-44381.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44381",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.dlink.com/en/security-bulletin/",
"refsource": "MISC",
"name": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/GroundCTL2MajorTom/pocs/blob/main/dlink_DI8004W.md",
"refsource": "MISC",
"name": "https://github.com/GroundCTL2MajorTom/pocs/blob/main/dlink_DI8004W.md"
}
]
}

61
2024/44xxx/CVE-2024-44382.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44382",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.dlink.com/en/security-bulletin/",
"refsource": "MISC",
"name": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/GroundCTL2MajorTom/pocs/blob/main/dlink_DI8004W.md",
"refsource": "MISC",
"name": "https://github.com/GroundCTL2MajorTom/pocs/blob/main/dlink_DI8004W.md"
}
]
}

18
2024/8xxx/CVE-2024-8124.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}