admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-27 17:00:33 +00:00
parent 9275318767
commit 36f57ccceb
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 412 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
2022/4xxx/CVE-2022-4969.json
View File

@ -1,17 +1,117 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4969",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in bwoodsend rockhopper up to 0.1.2. Affected by this issue is the function count_rows of the file rockhopper/src/ragged_array.c of the component Binary Parser. The manipulation of the argument raw leads to buffer overflow. Local access is required to approach this attack. Upgrading to version 0.2.0 is able to address this issue. The name of the patch is 1a15fad5e06ae693eb9b8908363d2c8ef455104e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-266312."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in bwoodsend rockhopper bis 0.1.2 entdeckt. Dies betrifft die Funktion count_rows der Datei rockhopper/src/ragged_array.c der Komponente Binary Parser. Mit der Manipulation des Arguments raw mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Ein Aktualisieren auf die Version 0.2.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 1a15fad5e06ae693eb9b8908363d2c8ef455104e bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "bwoodsend",
"product": {
"product_data": [
{
"product_name": "rockhopper",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.1.0"
},
{
"version_affected": "=",
"version_value": "0.1.1"
},
{
"version_affected": "=",
"version_value": "0.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.266312",
"refsource": "MISC",
"name": "https://vuldb.com/?id.266312"
},
{
"url": "https://vuldb.com/?ctiid.266312",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.266312"
},
{
"url": "https://github.com/bwoodsend/rockhopper/commit/1a15fad5e06ae693eb9b8908363d2c8ef455104e",
"refsource": "MISC",
"name": "https://github.com/bwoodsend/rockhopper/commit/1a15fad5e06ae693eb9b8908363d2c8ef455104e"
},
{
"url": "https://github.com/bwoodsend/rockhopper/releases/tag/v0.2.0",
"refsource": "MISC",
"name": "https://github.com/bwoodsend/rockhopper/releases/tag/v0.2.0"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

76
2024/32xxx/CVE-2024-32978.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32978",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kaminari is a paginator for web app frameworks and object relational mappings. A security vulnerability involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This vulnerability is of moderate severity due to the potential for unauthorized write access to particular Ruby files managed by the library. Such access could lead to the alteration of application behavior or data integrity issues. Users of affected versions are advised to update to Kaminari version 1.2.2 or later, where file permissions have been adjusted to enhance security. If upgrading is not feasible immediately, review and adjust the file permissions for particular Ruby files in Kaminari to ensure they are only accessible by authorized user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kaminari",
"product": {
"product_data": [
{
"product_name": "kaminari",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.15.0, <= 0.16.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/kaminari/kaminari/security/advisories/GHSA-7r3j-qmr4-jfpj",
"refsource": "MISC",
"name": "https://github.com/kaminari/kaminari/security/advisories/GHSA-7r3j-qmr4-jfpj"
}
]
},
"source": {
"advisory": "GHSA-7r3j-qmr4-jfpj",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

86
2024/35xxx/CVE-2024-35219.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35219",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenAPITools",
"product": {
"product_data": [
{
"product_name": "openapi-generator",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 7.6.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h",
"refsource": "MISC",
"name": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h"
},
{
"url": "https://github.com/OpenAPITools/openapi-generator/pull/18652",
"refsource": "MISC",
"name": "https://github.com/OpenAPITools/openapi-generator/pull/18652"
},
{
"url": "https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d",
"refsource": "MISC",
"name": "https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d"
}
]
},
"source": {
"advisory": "GHSA-g3hr-p86p-593h",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
]
}

81
2024/35xxx/CVE-2024-35229.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35229",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern `f(a(),b()); check_if_a_executed_last()` in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a workaround, update and redeploy affected contracts.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-696: Incorrect Behavior Order",
"cweId": "CWE-696"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "matter-labs",
"product": {
"product_data": [
{
"product_name": "era-compiler-solidity",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.3.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-jf9w-7f5g-j95p",
"refsource": "MISC",
"name": "https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-jf9w-7f5g-j95p"
},
{
"url": "https://github.com/matter-labs/era-compiler-solidity/commit/46ce047b51576495779b9f67534207d8154eab79",
"refsource": "MISC",
"name": "https://github.com/matter-labs/era-compiler-solidity/commit/46ce047b51576495779b9f67534207d8154eab79"
}
]
},
"source": {
"advisory": "GHSA-jf9w-7f5g-j95p",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

81
2024/35xxx/CVE-2024-35231.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35231",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data `profiler_runs` was not constrained to any limitation. This would lead to allocating resources on the server side with no limitation and a potential denial of service by remotely user-controlled data. Version 2.5.0 contains a patch for the issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rack",
"product": {
"product_data": [
{
"product_name": "rack-contrib",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rack/rack-contrib/security/advisories/GHSA-8c8q-2xw3-j869",
"refsource": "MISC",
"name": "https://github.com/rack/rack-contrib/security/advisories/GHSA-8c8q-2xw3-j869"
},
{
"url": "https://github.com/rack/rack-contrib/commit/0eec2a9836329051c6742549e65a94a4c24fe6f7",
"refsource": "MISC",
"name": "https://github.com/rack/rack-contrib/commit/0eec2a9836329051c6742549e65a94a4c24fe6f7"
}
]
},
"source": {
"advisory": "GHSA-8c8q-2xw3-j869",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
]
}