admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-27 09:00:34 +00:00
parent f994e2eb3a
commit 3c40a9b3ab
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
12 changed files with 508 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
2023/6xxx/CVE-2023-6190.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in \u0130zmir Katip \u00c7elebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023.\n\n"
"value": "Improper Input Validation vulnerability in \u0130zmir Katip \u00c7elebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}

105
2024/41xxx/CVE-2024-41173.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41173",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"cweId": "CWE-288"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Beckhoff",
"product": {
"product_data": [
{
"product_name": "IPC Diagnostics package",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.0.0.1"
}
]
}
},
{
"product_name": "TwinCAT/BSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "14.1.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-045",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-045"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-045",
"defect": [
"CERT@VDE#641666"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Nozomi Networks"
},
{
"lang": "en",
"value": "Andrea Palanca"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

105
2024/41xxx/CVE-2024-41174.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41174",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Beckhoff",
"product": {
"product_data": [
{
"product_name": "IPC Diagnostics package",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.0.0.1"
}
]
}
},
{
"product_name": "TwinCAT/BSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "14.1.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-048",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-048"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-048",
"defect": [
"CERT@VDE#641672"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Nozomi Networks"
},
{
"lang": "en",
"value": "Andrea Palanca"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

100
2024/41xxx/CVE-2024-41175.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41175",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Beckhoff",
"product": {
"product_data": [
{
"product_name": "IPC Diagnostics package",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.0.0.1"
}
]
}
},
{
"product_name": "TwinCAT/BSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "14.1.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-049/",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-049/"
},
{
"url": "https://infosys.beckhoff.com/content/1033/twincat_bsd/11780818443.html?id=4222392218353411614",
"refsource": "MISC",
"name": "https://infosys.beckhoff.com/content/1033/twincat_bsd/11780818443.html?id=4222392218353411614"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-049",
"defect": [
"CERT@VDE#641673"
],
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

105
2024/41xxx/CVE-2024-41176.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41176",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The MPD package included in TwinCAT/BSD\u00a0allows an authenticated, low-privileged local\nattacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in\nthe context of user \u201croot\u201d via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Beckhoff",
"product": {
"product_data": [
{
"product_name": "MDP package",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.2.7.0"
}
]
}
},
{
"product_name": "TwinCAT/BSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "14.1.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-050",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2024-050"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2024-050",
"defect": [
"CERT@VDE#641674"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Nozomi Networks"
},
{
"lang": "en",
"value": "Andrea Palanca"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
]
}

16
2024/6xxx/CVE-2024-6377.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session."
"value": "An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
@ -83,16 +83,16 @@
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseSeverity": "HIGH",
"baseScore": 7.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"
"baseScore": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
}
]
}

16
2024/6xxx/CVE-2024-6379.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL."
"value": "A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
@ -83,16 +83,16 @@
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseSeverity": "HIGH",
"baseScore": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
"baseScore": 7.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"
}
]
}

18
2024/8xxx/CVE-2024-8202.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8202",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8203.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8203",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8204.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8204",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8205.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8205",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8206.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8206",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}