admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-14 22:00:57 +00:00
parent dd32415213
commit 3ea1aafa25
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
21 changed files with 852 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
2024/10xxx/CVE-2024-10253.json
View File

@ -1,17 +1,153 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10253",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@lenovo.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lenovo",
"product": {
"product_data": [
{
"product_name": "PC Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.1.90.12092"
}
]
}
},
{
"product_name": "Browser",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.0.5.12181"
}
]
}
},
{
"product_name": "App Store",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.0.20"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://iknow.lenovo.com.cn/detail/425367",
"refsource": "MISC",
"name": "https://iknow.lenovo.com.cn/detail/425367"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Update PC Manager to version 5.1.90.12092 or later.</p>"
}
],
"value": "Update PC Manager to version 5.1.90.12092 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Update Lenovo Browser to version 9.0.5.12181 or later.</span>\n\n<br>"
}
],
"value": "Update Lenovo Browser to version 9.0.5.12181 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Update Lenovo App Store to version 9.0.20 or later.</span>\n\n<br>"
}
],
"value": "Update Lenovo App Store to version 9.0.20 or later."
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Gareth Evans of Kryc for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

144
2024/10xxx/CVE-2024-10254.json
View File

@ -1,17 +1,153 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@lenovo.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lenovo",
"product": {
"product_data": [
{
"product_name": "PC Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.1.90.12092"
}
]
}
},
{
"product_name": "Browser",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.0.5.12181"
}
]
}
},
{
"product_name": "App Store",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.0.20"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://iknow.lenovo.com.cn/detail/425367",
"refsource": "MISC",
"name": "https://iknow.lenovo.com.cn/detail/425367"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update PC Manager to version 5.1.90.12092 or later.\n\n<br>"
}
],
"value": "Update PC Manager to version 5.1.90.12092 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo Browser to version 9.0.5.12181 or later.\n\n<br>"
}
],
"value": "Update Lenovo Browser to version 9.0.5.12181 or later."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo App Store to version 9.0.20 or later.\n\n<br>"
}
],
"value": "Update Lenovo App Store to version 9.0.20 or later."
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Gareth Evans of Kryc for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

5
2024/12xxx/CVE-2024-12085.json
View File

@ -117,6 +117,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330539",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2330539"
},
{
"url": "https://kb.cert.org/vuls/id/952657",
"refsource": "MISC",
"name": "https://kb.cert.org/vuls/id/952657"
}
]
},

5
2024/12xxx/CVE-2024-12086.json
View File

@ -117,6 +117,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
},
{
"url": "https://kb.cert.org/vuls/id/952657",
"refsource": "MISC",
"name": "https://kb.cert.org/vuls/id/952657"
}
]
},

5
2024/12xxx/CVE-2024-12087.json
View File

@ -117,6 +117,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330672",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2330672"
},
{
"url": "https://kb.cert.org/vuls/id/952657",
"refsource": "MISC",
"name": "https://kb.cert.org/vuls/id/952657"
}
]
},

5
2024/12xxx/CVE-2024-12088.json
View File

@ -117,6 +117,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330676",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2330676"
},
{
"url": "https://kb.cert.org/vuls/id/952657",
"refsource": "MISC",
"name": "https://kb.cert.org/vuls/id/952657"
}
]
},

5
2024/12xxx/CVE-2024-12747.json
View File

@ -117,6 +117,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332968",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2332968"
},
{
"url": "https://kb.cert.org/vuls/id/952657",
"refsource": "MISC",
"name": "https://kb.cert.org/vuls/id/952657"
}
]
},

18
2024/13xxx/CVE-2024-13402.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13402",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

92
2024/45xxx/CVE-2024-45102.json
View File

@ -1,17 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45102",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@lenovo.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information",
"cweId": "CWE-319"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lenovo",
"product": {
"product_data": [
{
"product_name": "XClarity Administrator",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-154748",
"refsource": "MISC",
"name": "https://support.lenovo.com/us/en/product_security/LEN-154748"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Lenovo XClarity Administrator to the version (or newer) indicated for your model in the advisory: <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-154748\">https://support.lenovo.com/us/en/product_security/LEN-154748</a>\n\n<br>"
}
],
"value": "Update Lenovo XClarity Administrator to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-154748"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

66
2024/48xxx/CVE-2024-48760.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48760",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in GestiolP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.gestioip.net/index.html",
"refsource": "MISC",
"name": "http://www.gestioip.net/index.html"
},
{
"url": "https://github.com/muebel/gestioip-docker-compose",
"refsource": "MISC",
"name": "https://github.com/muebel/gestioip-docker-compose"
},
{
"refsource": "MISC",
"name": "https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760",
"url": "https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760"
}
]
}

2
2024/49xxx/CVE-2024-49530.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
"value": "Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and be tricked in to interacting with it in a specific manner, increasing the attack complexity."
}
]
},

66
2024/50xxx/CVE-2024-50857.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50857",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-50857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The ip_do_job request in GestiolP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/muebel/gestioip-docker-compose",
"refsource": "MISC",
"name": "https://github.com/muebel/gestioip-docker-compose"
},
{
"url": "http://www.gestioip.net",
"refsource": "MISC",
"name": "http://www.gestioip.net"
},
{
"refsource": "MISC",
"name": "https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50857",
"url": "https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50857"
}
]
}

66
2024/50xxx/CVE-2024-50858.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50858",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-50858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple endpoints in GestiolP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/muebel/gestioip-docker-compose",
"refsource": "MISC",
"name": "https://github.com/muebel/gestioip-docker-compose"
},
{
"url": "http://www.gestioip.net",
"refsource": "MISC",
"name": "http://www.gestioip.net"
},
{
"refsource": "MISC",
"name": "https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50858",
"url": "https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50858"
}
]
}

66
2024/50xxx/CVE-2024-50859.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50859",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-50859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The ip_import_acl_csv request in GestiolP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/muebel/gestioip-docker-compose",
"refsource": "MISC",
"name": "https://github.com/muebel/gestioip-docker-compose"
},
{
"url": "http://www.gestioip.net",
"refsource": "MISC",
"name": "http://www.gestioip.net"
},
{
"refsource": "MISC",
"name": "https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50859",
"url": "https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50859"
}
]
}

66
2024/50xxx/CVE-2024-50861.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50861",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-50861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The ip_mod_dns_key_form.cgi request in GestiolP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the \"TSIG Key\" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/muebel/gestioip-docker-compose",
"refsource": "MISC",
"name": "https://github.com/muebel/gestioip-docker-compose"
},
{
"url": "http://www.gestioip.net",
"refsource": "MISC",
"name": "http://www.gestioip.net"
},
{
"refsource": "MISC",
"name": "https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50861",
"url": "https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50861"
}
]
}

2
2024/54xxx/CVE-2024-54032.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
"value": "Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
}
]
},

2
2024/54xxx/CVE-2024-54034.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
"value": "Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. This attack is dependent on the victim opening the malicious URL with a specific browser, increasing the attack complexity."
}
]
},

20
2024/54xxx/CVE-2024-54036.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
"value": "Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."
}
]
},
@ -81,20 +81,20 @@
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 8.2,
"environmentalSeverity": "HIGH",
"environmentalScore": 9.3,
"environmentalSeverity": "CRITICAL",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "LOW",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "LOW",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "CHANGED",
"modifiedUserInteraction": "REQUIRED",
@ -102,10 +102,10 @@
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"temporalScore": 9.3,
"temporalSeverity": "CRITICAL",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
]

61
2024/57xxx/CVE-2024-57471.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-57471",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-57471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://h3c.com",
"refsource": "MISC",
"name": "http://h3c.com"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/XiaoCurry/88a43c9a68694941221eb7592da39d4c",
"url": "https://gist.github.com/XiaoCurry/88a43c9a68694941221eb7592da39d4c"
}
]
}

61
2024/57xxx/CVE-2024-57482.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-57482",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-57482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://h3c.com",
"refsource": "MISC",
"name": "http://h3c.com"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/XiaoCurry/d39f76a025df8b78a5f9e1aa48c16d18",
"url": "https://gist.github.com/XiaoCurry/d39f76a025df8b78a5f9e1aa48c16d18"
}
]
}

18
2025/0xxx/CVE-2025-0477.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0477",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}