admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-03 13:00:35 +00:00
parent 2d553ad7cd
commit 45e3cd85d6
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 83 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
2023/50xxx/CVE-2023-50378.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8\u00a0\u00a0\n\n\u00a0Impact : As it will be stored XSS,\u00a0Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. \n\nUsers are recommended to upgrade to version 2.7.8 which fixes this issue.\n\n"
"value": "Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8\u00a0\u00a0\n\n\u00a0Impact : As it will be stored XSS,\u00a0Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. \n\nUsers are recommended to upgrade to version 2.7.8 which fixes this issue."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
@ -59,11 +59,6 @@
"url": "https://lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz8tqh37c",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/6hn0thq743vz9gh283s2d87wz8tqh37c"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/01/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/03/01/5"
}
]
},

48
2024/24xxx/CVE-2024-24795.json
View File

@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "HTTP response splitting"
"value": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')",
"cweId": "CWE-113"
}
]
}
@ -58,51 +59,6 @@
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240415-0013/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240415-0013/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/04/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/04/04/5"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html"
},
{
"url": "https://support.apple.com/kb/HT214119",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214119"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Jul/18"
}
]
},

11
2024/27xxx/CVE-2024-27315.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data.\n\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.\n\n"
"value": "An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data.\n\n\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
"value": "CWE-209 Information Exposure Through an Error Message",
"cweId": "CWE-209"
}
]
}
@ -64,11 +64,6 @@
"url": "https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/28/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/02/28/3"
}
]
},

11
2024/31xxx/CVE-2024-31868.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.\n\nThe attackers can modify helium.json and exposure XSS attacks to normal users.\nThis issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.\n\nUsers are recommended to upgrade to version 0.11.1, which fixes the issue.\n\n"
"value": "Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.\n\nThe attackers can modify helium.json and exposure XSS attacks to normal users.\nThis issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.\n\nUsers are recommended to upgrade to version 0.11.1, which fixes the issue."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-116 Improper Encoding or Escaping of Output",
"cweId": "CWE-116"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
@ -64,11 +64,6 @@
"url": "https://lists.apache.org/thread/55mqs673plsxmgnq7fdf2flftpllyf11",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/55mqs673plsxmgnq7fdf2flftpllyf11"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/09/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/04/09/11"
}
]
},

39
2024/3xxx/CVE-2024-3727.json
View File

@ -508,6 +508,34 @@
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3:4.4.1-19.rhaos4.14.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.11.3-3.rhaos4.14.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
@ -535,7 +563,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.11.3-4.rhaos4.15.el9",
"version": "2:1.11.3-4.rhaos4.15.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -584,7 +612,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.14.4-1.rhaos4.16.el8",
"version": "2:1.14.4-1.rhaos4.16.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -598,7 +626,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.29.5-7.rhaos4.16.git7db4ada.el9",
"version": "0:1.29.5-7.rhaos4.16.git7db4ada.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1403,6 +1431,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:7182"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:7187",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:7187"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-3727",
"refsource": "MISC",

18
2024/9xxx/CVE-2024-9475.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9475",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9476.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9476",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}