admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-04 21:00:38 +00:00
parent 435a1542ec
commit 4697eb9a92
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
12 changed files with 538 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2022/37xxx/CVE-2022-37424.json
View File

@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties",
"cweId": "CWE-552"
"value": "n/a"
}
]
}
@ -32,22 +31,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenNebula",
"product": {
"product_data": [
{
"product_name": "OpenNebula",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.2"
"version_value": "n/a"
}
]
}
}
]
}
},
"vendor_name": "n/a"
}
]
}
@ -106,12 +104,6 @@
]
}
],
"credits": [
{
"lang": "en",
"value": "Paul Batchelor"
}
],
"impact": {
"cvss": [
{

18
2022/37xxx/CVE-2022-37425.json
View File

@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
"value": "n/a"
}
]
}
@ -32,22 +31,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenNebula",
"product": {
"product_data": [
{
"product_name": "OpenNebula",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.2"
"version_value": "n/a"
}
]
}
}
]
}
},
"vendor_name": "n/a"
}
]
}
@ -106,12 +104,6 @@
]
}
],
"credits": [
{
"lang": "en",
"value": "Paul Batchelor"
}
],
"impact": {
"cvss": [
{

10
2022/37xxx/CVE-2022-37680.json
View File

@ -71,16 +71,6 @@
"advisory": "hitachi-sec-2022-001",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Thomas Knudsen"
},
{
"lang": "en",
"value": "Samy Younsi"
}
],
"impact": {
"cvss": [
{

10
2022/37xxx/CVE-2022-37681.json
View File

@ -71,16 +71,6 @@
"advisory": "hitachi-sec-2022-001",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Thomas Knudsen"
},
{
"lang": "en",
"value": "Samy Younsi"
}
],
"impact": {
"cvss": [
{

2
2023/33xxx/CVE-2023-33952.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A double-free vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. This flaw allows a local privileged user to escalate privileges and execute code in the context of the kernel."
"value": "A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel."
}
]
},

71
2024/0xxx/CVE-2024-0241.json
View File

@ -1,18 +1,81 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0241",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long \"id\" parameter.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c",
"refsource": "MISC",
"name": "https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c"
},
{
"url": "https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91",
"refsource": "MISC",
"name": "https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91"
},
{
"url": "https://github.com/advisories/GHSA-3px7-jm2p-6h2c",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-3px7-jm2p-6h2c"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-3px7-jm2p-6h2c",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-3px7-jm2p-6h2c"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

86
2024/21xxx/CVE-2024-21636.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21636",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the `#output_postamble` methodis not sanitized, which can also lead to cross-site scripting issues. Versions 3.9.0 has been released and fully mitigates both the `#call` and the `#output_postamble` vulnerabilities. As a workaround, sanitize the return value of `#call`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ViewComponent",
"product": {
"product_data": [
{
"product_name": "view_component",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.9.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ViewComponent/view_component/security/advisories/GHSA-wf2x-8w6j-qw37",
"refsource": "MISC",
"name": "https://github.com/ViewComponent/view_component/security/advisories/GHSA-wf2x-8w6j-qw37"
},
{
"url": "https://github.com/ViewComponent/view_component/pull/1950",
"refsource": "MISC",
"name": "https://github.com/ViewComponent/view_component/pull/1950"
},
{
"url": "https://github.com/ViewComponent/view_component/commit/0d26944a8d2730ea40e60eae23d70684483e5017",
"refsource": "MISC",
"name": "https://github.com/ViewComponent/view_component/commit/0d26944a8d2730ea40e60eae23d70684483e5017"
}
]
},
"source": {
"advisory": "GHSA-wf2x-8w6j-qw37",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

99
2024/22xxx/CVE-2024-22047.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22047",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww",
"refsource": "MISC",
"name": "https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww"
},
{
"url": "https://github.com/collectiveidea/audited/issues/601",
"refsource": "MISC",
"name": "https://github.com/collectiveidea/audited/issues/601"
},
{
"url": "https://github.com/collectiveidea/audited/pull/669",
"refsource": "MISC",
"name": "https://github.com/collectiveidea/audited/pull/669"
},
{
"url": "https://github.com/collectiveidea/audited/pull/671",
"refsource": "MISC",
"name": "https://github.com/collectiveidea/audited/pull/671"
},
{
"url": "https://github.com/advisories/GHSA-hjp3-5g2q-7jww",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-hjp3-5g2q-7jww"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

76
2024/22xxx/CVE-2024-22048.json
View File

@ -1,18 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22048",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773",
"refsource": "MISC",
"name": "https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773"
},
{
"url": "https://github.com/alphagov/tech-docs-gem/pull/323",
"refsource": "MISC",
"name": "https://github.com/alphagov/tech-docs-gem/pull/323"
},
{
"url": "https://github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1",
"refsource": "MISC",
"name": "https://github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1"
},
{
"url": "https://github.com/advisories/GHSA-x2xw-hw8g-6773",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-x2xw-hw8g-6773"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-x2xw-hw8g-6773",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-x2xw-hw8g-6773"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

76
2024/22xxx/CVE-2024-22049.json
View File

@ -1,18 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22049",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-472 External Control of Assumed-Immutable Web Parameter",
"cweId": "CWE-472"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42",
"refsource": "MISC",
"name": "https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42"
},
{
"url": "https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e",
"refsource": "MISC",
"name": "https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e"
},
{
"url": "https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43",
"refsource": "MISC",
"name": "https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43"
},
{
"url": "https://github.com/advisories/GHSA-5pq7-52mg-hr42",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-5pq7-52mg-hr42"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5pq7-52mg-hr42",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-5pq7-52mg-hr42"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

71
2024/22xxx/CVE-2024-22050.json
View File

@ -1,18 +1,81 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22050",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3",
"refsource": "MISC",
"name": "https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3"
},
{
"url": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889",
"refsource": "MISC",
"name": "https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889"
},
{
"url": "https://github.com/advisories/GHSA-85rf-xh54-whp3",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-85rf-xh54-whp3"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

76
2024/22xxx/CVE-2024-22051.json
View File

@ -1,18 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22051",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x",
"refsource": "MISC",
"name": "https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x"
},
{
"url": "https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf",
"refsource": "MISC",
"name": "https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf"
},
{
"url": "https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3",
"refsource": "MISC",
"name": "https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3"
},
{
"url": "https://github.com/advisories/GHSA-fmx4-26r3-wxpf",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-fmx4-26r3-wxpf"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}