admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-22 15:00:31 +00:00
parent 6e1c6001cf
commit 46f47b53a9
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
12 changed files with 609 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
2023/52xxx/CVE-2023-52530.json
View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "fdf7cb4185b6",
"version_value": "2f4e16e39e4f"
"version_value": "e8e599a63506"
},
{
"version_value": "not down converted",
@ -57,6 +57,18 @@
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.228",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.169",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.57",
"lessThanOrEqual": "6.1.*",
@ -90,6 +102,16 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022"
},
{
"url": "https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0"
},
{
"url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36",
"refsource": "MISC",
@ -108,6 +130,6 @@
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
"engine": "bippy-c9c4e1df01b2"
}
}

18
2024/10xxx/CVE-2024-10247.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10247",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10248.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10248",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

106
2024/26xxx/CVE-2024-26271.json
View File

@ -1,17 +1,115 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-26271",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@liferay.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_my_account_web_portlet_MyAccountPortlet_backURL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Liferay",
"product": {
"product_data": [
{
"product_name": "Portal",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.4.3.75",
"version_value": "7.4.3.111"
}
]
}
},
{
"product_name": "DXP",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.3.10-u32",
"version_value": "7.3.10-u35"
},
{
"version_affected": "<=",
"version_name": "7.4.13-u75",
"version_value": "7.4.13-u92"
},
{
"version_affected": "<=",
"version_name": "2023.Q3.1",
"version_value": "2023.Q3.5"
},
{
"version_affected": "<=",
"version_name": "2023.Q4.0",
"version_value": "2023.Q4.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-26271",
"refsource": "MISC",
"name": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-26271"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

111
2024/26xxx/CVE-2024-26272.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-26272",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@liferay.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the p_l_back_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Liferay",
"product": {
"product_data": [
{
"product_name": "Portal",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.3.2",
"version_value": "7.3.7"
},
{
"version_affected": "<=",
"version_name": "7.4.0",
"version_value": "7.4.3.107"
}
]
}
},
{
"product_name": "DXP",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.3.10",
"version_value": "7.3.10-u35"
},
{
"version_affected": "<=",
"version_name": "7.4.13",
"version_value": "7.4.13-u92"
},
{
"version_affected": "<=",
"version_name": "2023.Q3.1",
"version_value": "2023.Q3.5"
},
{
"version_affected": "<=",
"version_name": "2023.Q4.0",
"version_value": "2023.Q4.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-26272",
"refsource": "MISC",
"name": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-26272"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

15
2024/26xxx/CVE-2024-26718.json
View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "39d42fa96ba1",
"version_value": "30884a44e0ce"
"version_value": "b825e0f9d68c"
},
{
"version_value": "not down converted",
@ -57,6 +57,12 @@
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.169",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.79",
"lessThanOrEqual": "6.1.*",
@ -96,6 +102,11 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/b825e0f9d68c178072bffd32dd34c39e3d2d597a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b825e0f9d68c178072bffd32dd34c39e3d2d597a"
},
{
"url": "https://git.kernel.org/stable/c/30884a44e0cedc3dfda8c22432f3ba4078ec2d94",
"refsource": "MISC",
@ -119,6 +130,6 @@
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
"engine": "bippy-c9c4e1df01b2"
}
}

24
2024/39xxx/CVE-2024-39497.json
View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "2194a63a818d",
"version_value": "1b4a8b89bf67"
"version_value": "3ae63a8c1685"
},
{
"version_value": "not down converted",
@ -57,6 +57,18 @@
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.169",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.114",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
@ -90,6 +102,16 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/3ae63a8c1685e16958560ec08d30defdc5b9cca0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3ae63a8c1685e16958560ec08d30defdc5b9cca0"
},
{
"url": "https://git.kernel.org/stable/c/2219e5f97244b79c276751a1167615b9714db1b0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2219e5f97244b79c276751a1167615b9714db1b0"
},
{
"url": "https://git.kernel.org/stable/c/1b4a8b89bf6787090b56424d269bf84ba00c3263",
"refsource": "MISC",

24
2024/40xxx/CVE-2024-40953.json
View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "217ece6129f2",
"version_value": "92c77807d938"
"version_value": "71fbc3af3dac"
},
{
"version_value": "not down converted",
@ -57,6 +57,18 @@
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.228",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.169",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.96",
"lessThanOrEqual": "6.1.*",
@ -96,6 +108,16 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/71fbc3af3dacb26c3aa2f30bb3ab05c44d082c84",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/71fbc3af3dacb26c3aa2f30bb3ab05c44d082c84"
},
{
"url": "https://git.kernel.org/stable/c/82bd728a06e55f5b5f93d10ce67f4fe7e689853a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/82bd728a06e55f5b5f93d10ce67f4fe7e689853a"
},
{
"url": "https://git.kernel.org/stable/c/92c77807d938145c7c3350c944ef9f39d7f6017c",
"refsource": "MISC",

78
2024/43xxx/CVE-2024-43173.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43173",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1275 Sensitive Cookie with Improper SameSite Attribute",
"cweId": "CWE-1275"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Concert",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.0, 1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7173596",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7173596"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

78
2024/43xxx/CVE-2024-43177.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43177",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Concert",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.0, 1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7173596",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7173596"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

17
2024/43xxx/CVE-2024-43845.json
View File

@ -40,9 +40,19 @@
"version_data": [
{
"version_affected": "<",
"version_name": "e9109a92d2a9",
"version_name": "626860c470ff",
"version_value": "9c439311c13f"
},
{
"version_affected": "<",
"version_name": "9616d00140a1",
"version_value": "c996b570305e"
},
{
"version_affected": "<",
"version_name": "e9109a92d2a9",
"version_value": "fe2ead240c31"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
@ -96,6 +106,11 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9c439311c13fc6faab1921441165c9b8b500c83b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9c439311c13fc6faab1921441165c9b8b500c83b"
},
{
"url": "https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241",
"refsource": "MISC",

121
2024/8xxx/CVE-2024-8980.json
View File

@ -1,17 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@liferay.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173\n does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Liferay",
"product": {
"product_data": [
{
"product_name": "Portal",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.4.3.101"
}
]
}
},
{
"product_name": "DXP",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "portal-173"
},
{
"version_affected": "<=",
"version_name": "7.0.10",
"version_value": "de-102"
},
{
"version_affected": "<=",
"version_name": "7.1.10",
"version_value": "dxp-28"
},
{
"version_affected": "<=",
"version_name": "7.2.10",
"version_value": "dxp-20"
},
{
"version_affected": "<=",
"version_name": "7.3.10",
"version_value": "7.3.10-u35"
},
{
"version_affected": "<=",
"version_name": "7.4.13",
"version_value": "7.4.13-u92"
},
{
"version_affected": "<=",
"version_name": "2023.Q3.1",
"version_value": "2023.Q3.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980",
"refsource": "MISC",
"name": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}