admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-19 17:00:36 +00:00
parent b211c2084c
commit 48105ff420
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
24 changed files with 854 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
2024/32xxx/CVE-2024-32358.json
View File

@ -61,6 +61,21 @@
"refsource": "MISC",
"name": "https://gist.github.com/rootlili/a6b6c89591f4773857ae81b7ca5898bc",
"url": "https://gist.github.com/rootlili/a6b6c89591f4773857ae81b7ca5898bc"
},
{
"refsource": "MISC",
"name": "https://github.com/JPressProjects/jpress/releases/tag/v5.1.0",
"url": "https://github.com/JPressProjects/jpress/releases/tag/v5.1.0"
},
{
"refsource": "MISC",
"name": "https://gitee.com/JPressProjects/jpress/releases/tag/v5.1.0",
"url": "https://gitee.com/JPressProjects/jpress/releases/tag/v5.1.0"
},
{
"refsource": "MISC",
"name": "https://www.jpress.cn/download",
"url": "https://www.jpress.cn/download"
}
]
}

53
2024/32xxx/CVE-2024-32927.json
View File

@ -1,17 +1,62 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32927",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "dsap-vuln-management@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Android kernel"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-08-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2024-08-01"
}
]
}

53
2024/32xxx/CVE-2024-32928.json
View File

@ -1,17 +1,62 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32928",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "dsap-vuln-management@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Nest Speakers",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "libcurl"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.google.com/product-documentation/answer/14771247?hl=en&ref_topic=12974021&sjid=9111851316942032590-NA#zippy=",
"refsource": "MISC",
"name": "https://support.google.com/product-documentation/answer/14771247?hl=en&ref_topic=12974021&sjid=9111851316942032590-NA#zippy="
}
]
}

113
2024/37xxx/CVE-2024-37099.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37099",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Liquid Web",
"product": {
"product_data": [
{
"product_name": "GiveWP",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.14.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.14.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-3-14-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-3-14-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.14.2 or a higher version."
}
],
"value": "Update to 3.14.2 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "LVT-tholv2k (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

66
2024/42xxx/CVE-2024-42657.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-42657",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-42657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.linkedin.com/in/subhodeep-baroi-397629252/",
"refsource": "MISC",
"name": "https://www.linkedin.com/in/subhodeep-baroi-397629252/"
},
{
"url": "https://x.com/sudo_subho",
"refsource": "MISC",
"name": "https://x.com/sudo_subho"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/sudo-subho/CVE-2024-42657",
"url": "https://github.com/sudo-subho/CVE-2024-42657"
}
]
}

66
2024/42xxx/CVE-2024-42658.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-42658",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-42658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the cookie's parameter"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.linkedin.com/in/subhodeep-baroi-397629252/",
"refsource": "MISC",
"name": "https://www.linkedin.com/in/subhodeep-baroi-397629252/"
},
{
"url": "https://x.com/sudo_subho",
"refsource": "MISC",
"name": "https://x.com/sudo_subho"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/sudo-subho/CVE-2024-42658",
"url": "https://github.com/sudo-subho/CVE-2024-42658"
}
]
}

94
2024/43xxx/CVE-2024-43400.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43400",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')",
"cweId": "CWE-96"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xwiki",
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 15.6-rc-1, < 15.10.2"
},
{
"version_affected": "=",
"version_value": ">= 15.0-rc-1, < 15.5.5"
},
{
"version_affected": "=",
"version_value": "< 14.10.21"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wcg9-pgqv-xm5v",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wcg9-pgqv-xm5v"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821268509c",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821268509c"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21810",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-21810"
}
]
},
"source": {
"advisory": "GHSA-wcg9-pgqv-xm5v",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

136
2024/43xxx/CVE-2024-43401.json
View File

@ -1,17 +1,145 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43401",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xwiki",
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 15.10-rc-1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f963-4cq8-2gw7",
"refsource": "MISC",
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f963-4cq8-2gw7"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20331",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-20331"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21311",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-21311"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21481",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-21481"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21482",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-21482"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21483",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-21483"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21484",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-21484"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21485",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-21485"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21486",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-21486"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21487",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-21487"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21488",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-21488"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21489",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-21489"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21490",
"refsource": "MISC",
"name": "https://jira.xwiki.org/browse/XWIKI-21490"
}
]
},
"source": {
"advisory": "GHSA-f963-4cq8-2gw7",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2024/44xxx/CVE-2024-44092.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/44xxx/CVE-2024-44093.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/44xxx/CVE-2024-44094.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/44xxx/CVE-2024-44095.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44095",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/44xxx/CVE-2024-44096.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44096",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/44xxx/CVE-2024-44097.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44097",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/44xxx/CVE-2024-44098.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44098",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/44xxx/CVE-2024-44099.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44099",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/44xxx/CVE-2024-44100.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44100",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/44xxx/CVE-2024-44101.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44101",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

26
2024/5xxx/CVE-2024-5037.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 4.12",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v4.12.0-202408071159.p0.gc9592de.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.13",
"version": {
@ -173,6 +194,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:4484"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:5200",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:5200"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-5037",
"refsource": "MISC",

4
2024/5xxx/CVE-2024-5154.json
View File

@ -65,7 +65,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.26.5-18.2.rhaos4.13.git2e90133.el9",
"version": "0:1.26.5-18.2.rhaos4.13.git2e90133.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -86,7 +86,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.27.7-3.rhaos4.14.git674563e.el9",
"version": "0:1.27.7-3.rhaos4.14.git674563e.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"

29
2024/5xxx/CVE-2024-5651.json
View File

@ -36,12 +36,34 @@
"product": {
"product_data": [
{
"product_name": "Fence Agents Remediation Operator",
"product_name": "Fence Agents Remediation 0.4 for RHEL 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v0.4.1-22",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v0.4.1-22",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
@ -56,6 +78,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:5453",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:5453"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-5651",
"refsource": "MISC",

66
2024/6xxx/CVE-2024-6387.json
View File

@ -282,6 +282,21 @@
},
"references": {
"reference_data": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/19",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Jul/19"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/20",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Jul/20"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/12",
"refsource": "MISC",
@ -582,6 +597,21 @@
"refsource": "MISC",
"name": "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/"
},
{
"url": "https://support.apple.com/kb/HT214118",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214118"
},
{
"url": "https://support.apple.com/kb/HT214119",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214119"
},
{
"url": "https://support.apple.com/kb/HT214120",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214120"
},
{
"url": "https://ubuntu.com/security/CVE-2024-6387",
"refsource": "MISC",
@ -631,36 +661,6 @@
"url": "https://www.theregister.com/2024/07/01/regresshion_openssh/",
"refsource": "MISC",
"name": "https://www.theregister.com/2024/07/01/regresshion_openssh/"
},
{
"url": "https://support.apple.com/kb/HT214119",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214119"
},
{
"url": "https://support.apple.com/kb/HT214118",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214118"
},
{
"url": "https://support.apple.com/kb/HT214120",
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT214120"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/20",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Jul/20"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/19",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Jul/19"
}
]
},
@ -670,6 +670,12 @@
"value": "The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter on Red Hat Enterprise Linux 9. However, the sshd server is still vulnerable to a Denial of Service if an attacker exhausts all the connections.\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~\n\nSetting LoginGraceTime to 0 disables the SSHD server's ability to drop connections if authentication is not completed within the specified timeout. If this mitigation is implemented, it is highly recommended to use a tool like 'fail2ban' alongside a firewall to monitor log files and manage connections appropriately.\n\nIf any of the mitigations mentioned above is used, please note that the removal of LoginGraceTime parameter from sshd_config is not automatic when the updated package is installed."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Qualys Threat Research Unit (TRU) (Qualys) for reporting this issue."
}
],
"impact": {
"cvss": [
{

6
2024/6xxx/CVE-2024-6409.json
View File

@ -340,6 +340,12 @@
"value": "The process is identical to CVE-2024-6387, by disabling LoginGraceTime. See that CVE page for additional details."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Solar Designer (CIQ/Rocky Linux) for reporting this issue."
}
],
"impact": {
"cvss": [
{

14
2024/7xxx/CVE-2024-7646.json
View File

@ -45,16 +45,26 @@
"versions": [
{
"status": "affected",
"version": "0",
"version": "1.11.0",
"lessThan": "1.11.2",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "1.11.2"
},
{
"status": "unaffected",
"version": "1.10.4"
},
{
"status": "affected",
"version": "0",
"lessThan": "1.10.4",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
"defaultStatus": "affected"
}
}
]