admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-31 23:00:59 +00:00
parent b582e43b61
commit 4a5712c615
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 319 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
2024/13xxx/CVE-2024-13084.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13084",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search-property.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In PHPGurukul Land Record System 1.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/search-property.php. Durch das Beeinflussen des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHPGurukul",
"product": {
"product_data": [
{
"product_name": "Land Record System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.289837",
"refsource": "MISC",
"name": "https://vuldb.com/?id.289837"
},
{
"url": "https://vuldb.com/?ctiid.289837",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.289837"
},
{
"url": "https://vuldb.com/?submit.472195",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.472195"
},
{
"url": "https://phpgurukul.com/",
"refsource": "MISC",
"name": "https://phpgurukul.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Fergod (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

109
2024/13xxx/CVE-2024-13085.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13085",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in PHPGurukul Land Record System 1.0 entdeckt. Betroffen davon ist ein unbekannter Prozess der Datei /admin/login.php. Durch Beeinflussen des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHPGurukul",
"product": {
"product_data": [
{
"product_name": "Land Record System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.289838",
"refsource": "MISC",
"name": "https://vuldb.com/?id.289838"
},
{
"url": "https://vuldb.com/?ctiid.289838",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.289838"
},
{
"url": "https://vuldb.com/?submit.472196",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.472196"
},
{
"url": "https://phpgurukul.com/",
"refsource": "MISC",
"name": "https://phpgurukul.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Fergod (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

18
2024/13xxx/CVE-2024-13101.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13101",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

28
2024/38xxx/CVE-2024-38202.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Summary\nMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.\nMicrosoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. **Note:**Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.\nIf there are any further updates regarding mitigations for this vulnerability, this CVE will be updated and customers will be notified. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert if an update occurs.\nDetails\nA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.\nMicrosoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. **Note:**Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.\nIf there are any... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202"
"value": "Summary\nMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.\nMicrosoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.\nIf there are any further updates regarding mitigations for this vulnerability, this CVE will be updated and customers will be notified. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert if an update occurs.\nDetails\nA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.\nMicrosoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.\nIf there are any further... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202"
}
]
},
@ -41,7 +41,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "10.0.0",
"version_name": "10.0.17763.0",
"version_value": "10.0.17763.6414"
}
]
@ -53,7 +53,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "10.0.0",
"version_name": "10.0.17763.0",
"version_value": "10.0.17763.6414"
}
]
@ -65,7 +65,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "10.0.0",
"version_name": "10.0.17763.0",
"version_value": "10.0.17763.6414"
}
]
@ -77,7 +77,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "10.0.0",
"version_name": "10.0.20348.0",
"version_value": "10.0.20348..2762"
}
]
@ -101,7 +101,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "10.0.0",
"version_name": "10.0.19043.0",
"version_value": "10.0.19044.5011"
}
]
@ -113,7 +113,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "10.0.0",
"version_name": "10.0.22621.0",
"version_value": "10.0.22621.4317"
}
]
@ -125,7 +125,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "10.0.0",
"version_name": "10.0.19045.0",
"version_value": "10.0.19045.5011"
}
]
@ -137,7 +137,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "10.0.0",
"version_name": "10.0.22631.0",
"version_value": "10.0.22631.4317"
}
]
@ -149,7 +149,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "10.0.0",
"version_name": "10.0.22631.0",
"version_value": "10.0.22631.4317"
}
]
@ -161,7 +161,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "10.0.0",
"version_name": "10.0.25398.0",
"version_value": "10.0.25398.1189"
}
]
@ -173,7 +173,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "10.0.0",
"version_name": "10.0.14393.0",
"version_value": "10.0.14393.7428"
}
]
@ -185,7 +185,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "10.0.0",
"version_name": "10.0.14393.0",
"version_value": "10.0.14393.7428"
}
]
@ -197,7 +197,7 @@
"version_data": [
{
"version_affected": "<",
"version_name": "10.0.0",
"version_name": "10.0.14393.0",
"version_value": "10.0.14393.7428"
}
]

63
2024/56xxx/CVE-2024-56803.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56803",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. This attack requires an attacker to send malicious escape sequences followed by convincing the user to physically press the \"enter\" key. Fixed in Ghostty v1.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ghostty-org",
"product": {
"product_data": [
{
"product_name": "ghostty",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ghostty-org/ghostty/security/advisories/GHSA-5hcq-3j4q-4v6p",
"refsource": "MISC",
"name": "https://github.com/ghostty-org/ghostty/security/advisories/GHSA-5hcq-3j4q-4v6p"
},
{
"url": "https://github.com/ghostty-org/ghostty/pull/3908",
"refsource": "MISC",
"name": "https://github.com/ghostty-org/ghostty/pull/3908"
}
]
},
"source": {
"advisory": "GHSA-5hcq-3j4q-4v6p",
"discovery": "UNKNOWN"
}
}

18
2024/56xxx/CVE-2024-56825.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-56825",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}