admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-29 16:00:33 +00:00
parent 716ca0da16
commit 4c672031dc
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 258 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
2024/10xxx/CVE-2024-10452.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10452",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@grafana.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Organization admins can delete pending invites created in an organization they are not part of."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Grafana",
"product": {
"product_data": [
{
"product_name": "Grafana",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://grafana.com/security/security-advisories/cve-2024-10452",
"refsource": "MISC",
"name": "https://grafana.com/security/security-advisories/cve-2024-10452"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

104
2024/25xxx/CVE-2024-25566.json
View File

@ -1,18 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25566",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "responsible-disclosure@pingidentity.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ping Identity",
"product": {
"product_data": [
{
"product_name": "PingAM",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "7.5.0",
"versionType": "major release"
},
{
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "maintenance release"
},
{
"lessThanOrEqual": "7.3.1",
"status": "affected",
"version": "7.3.0",
"versionType": "maintenance release"
},
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "maintenance release"
},
{
"lessThanOrEqual": "7.1.4",
"status": "affected",
"version": "7.1.0",
"versionType": "maintenance release"
},
{
"lessThanOrEqual": "7.0.2",
"status": "affected",
"version": "0",
"versionType": "maintenance release"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://backstage.forgerock.com/downloads/browse/am/featured",
"refsource": "MISC",
"name": "https://backstage.forgerock.com/downloads/browse/am/featured"
},
{
"url": "https://backstage.forgerock.com/knowledge/advisories/article/a63463303",
"refsource": "MISC",
"name": "https://backstage.forgerock.com/knowledge/advisories/article/a63463303"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
}
}

8
2024/47xxx/CVE-2024-47068.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Rollup is a module bundler for JavaScript. Versions prior to 3.29.5 and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 3.29.5 and 4.22.4 contain a patch for the vulnerability."
"value": "Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 2.79.2, 3.29.5, and 4.22.4 contain a patch for the vulnerability."
}
]
},
@ -41,11 +41,15 @@
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.29.5"
"version_value": ">= 3.0.0, < 3.29.5"
},
{
"version_affected": "=",
"version_value": ">= 4.0.0, < 4.22.4"
},
{
"version_affected": "=",
"version_value": "< 2.79.2"
}
]
}

2
2024/7xxx/CVE-2024-7885.json
View File

@ -62,7 +62,7 @@
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 7.1.0",
"product_name": "Red Hat JBoss Enterprise Application Platform 7",
"version": {
"version_data": [
{

81
2024/7xxx/CVE-2024-7985.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7985",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The FileOrganizer \u2013 Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the \"fileorganizer_ajax_handler\" function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: The FileOrganizer Pro plugin must be installed and active to allow Subscriber+ users to upload files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "softaculous",
"product": {
"product_data": [
{
"product_name": "FileOrganizer \u2013 Manage WordPress and Website Files",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.0.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f79164c2-be3b-496d-b747-3e4b60b7fc2b?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f79164c2-be3b-496d-b747-3e4b60b7fc2b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/fileorganizer/trunk/main/ajax.php#L13",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/fileorganizer/trunk/main/ajax.php#L13"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3149878/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3149878/"
}
]
},
"credits": [
{
"lang": "en",
"value": "TANG Cheuk Hei"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}