admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-10 19:00:37 +00:00
parent 82f9dbe857
commit 5445696389
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
16 changed files with 1130 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/41xxx/CVE-2023-41915.json
View File

@ -91,6 +91,11 @@
"refsource": "DEBIAN",
"name": "DSA-5547",
"url": "https://www.debian.org/security/2023/dsa-5547"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20240710 linux-distros application for CentOS Project's Hyperscale SIG",
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/3"
}
]
}

5
2024/20xxx/CVE-2024-20399.json
View File

@ -962,6 +962,11 @@
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP"
},
{
"url": "https://www.sygnia.co/threat-reports-and-advisories/china-nexus-threat-group-velvet-ant-exploits-cisco-0-day/",
"refsource": "MISC",
"name": "https://www.sygnia.co/threat-reports-and-advisories/china-nexus-threat-group-velvet-ant-exploits-cisco-0-day/"
}
]
},

91
2024/27xxx/CVE-2024-27090.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27090",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded (such as a Participatory Process, an Assembly, a Proposal, a Result, etc), then some data of this resource could be accessed. This vulnerability is fixed in 0.27.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "decidim",
"product": {
"product_data": [
{
"product_name": "decidim",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.27.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/decidim/decidim/security/advisories/GHSA-qcj6-vxwx-4rqv",
"refsource": "MISC",
"name": "https://github.com/decidim/decidim/security/advisories/GHSA-qcj6-vxwx-4rqv"
},
{
"url": "https://github.com/decidim/decidim/pull/12528",
"refsource": "MISC",
"name": "https://github.com/decidim/decidim/pull/12528"
},
{
"url": "https://github.com/decidim/decidim/commit/1756fa639ef393ca8e8bb16221cab2e2e7875705",
"refsource": "MISC",
"name": "https://github.com/decidim/decidim/commit/1756fa639ef393ca8e8bb16221cab2e2e7875705"
},
{
"url": "https://github.com/decidim/decidim/releases/tag/v0.27.6",
"refsource": "MISC",
"name": "https://github.com/decidim/decidim/releases/tag/v0.27.6"
}
]
},
"source": {
"advisory": "GHSA-qcj6-vxwx-4rqv",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

76
2024/37xxx/CVE-2024-37147.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37147",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "glpi-project",
"product": {
"product_data": [
{
"product_name": "glpi",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.85, < 10.0.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-f2cg-fc85-ffmh",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-f2cg-fc85-ffmh"
}
]
},
"source": {
"advisory": "GHSA-f2cg-fc85-ffmh",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

4
2024/37xxx/CVE-2024-37253.json
View File

@ -90,10 +90,10 @@
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;1.3.6 or a higher version."
"value": "Update to&nbsp;1.3.7 or a higher version."
}
],
"value": "Update to\u00a01.3.6 or a higher version."
"value": "Update to\u00a01.3.7 or a higher version."
}
],
"credits": [

61
2024/37xxx/CVE-2024-37770.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37770",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-37770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/b1ackc4t/14Finger/issues/13",
"refsource": "MISC",
"name": "https://github.com/b1ackc4t/14Finger/issues/13"
},
{
"refsource": "MISC",
"name": "https://github.com/k3ppf0r/CVE-2024-37770",
"url": "https://github.com/k3ppf0r/CVE-2024-37770"
}
]
}

107
2024/5xxx/CVE-2024-5491.json
View File

@ -1,18 +1,117 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5491",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@citrix.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NetScaler",
"product": {
"product_data": [
{
"product_name": "NetScaler ADC",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1",
"version_value": "25.53"
},
{
"version_affected": "<",
"version_name": "13.1",
"version_value": "53.17"
},
{
"version_affected": "<",
"version_name": "13.0",
"version_value": "92.31"
},
{
"version_affected": "<",
"version_name": "13.1-FIPS",
"version_value": "37.183"
},
{
"version_affected": "<",
"version_name": "12.1-FIPS",
"version_value": "55.304"
},
{
"version_affected": "<",
"version_name": "12.1-NDcPP",
"version_value": "55.304"
}
]
}
},
{
"product_name": "NetScaler Gateway",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1",
"version_value": "25.53"
},
{
"version_affected": "<",
"version_name": "13.1",
"version_value": "53.17"
},
{
"version_affected": "<",
"version_name": "13.0",
"version_value": "92.31"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492",
"refsource": "MISC",
"name": "https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

123
2024/5xxx/CVE-2024-5910.json
View File

@ -1,18 +1,131 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5910",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.\n\nNote: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "Expedition",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "1.2.92",
"status": "unaffected"
}
],
"lessThan": "1.2.92",
"status": "affected",
"version": "1.2",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-5910",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-5910"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.<br>"
}
],
"value": "Ensure networks access to Expedition is restricted to authorized users, hosts, or networks."
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Expedition 1.2.92 and all later versions.<br>"
}
],
"value": "This issue is fixed in Expedition 1.2.92 and all later versions."
}
],
"credits": [
{
"lang": "en",
"value": "Brian Hysell (Synopsys CyRC)"
}
]
}

191
2024/5xxx/CVE-2024-5911.json
View File

@ -1,18 +1,199 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5911",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "11.2",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "11.1",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "11.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.4",
"status": "unaffected"
}
],
"lessThan": "10.2.4",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.9",
"status": "unaffected"
}
],
"lessThan": "10.1.9",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Cloud NGFW",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Prisma Access",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-5911",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-5911"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"PAN-182835"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices\">https://docs.paloaltonetworks.com/best-practices</a>.<br>"
}
],
"value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices ."
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 10.1.9, PAN-OS 10.2.4, and all later PAN-OS versions.<br>"
}
],
"value": "This issue is fixed in PAN-OS 10.1.9, PAN-OS 10.2.4, and all later PAN-OS versions."
}
],
"credits": [
{
"lang": "en",
"value": "Yasukazu Miyashita of Palo Alto Networks"
}
]
}

140
2024/5xxx/CVE-2024-5912.json
View File

@ -1,18 +1,148 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5912",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347 Improper Verification of Cryptographic Signature",
"cweId": "CWE-347"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "Cortex XDR Agent",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "8.4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3-CE",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.3",
"versionType": "custom"
},
{
"changes": [
{
"at": "7.9.102-CE",
"status": "unaffected"
}
],
"lessThan": "7.9.102-CE",
"status": "affected",
"version": "7.9-CE",
"versionType": "custom"
},
{
"changes": [
{
"at": "8.2.2",
"status": "unaffected"
}
],
"lessThan": "8.2.2",
"status": "affected",
"version": "8.2",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-5912",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-5912"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"CPATR-22565"
],
"discovery": "EXTERNAL"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions.<br>"
}
],
"value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.3, Cortex XDR agent 8.2.2, and all later Cortex XDR agent versions."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks the Cyber Defence Center of BITMARCK, and especially Maximilan Pappert for discovering and reporting this issue."
}
]
}

212
2024/5xxx/CVE-2024-5913.json
View File

@ -1,18 +1,220 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5913",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "10.1.14-h2",
"status": "unaffected"
}
],
"lessThan": "10.1.14-h2",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.10",
"status": "unaffected"
}
],
"lessThan": "10.2.10",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.0.5",
"status": "unaffected"
}
],
"lessThan": "11.0.5",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.4",
"status": "unaffected"
}
],
"lessThan": "11.1.4",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.1",
"status": "unaffected"
}
],
"lessThan": "11.2.1",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Cloud NGFW",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "None"
},
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Prisma Access",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "None"
},
{
"status": "unaffected",
"version": "All"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-5913",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2024-5913"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions.<br>"
}
],
"value": "This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions."
}
],
"credits": [
{
"lang": "en",
"value": "Independent Security Researcher Pear1y"
},
{
"lang": "en",
"value": "Joel Land of CISA Vulnerability Response and Coordination"
},
{
"lang": "en",
"value": "Enrique Castillo of Palo Alto Networks"
}
]
}

5
2024/6xxx/CVE-2024-6387.json
View File

@ -441,6 +441,11 @@
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/10/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/10/3"
}
]
},

100
2024/6xxx/CVE-2024-6649.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6649",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function save_users of the file Users.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271057 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In SourceCodester Employee and Visitor Gate Pass Logging System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist die Funktion save_users der Datei Users.php. Mittels Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Employee and Visitor Gate Pass Logging System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.271057",
"refsource": "MISC",
"name": "https://vuldb.com/?id.271057"
},
{
"url": "https://vuldb.com/?ctiid.271057",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.271057"
},
{
"url": "https://vuldb.com/?submit.370663",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.370663"
},
{
"url": "https://github.com/Xu-Mingming/cve/blob/main/csrf1.md",
"refsource": "MISC",
"name": "https://github.com/Xu-Mingming/cve/blob/main/csrf1.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "Xu Mingming (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
}
]
}

18
2024/6xxx/CVE-2024-6666.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6666",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6667.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6668.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6668",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}