admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-01 17:00:36 +00:00
parent 0300b67d42
commit 5555d0ab83
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 410 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
2024/23xxx/CVE-2024-23600.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "responsible-disclosure@pingidentity.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Input Validation of query search results for private field data in PingIDM OPENIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ping Identity",
"product": {
"product_data": [
{
"product_name": "OPENIDM",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://backstage.forgerock.com/knowledge/kb/article/a95212747",
"refsource": "MISC",
"name": "https://backstage.forgerock.com/knowledge/kb/article/a95212747"
},
{
"url": "https://backstage.forgerock.com/docs/idcloud/latest/release-notes/regular-channel-changelog.html#changed_functionality",
"refsource": "MISC",
"name": "https://backstage.forgerock.com/docs/idcloud/latest/release-notes/regular-channel-changelog.html#changed_functionality"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SA202402",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Ksandros Apostoli"
},
{
"lang": "en",
"value": "Miguel Garc\u00eda Mart\u00edn"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

56
2024/41xxx/CVE-2024-41265.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41265",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-41265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/nyxfqq/1a8237f3f9cf793c6433f08b17d1593c",
"url": "https://gist.github.com/nyxfqq/1a8237f3f9cf793c6433f08b17d1593c"
}
]
}

91
2024/41xxx/CVE-2024-41962.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41962",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Bostr is an nostr relay aggregator proxy that acts like a regular nostr relay. bostr let everyone in even having authorized_keys being set when noscraper is set to true. This vulnerability is fixed in 3.0.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Yonle",
"product": {
"product_data": [
{
"product_name": "bostr",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Yonle/bostr/security/advisories/GHSA-5cf7-cxrf-mq73",
"refsource": "MISC",
"name": "https://github.com/Yonle/bostr/security/advisories/GHSA-5cf7-cxrf-mq73"
},
{
"url": "https://github.com/Yonle/bostr/commit/49181f4ec9ae1472c6675cab56bbc01e723855af",
"refsource": "MISC",
"name": "https://github.com/Yonle/bostr/commit/49181f4ec9ae1472c6675cab56bbc01e723855af"
},
{
"url": "https://github.com/Yonle/bostr/blob/8665374a66e2afb9f92d0414b0d6f420a95d5d2d/auth.js#L21",
"refsource": "MISC",
"name": "https://github.com/Yonle/bostr/blob/8665374a66e2afb9f92d0414b0d6f420a95d5d2d/auth.js#L21"
},
{
"url": "https://github.com/Yonle/bostr/releases/tag/3.0.10",
"refsource": "MISC",
"name": "https://github.com/Yonle/bostr/releases/tag/3.0.10"
}
]
},
"source": {
"advisory": "GHSA-5cf7-cxrf-mq73",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

90
2024/7xxx/CVE-2024-7211.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7211",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@1e.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Identity Server used by 1E Platform could enable URL redirection to untrusted sites. \n\nNote: The Identity Server on 1E Platform has been updated with the necessary patch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site ('Open Redirect')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "1E",
"product": {
"product_data": [
{
"product_name": "1E Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "24.7"
},
{
"version_affected": "=",
"version_value": "23.11.1.15"
},
{
"version_affected": "=",
"version_value": "23.7.1.80"
},
{
"version_affected": "=",
"version_value": "8.4.1.229"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.1e.com/trust-security-compliance/cve-info/",
"refsource": "MISC",
"name": "https://www.1e.com/trust-security-compliance/cve-info/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "CVE-2024-39694",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

100
2024/7xxx/CVE-2024-7359.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7359",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_establishment. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273338 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in SourceCodester Tracking Monitoring Management System 1.0 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei /ajax.php?action=save_establishment. Durch Beeinflussen des Arguments name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Tracking Monitoring Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.273338",
"refsource": "MISC",
"name": "https://vuldb.com/?id.273338"
},
{
"url": "https://vuldb.com/?ctiid.273338",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.273338"
},
{
"url": "https://vuldb.com/?submit.383494",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.383494"
},
{
"url": "https://gist.github.com/topsky979/6fbd27f1942d76f0392d883dfd8fef10",
"refsource": "MISC",
"name": "https://gist.github.com/topsky979/6fbd27f1942d76f0392d883dfd8fef10"
}
]
},
"credits": [
{
"lang": "en",
"value": "topsky979 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}