admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-25 20:00:31 +00:00
parent 653e6ee686
commit 5947f2553d
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
8 changed files with 376 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2024/11xxx/CVE-2024-11722.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11722",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

63
2024/53xxx/CVE-2024-53255.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53255",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting (XSS) vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to inject arbitrary JavaScript code. This code could be used to steal the user's session cookie, perform phishing attacks, or deface the website. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BoidCMS",
"product": {
"product_data": [
{
"product_name": "BoidCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/BoidCMS/BoidCMS/security/advisories/GHSA-7q7m-cgw8-px4r",
"refsource": "MISC",
"name": "https://github.com/BoidCMS/BoidCMS/security/advisories/GHSA-7q7m-cgw8-px4r"
},
{
"url": "https://github.com/BoidCMS/BoidCMS/commit/42f4d703a87f5199bbd701b3495a26c91b9cfab7",
"refsource": "MISC",
"name": "https://github.com/BoidCMS/BoidCMS/commit/42f4d703a87f5199bbd701b3495a26c91b9cfab7"
}
]
},
"source": {
"advisory": "GHSA-7q7m-cgw8-px4r",
"discovery": "UNKNOWN"
}
}

72
2024/53xxx/CVE-2024-53258.json
View File

@ -1,18 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53258",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit `1aa4c769` which is not yet in a release version, but is expected to be included in version 3.0.3. Users are advised to either manually patch or to wait for version 3.0.3. As a workaround administrators can disable the feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"cweId": "CWE-359"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "autolab",
"product": {
"product_data": [
{
"product_name": "Autolab",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.0.0, before commit 1aa4c7690892fb458d2c61ff86739f368e34769d"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/autolab/Autolab/security/advisories/GHSA-84qc-7773-2gg3",
"refsource": "MISC",
"name": "https://github.com/autolab/Autolab/security/advisories/GHSA-84qc-7773-2gg3"
},
{
"url": "https://github.com/autolab/Autolab/commit/1aa4c7690892fb458d2c61ff86739f368e34769d",
"refsource": "MISC",
"name": "https://github.com/autolab/Autolab/commit/1aa4c7690892fb458d2c61ff86739f368e34769d"
}
]
},
"source": {
"advisory": "GHSA-84qc-7773-2gg3",
"discovery": "UNKNOWN"
}
}

63
2024/53xxx/CVE-2024-53261.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53261",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. \"Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).\" The files `packages/kit/src/exports/vite/dev/index.js` and `packages/kit/src/exports/vite/utils.js` both contain user controllable data which under specific conditions may flow to dev mode pages. There is little to no expected impact. The Vite development is not exposed to the network by default and even if someone were able to trick a developer into executing an XSS against themselves, a development database should not have any sensitive data. None the less this issue has been addressed in version 2.8.3 and all users are advised to upgrade."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "sveltejs",
"product": {
"product_data": [
{
"product_name": "kit",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.8.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/sveltejs/kit/security/advisories/GHSA-rjjv-87mx-6x3h",
"refsource": "MISC",
"name": "https://github.com/sveltejs/kit/security/advisories/GHSA-rjjv-87mx-6x3h"
},
{
"url": "https://github.com/sveltejs/kit/commit/d338d4635a7fd947ba5112df6ee632c4a0979438",
"refsource": "MISC",
"name": "https://github.com/sveltejs/kit/commit/d338d4635a7fd947ba5112df6ee632c4a0979438"
}
]
},
"source": {
"advisory": "GHSA-rjjv-87mx-6x3h",
"discovery": "UNKNOWN"
}
}

68
2024/53xxx/CVE-2024-53262.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53262",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered when everything else fails. It can contain the following placeholders: %sveltekit.status% \u2014 the HTTP status, and %sveltekit.error.message% \u2014 the error message. This leads to possible injection if an app explicitly creates an error with a message that contains user controlled content. Only applications where user provided input is used in the `Error` message will be vulnerable, so the vast majority of applications will not be vulnerable This issue has been addressed in version 2.8.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "sveltejs",
"product": {
"product_data": [
{
"product_name": "kit",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.8.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/sveltejs/kit/security/advisories/GHSA-mh2x-fcqh-fmqv",
"refsource": "MISC",
"name": "https://github.com/sveltejs/kit/security/advisories/GHSA-mh2x-fcqh-fmqv"
},
{
"url": "https://github.com/sveltejs/kit/commit/134e36343ef57ed7e6e2b3bb9e7f05ad37865794",
"refsource": "MISC",
"name": "https://github.com/sveltejs/kit/commit/134e36343ef57ed7e6e2b3bb9e7f05ad37865794"
},
{
"url": "https://kit.svelte.dev/docs/errors",
"refsource": "MISC",
"name": "https://kit.svelte.dev/docs/errors"
}
]
},
"source": {
"advisory": "GHSA-mh2x-fcqh-fmqv",
"discovery": "UNKNOWN"
}
}

76
2024/53xxx/CVE-2024-53268.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53268",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. This issue has been addressed in version 3.0.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "laurent22",
"product": {
"product_data": [
{
"product_name": "joplin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-pc5v-xp44-5mgv",
"refsource": "MISC",
"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-pc5v-xp44-5mgv"
}
]
},
"source": {
"advisory": "GHSA-pc5v-xp44-5mgv",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2024/53xxx/CVE-2024-53975.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53975",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/53xxx/CVE-2024-53976.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53976",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}