admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-02-02 03:00:32 +00:00
parent 3ddcc32bf5
commit 5d2e4549b1
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
16 changed files with 345 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
2023/46xxx/CVE-2023-46159.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46159",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Storage Ceph",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.3z1, 5.3z5, 6.1z1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7112263",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7112263"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268906",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268906"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

5
2023/46xxx/CVE-2023-46838.json
View File

@ -65,6 +65,11 @@
"url": "https://xenbits.xenproject.org/xsa/advisory-448.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-448.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/"
}
]
},

5
2024/1xxx/CVE-2024-1059.json
View File

@ -63,6 +63,11 @@
"url": "https://crbug.com/1514777",
"refsource": "MISC",
"name": "https://crbug.com/1514777"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/"
}
]
}

5
2024/1xxx/CVE-2024-1060.json
View File

@ -63,6 +63,11 @@
"url": "https://crbug.com/1511567",
"refsource": "MISC",
"name": "https://crbug.com/1511567"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/"
}
]
}

5
2024/1xxx/CVE-2024-1077.json
View File

@ -63,6 +63,11 @@
"url": "https://crbug.com/1511085",
"refsource": "MISC",
"name": "https://crbug.com/1511085"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/"
}
]
}

5
2024/20xxx/CVE-2024-20305.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
"value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}

83
2024/22xxx/CVE-2024-22319.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22319",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote attacker to conduct an LDAP injection. By sending a request with a specially crafted request, an attacker could exploit this vulnerability to inject unsanitized content into the LDAP filter. IBM X-Force ID: 279145."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')",
"cweId": "CWE-90"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Operational Decision Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.12.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7112382",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7112382"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279145",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279145"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

83
2024/22xxx/CVE-2024-22320.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22320",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Operational Decision Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.12.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7112382",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7112382"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279146",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279146"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

5
2024/22xxx/CVE-2024-22420.json
View File

@ -63,6 +63,11 @@
"url": "https://github.com/jupyterlab/jupyterlab/commit/e1b3aabab603878e46add445a3114e838411d2df",
"refsource": "MISC",
"name": "https://github.com/jupyterlab/jupyterlab/commit/e1b3aabab603878e46add445a3114e838411d2df"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H/"
}
]
},

5
2024/22xxx/CVE-2024-22421.json
View File

@ -76,6 +76,11 @@
"url": "https://github.com/jupyterlab/jupyterlab/commit/19bd9b96cb2e77170a67e43121637d0b5619e8c6",
"refsource": "MISC",
"name": "https://github.com/jupyterlab/jupyterlab/commit/19bd9b96cb2e77170a67e43121637d0b5619e8c6"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H/"
}
]
},

56
2024/22xxx/CVE-2024-22533.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22533",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-22533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitee.com/xiandafu/beetl/issues/I8RU01",
"refsource": "MISC",
"name": "https://gitee.com/xiandafu/beetl/issues/I8RU01"
}
]
}

5
2024/22xxx/CVE-2024-22899.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2024/Jan/29",
"url": "https://seclists.org/fulldisclosure/2024/Jan/29"
},
{
"refsource": "MISC",
"name": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/",
"url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/"
}
]
}

5
2024/22xxx/CVE-2024-22900.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2024/Jan/29",
"url": "https://seclists.org/fulldisclosure/2024/Jan/29"
},
{
"refsource": "MISC",
"name": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/",
"url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/"
}
]
}

5
2024/22xxx/CVE-2024-22901.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2024/Jan/30",
"url": "https://seclists.org/fulldisclosure/2024/Jan/30"
},
{
"refsource": "MISC",
"name": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/",
"url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/"
}
]
}

5
2024/22xxx/CVE-2024-22902.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2024/Jan/31",
"url": "https://seclists.org/fulldisclosure/2024/Jan/31"
},
{
"refsource": "MISC",
"name": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/",
"url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/"
}
]
}

5
2024/22xxx/CVE-2024-22903.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2024/Jan/32",
"url": "https://seclists.org/fulldisclosure/2024/Jan/32"
},
{
"refsource": "MISC",
"name": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/",
"url": "https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/"
}
]
}