admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-30 18:00:34 +00:00
parent 0635eb2dd9
commit 6b93951b5e
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
11 changed files with 512 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
2024/21xxx/CVE-2024-21506.json
View File

@ -5,94 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2024-21506",
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "pymongo",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.6.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-PYMONGO-6370597",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-PYTHON-PYMONGO-6370597"
},
{
"url": "https://gist.github.com/keltecc/62a7c2bf74a997d0a7b48a0ff3853a03",
"refsource": "MISC",
"name": "https://gist.github.com/keltecc/62a7c2bf74a997d0a7b48a0ff3853a03"
},
{
"url": "https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2",
"refsource": "MISC",
"name": "https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2"
}
]
},
"credits": [
{
"lang": "en",
"value": "Vladimir Cherepanov"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L/E:P"
"value": "** REJECT ** This is a duplicate."
}
]
}

87
2024/2xxx/CVE-2024-2420.json
View File

@ -1,18 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2420",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productsecurity@carrier.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain\u00a0Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259 Use of Hardcoded Password",
"cweId": "CWE-259"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LenelS2",
"product": {
"product_data": [
{
"product_name": "NetBox",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "5.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf",
"refsource": "MISC",
"name": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"credits": [
{
"lang": "en",
"value": "Claroty Team82"
}
]
}

87
2024/2xxx/CVE-2024-2421.json
View File

@ -1,18 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2421",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productsecurity@carrier.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LenelS2",
"product": {
"product_data": [
{
"product_name": "NetBox",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "5.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf",
"refsource": "MISC",
"name": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"credits": [
{
"lang": "en",
"value": "Claroty Team82"
}
]
}

87
2024/2xxx/CVE-2024-2422.json
View File

@ -1,18 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2422",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productsecurity@carrier.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')",
"cweId": "CWE-88"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LenelS2",
"product": {
"product_data": [
{
"product_name": "NetBox",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "5.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf",
"refsource": "MISC",
"name": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."
}
],
"credits": [
{
"lang": "en",
"value": "Claroty Team82"
}
]
}

56
2024/35xxx/CVE-2024-35428.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35428",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35428.md",
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35428.md"
}
]
}

56
2024/35xxx/CVE-2024-35433.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35433",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35433.md",
"url": "https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-35433.md"
}
]
}

61
2024/35xxx/CVE-2024-35468.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35468",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/dovankha/CVE-2024-35468",
"url": "https://github.com/dovankha/CVE-2024-35468"
}
]
}

61
2024/35xxx/CVE-2024-35469.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35469",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/dovankha/CVE-2024-35469",
"url": "https://github.com/dovankha/CVE-2024-35469"
}
]
}

18
2024/5xxx/CVE-2024-5539.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5539",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5540.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5540",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5541.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5541",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}