admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-02 16:00:36 +00:00
parent fe15320848
commit 6c525ffe23
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
8 changed files with 166 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
2024/1xxx/CVE-2024-1715.json
View File

@ -5,81 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2024-1715",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adfoxly_ad_status() function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to enable and disable ads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rafalosinski",
"product": {
"product_data": [
{
"product_name": "AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.8.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84792202-d089-4dca-b950-16aea968c58e?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84792202-d089-4dca-b950-16aea968c58e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/adfoxly/trunk/includes/class-adfoxly-ajax.php#L80",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/adfoxly/trunk/includes/class-adfoxly-ajax.php#L80"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-34802. Reason: This candidate is a duplicate of CVE-2024-34802. Notes: All CVE users should reference CVE-2024-34802 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

2
2024/29xxx/CVE-2024-29193.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (`index.html`) shows the available streams by fetching the API (`[0]`) in the client side. Then, it uses `Object.entries` to iterate over the result (`[1]`) whose first item (`name`) gets appended using `innerHTML` (`[2]`). In the event of a victim visiting the server in question, their browser will execute the request against the go2rtc instance. After the request, the browser will be redirected to go2rtc, in which the XSS would be executed in the context of go2rtc\u2019s origin. As of time of publication, no patch is available."
"value": "gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (`index.html`) shows the available streams by fetching the API in the client side. Then, it uses `Object.entries` to iterate over the result whose first item (`name`) gets appended using `innerHTML`. In the event of a victim visiting the server in question, their browser will execute the request against the go2rtc instance. After the request, the browser will be redirected to go2rtc, in which the XSS would be executed in the context of go2rtc\u2019s origin. As of time of publication, no patch is available."
}
]
},

6
2024/3xxx/CVE-2024-3154.json
View File

@ -65,7 +65,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.26.5-16.2.rhaos4.13.git67e2a9d.el8",
"version": "0:1.26.5-16.2.rhaos4.13.git67e2a9d.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -86,7 +86,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.27.6-2.rhaos4.14.gitb3bd0bf.el9",
"version": "0:1.27.6-2.rhaos4.14.gitb3bd0bf.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -107,7 +107,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.28.6-2.rhaos4.15.git77bbb1c.el8",
"version": "0:1.28.6-2.rhaos4.15.git77bbb1c.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"

30
2024/3xxx/CVE-2024-3727.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenShift Container Platform 4.15",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v4.15.0-202407230407.p0.gf3f8de5.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4.16",
"version": {
@ -44,7 +65,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4:4.9.4-5.1.rhaos4.16.el8",
"version": "4:4.9.4-5.1.rhaos4.16.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -72,7 +93,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.29.5-7.rhaos4.16.git7db4ada.el9",
"version": "0:1.29.5-7.rhaos4.16.git7db4ada.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -881,6 +902,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:4613"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4850",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:4850"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-3727",
"refsource": "MISC",

99
2024/7xxx/CVE-2024-7029.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Commands can be injected over the network and executed without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AVTech",
"product": {
"product_data": [
{
"product_name": "AVM1203 (IP Camera)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "FullImg-1023-1007-1011-1009"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-214-07",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">AVTECH SECURITY Corporation has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.avtech.com.tw/ContactUs.aspx\">AVTECH</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;for additional information.</span>\n\n<br>"
}
],
"value": "AVTECH SECURITY Corporation has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact AVTECH https://www.avtech.com.tw/ContactUs.aspx \u00a0for additional information."
}
],
"credits": [
{
"lang": "en",
"value": "Larry Cashdollar of Akamai Technologies reported this vulnerability to CISA. An anonymous third-party organization confirmed Akamai's report and identified specific affected products and firmware versions."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

2
2024/7xxx/CVE-2024-7208.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multi-tenant hosting providers do not verify the sender of an email against authenticated users, allowing an attacker to spoof the identify of another user's email address."
"value": "A vulnerability in multi-tenant hosting allows an authenticated sender to spoof the identity of a shared, hosted domain, thus bypass security measures provided by DMARC (or SPF or DKIM) policies."
}
]
},

18
2024/7xxx/CVE-2024-7424.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7424",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/7xxx/CVE-2024-7425.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7425",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}