admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-04 22:00:32 +00:00
parent 0e6c176498
commit 6c85a43bf9
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 450 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

169
2024/20xxx/CVE-2024-20505.json
View File

@ -1,17 +1,178 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "ClamAV",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4.0"
},
{
"version_affected": "=",
"version_value": "1.3.2"
},
{
"version_affected": "=",
"version_value": "1.0.6"
},
{
"version_affected": "=",
"version_value": "1.0.5"
},
{
"version_affected": "=",
"version_value": "1.0.4"
},
{
"version_affected": "=",
"version_value": "1.0.3"
},
{
"version_affected": "=",
"version_value": "1.0.2"
},
{
"version_affected": "=",
"version_value": "1.0.1"
},
{
"version_affected": "=",
"version_value": "1.0.0"
},
{
"version_affected": "=",
"version_value": "1.2.x"
},
{
"version_affected": "=",
"version_value": "0.105.x"
},
{
"version_affected": "=",
"version_value": "0.104.x"
},
{
"version_affected": "=",
"version_value": "0.103.11"
},
{
"version_affected": "=",
"version_value": "0.103.10"
},
{
"version_affected": "=",
"version_value": "0.103.9"
},
{
"version_affected": "=",
"version_value": "0.103.8"
},
{
"version_affected": "=",
"version_value": "0.103.7"
},
{
"version_affected": "=",
"version_value": "0.103.6"
},
{
"version_affected": "=",
"version_value": "0.103.5"
},
{
"version_affected": "=",
"version_value": "0.103.4"
},
{
"version_affected": "=",
"version_value": "0.103.3"
},
{
"version_affected": "=",
"version_value": "0.103.2"
},
{
"version_affected": "=",
"version_value": "0.103.1"
},
{
"version_affected": "=",
"version_value": "0.103.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html",
"refsource": "MISC",
"name": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"
}
]
},
"source": {
"discovery": "INTERNAL",
"defects": [
"CSCwk44457"
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
}
]
}

169
2024/20xxx/CVE-2024-20506.json
View File

@ -1,17 +1,178 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20506",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.\r\n\r\nThe vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "ClamAV",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4.0"
},
{
"version_affected": "=",
"version_value": "1.3.2"
},
{
"version_affected": "=",
"version_value": "1.0.6"
},
{
"version_affected": "=",
"version_value": "1.0.5"
},
{
"version_affected": "=",
"version_value": "1.0.4"
},
{
"version_affected": "=",
"version_value": "1.0.3"
},
{
"version_affected": "=",
"version_value": "1.0.2"
},
{
"version_affected": "=",
"version_value": "1.0.1"
},
{
"version_affected": "=",
"version_value": "1.0.0"
},
{
"version_affected": "=",
"version_value": "1.2.x"
},
{
"version_affected": "=",
"version_value": "0.105.x"
},
{
"version_affected": "=",
"version_value": "0.104.x"
},
{
"version_affected": "=",
"version_value": "0.103.11"
},
{
"version_affected": "=",
"version_value": "0.103.10"
},
{
"version_affected": "=",
"version_value": "0.103.9"
},
{
"version_affected": "=",
"version_value": "0.103.8"
},
{
"version_affected": "=",
"version_value": "0.103.7"
},
{
"version_affected": "=",
"version_value": "0.103.6"
},
{
"version_affected": "=",
"version_value": "0.103.5"
},
{
"version_affected": "=",
"version_value": "0.103.4"
},
{
"version_affected": "=",
"version_value": "0.103.3"
},
{
"version_affected": "=",
"version_value": "0.103.2"
},
{
"version_affected": "=",
"version_value": "0.103.1"
},
{
"version_affected": "=",
"version_value": "0.103.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html",
"refsource": "MISC",
"name": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"
}
]
},
"source": {
"discovery": "EXTERNAL",
"defects": [
"CSCwk31741"
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
}
]
}

88
2024/2xxx/CVE-2024-2166.json
View File

@ -1,17 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@forcepoint.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Forcepoint",
"product": {
"product_data": [
{
"product_name": "Email Security",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "8.5.5 HF003",
"status": "affected",
"version": "0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.forcepoint.com/s/article/000042397",
"refsource": "MISC",
"name": "https://support.forcepoint.com/s/article/000042397"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2024/8xxx/CVE-2024-8442.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8442",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8443.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8443",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}