admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-12 15:00:32 +00:00
parent 104b299793
commit 6f91539fbd
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
19 changed files with 1131 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2024/10xxx/CVE-2024-10315.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6"
"value": "In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Ather Iqbal."
}
]
},

109
2024/11xxx/CVE-2024-11125.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11125",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in GetSimpleCMS 3.3.16 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /admin/profile.php. Durch Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "GetSimpleCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.3.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.283973",
"refsource": "MISC",
"name": "https://vuldb.com/?id.283973"
},
{
"url": "https://vuldb.com/?ctiid.283973",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.283973"
},
{
"url": "https://vuldb.com/?submit.437090",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.437090"
},
{
"url": "https://github.com/Zeynalxan/zero-day/blob/main/GetSimpleCMS-CVE.md",
"refsource": "MISC",
"name": "https://github.com/Zeynalxan/zero-day/blob/main/GetSimpleCMS-CVE.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "Zeynalxan (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
}
]
}

104
2024/11xxx/CVE-2024-11126.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11126",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been classified as problematic. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of excessive authentication attempts. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in Digistar AG-30 Plus 2.6b ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Login Page. Durch das Beeinflussen mit unbekannten Daten kann eine improper restriction of excessive authentication attempts-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Excessive Authentication Attempts",
"cweId": "CWE-307"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Improper Control of Interaction Frequency",
"cweId": "CWE-799"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Digistar",
"product": {
"product_data": [
{
"product_name": "AG-30 Plus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.6b"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.283974",
"refsource": "MISC",
"name": "https://vuldb.com/?id.283974"
},
{
"url": "https://vuldb.com/?ctiid.283974",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.283974"
},
{
"url": "https://vuldb.com/?submit.437096",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.437096"
}
]
},
"credits": [
{
"lang": "en",
"value": "W0t4n (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.1,
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.1,
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 1.8,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N"
}
]
}

18
2024/11xxx/CVE-2024-11143.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11143",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11144.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11144",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

26
2024/31xxx/CVE-2024-31080.json
View File

@ -322,12 +322,28 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:23.2.7-1.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.20.11-26.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
@ -468,6 +484,16 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:3343"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:9093",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:9093"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:9122",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:9122"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-31080",
"refsource": "MISC",

26
2024/31xxx/CVE-2024-31081.json
View File

@ -322,12 +322,28 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:23.2.7-1.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.20.11-26.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
@ -468,6 +484,16 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:3343"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:9093",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:9093"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:9122",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:9122"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-31081",
"refsource": "MISC",

26
2024/31xxx/CVE-2024-31083.json
View File

@ -322,12 +322,28 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:23.2.7-1.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.20.11-26.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
@ -468,6 +484,16 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:3343"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:9093",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:9093"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:9122",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:9122"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-31083",
"refsource": "MISC",

104
2024/37xxx/CVE-2024-37365.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37365",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote code execution vulnerability exists in the affected\nproduct. The vulnerability allows users to save projects within the public\ndirectory allowing anyone with local access to modify and/or delete files. Additionally,\na malicious user could potentially leverage this vulnerability to escalate\ntheir privileges by changing the macro to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "FactoryTalk View Machine Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">=V14"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1709.html",
"refsource": "MISC",
"name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1709.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<br><p>\u00b7 &nbsp; &nbsp; &nbsp; &nbsp;\nTo enhance security and\nprevent unauthorized modifications to HMI project files, harden the Windows OS\nby removing the <b>INTERACTIVE</b> group from the folder\u2019s\nsecurity properties.</p>\n\n<p>\u00b7 &nbsp; &nbsp; &nbsp; &nbsp;\nAdd specific users or user\ngroups and assign their permissions to this folder using the least privileges\nprinciple. Users with read-only permission can still test run and run the\nFactoryTalk View ME Station.</p>\n\n<p>\u00b7 &nbsp; &nbsp; &nbsp; &nbsp;\nGuidance can be found in\nFactoryTalk View ME v14 Help topic: \u201cHMI projects folder settings\u201d. It can be opened through\nFactoryTalk View ME Studio menu \u201chelp\\Contents\\FactoryTalk View ME Help\\Create\na Machine Edition application-&gt;Open applications-&gt;HMI project folder settings\u201d. &nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security\nBest Practices</a></p>\n\n\n\n\n\n<br>"
}
],
"value": "\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nTo enhance security and\nprevent unauthorized modifications to HMI project files, harden the Windows OS\nby removing the INTERACTIVE group from the folder\u2019s\nsecurity properties.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nAdd specific users or user\ngroups and assign their permissions to this folder using the least privileges\nprinciple. Users with read-only permission can still test run and run the\nFactoryTalk View ME Station.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nGuidance can be found in\nFactoryTalk View ME v14 Help topic: \u201cHMI projects folder settings\u201d. It can be opened through\nFactoryTalk View ME Studio menu \u201chelp\\Contents\\FactoryTalk View ME Help\\Create\na Machine Edition application->Open applications->HMI project folder settings\u201d. \u00a0Security\nBest Practices"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Version 15"
}
],
"value": "Upgrade to Version 15"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

135
2024/3xxx/CVE-2024-3727.json
View File

@ -470,6 +470,73 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.37.2-1.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.16.1-1.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:5.2.2-1.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Migration Toolkit for Containers 1.8",
"version": {
@ -500,7 +567,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3:4.4.1-13.rhaos4.13.el8",
"version": "3:4.4.1-14.rhaos4.13.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -563,7 +630,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.11.3-3.rhaos4.14.el9",
"version": "2:1.11.3-3.rhaos4.14.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -584,7 +651,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "3:4.4.1-30.rhaos4.15.el8",
"version": "3:4.4.1-30.rhaos4.15.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -675,7 +742,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2:1.14.4-1.rhaos4.16.el9",
"version": "2:1.14.4-1.rhaos4.16.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -689,7 +756,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.29.5-7.rhaos4.16.git7db4ada.el9",
"version": "0:1.29.5-7.rhaos4.16.git7db4ada.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -1075,49 +1142,6 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 3.11",
"version": {
@ -1541,6 +1565,21 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:8425"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:9097",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:9097"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:9098",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:9098"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:9102",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:9102"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-3727",
"refsource": "MISC",

100
2024/50xxx/CVE-2024-50386.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50386",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.\n\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. \n\nAdditionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.\n\n\nfor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully.\"; qemu-img info -U $file | grep file: ; printf \"\\n\\n\"; done\nFor checking the whole template/volume features of each disk, operators can run the following command:\n\n\nfor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info.\"; qemu-img info -U $file; printf \"\\n\\n\"; done"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache CloudStack",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "4.0.0",
"version_value": "4.18.2.4"
},
{
"version_affected": "<=",
"version_name": "4.19.0.0",
"version_value": "4.19.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.5-4.19.1.3",
"refsource": "MISC",
"name": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.5-4.19.1.3"
},
{
"url": "https://lists.apache.org/thread/d0x83c2cyglzzdw8csbop7mj7h83z95y",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/d0x83c2cyglzzdw8csbop7mj7h83z95y"
},
{
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-5-and-4-19-1-3/",
"refsource": "MISC",
"name": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-5-and-4-19-1-3/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Kiran Chavala <kiranchavala@apache.org>"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

81
2024/51xxx/CVE-2024-51562.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-51562",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1-RELEASE",
"version_value": "p6"
},
{
"version_affected": "<",
"version_name": "13.4-RELEASE",
"version_value": "p2"
},
{
"version_affected": "<",
"version_name": "13.3-RELEASE",
"version_value": "p8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc"
}
]
},
"credits": [
{
"lang": "en",
"value": "Synacktiv"
},
{
"lang": "en",
"value": "The FreeBSD Foundation"
},
{
"lang": "en",
"value": "The Alpha-Omega Project"
}
]
}

81
2024/51xxx/CVE-2024-51563.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-51563",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"cweId": "CWE-367"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1-RELEASE",
"version_value": "p6"
},
{
"version_affected": "<",
"version_name": "13.4-RELEASE",
"version_value": "p2"
},
{
"version_affected": "<",
"version_name": "13.3-RELEASE",
"version_value": "p8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc"
}
]
},
"credits": [
{
"lang": "en",
"value": "Synacktiv"
},
{
"lang": "en",
"value": "The FreeBSD Foundation"
},
{
"lang": "en",
"value": "The Alpha-Omega Project"
}
]
}

81
2024/51xxx/CVE-2024-51564.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-51564",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A guest can trigger an infinite loop in the hda audio driver."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"cweId": "CWE-1285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1-RELEASE",
"version_value": "p6"
},
{
"version_affected": "<",
"version_name": "13.4-RELEASE",
"version_value": "p2"
},
{
"version_affected": "<",
"version_name": "13.3-RELEASE",
"version_value": "p8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc"
}
]
},
"credits": [
{
"lang": "en",
"value": "Synacktiv"
},
{
"lang": "en",
"value": "The FreeBSD Foundation"
},
{
"lang": "en",
"value": "The Alpha-Omega Project"
}
]
}

81
2024/51xxx/CVE-2024-51565.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-51565",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The hda driver is vulnerable to a buffer over-read from a guest-controlled value."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1-RELEASE",
"version_value": "p6"
},
{
"version_affected": "<",
"version_name": "13.4-RELEASE",
"version_value": "p2"
},
{
"version_affected": "<",
"version_name": "13.3-RELEASE",
"version_value": "p8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc"
}
]
},
"credits": [
{
"lang": "en",
"value": "Synacktiv"
},
{
"lang": "en",
"value": "The FreeBSD Foundation"
},
{
"lang": "en",
"value": "The Alpha-Omega Project"
}
]
}

81
2024/51xxx/CVE-2024-51566.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-51566",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The NVMe driver queue processing is vulernable to guest-induced infinite loops."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"cweId": "CWE-1285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1-RELEASE",
"version_value": "p6"
},
{
"version_affected": "<",
"version_name": "13.4-RELEASE",
"version_value": "p2"
},
{
"version_affected": "<",
"version_name": "13.3-RELEASE",
"version_value": "p8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc"
}
]
},
"credits": [
{
"lang": "en",
"value": "Synacktiv"
},
{
"lang": "en",
"value": "The FreeBSD Foundation"
},
{
"lang": "en",
"value": "The Alpha-Omega Project"
}
]
}

53
2024/6xxx/CVE-2024-6126.json
View File

@ -35,6 +35,41 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:323.1-1.el9_5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:323.1-1.el9_5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
@ -60,19 +95,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -82,6 +104,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:9325",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:9325"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-6126",
"refsource": "MISC",

53
2024/6xxx/CVE-2024-6501.json
View File

@ -35,6 +35,41 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1:1.48.10-2.el9_5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1:1.48.10-2.el9_5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -74,19 +109,6 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenShift Container Platform 4",
"version": {
@ -108,6 +130,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:9317",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:9317"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-6501",
"refsource": "MISC",

73
2024/8xxx/CVE-2024-8074.json
View File

@ -1,18 +1,81 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8074",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@usom.gov.tr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.This issue affects Nomysem: before 13.10.2024."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nomysoft Informatics",
"product": {
"product_data": [
{
"product_name": "Nomysem",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "13.10.2024"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-1847",
"refsource": "MISC",
"name": "https://www.usom.gov.tr/bildirim/tr-24-1847"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TR-24-1847",
"defect": [
"TR-24-1847"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Mustafa Anil YILDIRIM"
}
]
}