admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-29 15:00:33 +00:00
parent 8e52372c6b
commit 716ca0da16
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
12 changed files with 363 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2024/10xxx/CVE-2024-10493.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10493",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10494.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10495.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10495",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/10xxx/CVE-2024-10496.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10496",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2024/28xxx/CVE-2024-28020.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM\u00a0 application and server management. If exploited a malicious user \ncould use the passwords and login information to extend access on \nthe server and other services."
"value": "A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application\nand server management. If exploited a malicious high-privileged\nuser could use the passwords and login information through complex routines to extend access on the server and other services."
}
]
},

8
2024/28xxx/CVE-2024-28021.json
View File

@ -137,16 +137,16 @@
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]

2
2024/28xxx/CVE-2024-28022.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that \nif exploited allows a malicious user to perform an arbitrary number \nof authentication attempts using different passwords, and \neventually gain access to the targeted account."
"value": "A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of\nauthentication attempts using different passwords, and eventually\ngain access to other components in the same security realm using\nthe targeted account."
}
]
},

8
2024/28xxx/CVE-2024-28024.json
View File

@ -113,14 +113,14 @@
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]

58
2024/48xxx/CVE-2024-48921.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. \"disallow-privileged-containers,\" can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to non-kyverno namespaces to create exceptions. This vulnerability is fixed in 1.13.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kyverno",
"product": {
"product_data": [
{
"product_name": "kyverno",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.13.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/kyverno/kyverno/security/advisories/GHSA-qjvc-p88j-j9rm",
"refsource": "MISC",
"name": "https://github.com/kyverno/kyverno/security/advisories/GHSA-qjvc-p88j-j9rm"
}
]
},
"source": {
"advisory": "GHSA-qjvc-p88j-j9rm",
"discovery": "UNKNOWN"
}
}

90
2024/49xxx/CVE-2024-49768.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49768",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default) we won't read any more requests, and when the first request fails due to a parsing error, we simply close the connection. However when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while we read the next request and queue it. This will allow the secondary request to be serviced by the worker thread while the connection should be closed. Waitress 3.0.1 fixes the race condition. As a workaround, disable channel_request_lookahead, this is set to 0 by default disabling this feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"cweId": "CWE-367"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')",
"cweId": "CWE-444"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pylons",
"product": {
"product_data": [
{
"product_name": "waitress",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.0.0, < 3.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj",
"refsource": "MISC",
"name": "https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj"
},
{
"url": "https://github.com/Pylons/waitress/commit/e4359018537af376cf24bd13616d861e2fb76f65",
"refsource": "MISC",
"name": "https://github.com/Pylons/waitress/commit/e4359018537af376cf24bd13616d861e2fb76f65"
}
]
},
"source": {
"advisory": "GHSA-9298-4cf8-g4wj",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

91
2024/49xxx/CVE-2024-49769.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49769",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-772: Missing Release of Resource after Effective Lifetime",
"cweId": "CWE-772"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pylons",
"product": {
"product_data": [
{
"product_name": "waitress",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6",
"refsource": "MISC",
"name": "https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6"
},
{
"url": "https://github.com/Pylons/waitress/issues/418",
"refsource": "MISC",
"name": "https://github.com/Pylons/waitress/issues/418"
},
{
"url": "https://github.com/Pylons/waitress/pull/435",
"refsource": "MISC",
"name": "https://github.com/Pylons/waitress/pull/435"
},
{
"url": "https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c",
"refsource": "MISC",
"name": "https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c"
}
]
},
"source": {
"advisory": "GHSA-3f84-rpwh-47g6",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

58
2024/50xxx/CVE-2024-50334.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50334",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT requests on the /api;/config endpoint while setting the Content-Type: application/hocon header allow unauthenticated attackers to file reading via HOCON file inclusion. This allows attackers to retrieve sensitive information such as configuration files from the server, which can be leveraged for further exploitation. The vulnerability has been fixed in Scoold 1.64.0. A workaround would be to disable the Scoold API with scoold.api_enabled = false."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"cweId": "CWE-288"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Erudika",
"product": {
"product_data": [
{
"product_name": "scoold",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.64.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Erudika/scoold/security/advisories/GHSA-fhwp-f6g7-rr3p",
"refsource": "MISC",
"name": "https://github.com/Erudika/scoold/security/advisories/GHSA-fhwp-f6g7-rr3p"
}
]
},
"source": {
"advisory": "GHSA-fhwp-f6g7-rr3p",
"discovery": "UNKNOWN"
}
}