admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-12 18:00:34 +00:00
parent 35992b8c7a
commit 71c3e94611
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 643 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2009/1xxx/CVE-2009-1605.json
View File

@ -71,6 +71,16 @@
"name": "20090424 SumatraPDF <= 0.9.3 Heap Overflow PoC",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0258.html"
},
{
"refsource": "CONFIRM",
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=690555",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=690555"
},
{
"refsource": "MISC",
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=451373e028f82fa2f1cc2a6a669df31d85c877bd",
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=451373e028f82fa2f1cc2a6a669df31d85c877bd"
}
]
}

67
2020/24xxx/CVE-2020-24061.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24061",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24061",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://medium.com/@sadikul.islam/kasda-kw5515-cross-site-scripting-html-injection-e6cb9f65ae89?sk=5e1ea8e1cba8dbeaff7f9cd710808354",
"refsource": "MISC",
"name": "https://medium.com/@sadikul.islam/kasda-kw5515-cross-site-scripting-html-injection-e6cb9f65ae89?sk=5e1ea8e1cba8dbeaff7f9cd710808354"
},
{
"refsource": "MISC",
"name": "https://github.com/0xadik/CVEs/tree/main/CVE-2020-24061",
"url": "https://github.com/0xadik/CVEs/tree/main/CVE-2020-24061"
}
]
}

18
2024/38xxx/CVE-2024-38380.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38380",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/45xxx/CVE-2024-45682.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45682",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

100
2024/8xxx/CVE-2024-8631.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8631",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated their privileges to include other custom roles."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-267: Privilege Defined With Unsafe Actions",
"cweId": "CWE-267"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.6",
"version_value": "17.1.7"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2.5"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462665",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/462665"
},
{
"url": "https://hackerone.com/reports/2478469",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2478469"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to version 17.1.7, 17.2.5 or 17.3.2"
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [chotebabume](https://hackerone.com/chotebabume) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
]
}

95
2024/8xxx/CVE-2024-8635.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8635",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.8",
"version_value": "17.1.7"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2.5"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/455273",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/455273"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to version 17.1.7, 17.2.5 or 17.3.2"
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was discovered internally by GitLab team member [joernchen](https://gitlab.com/joernchen)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
}
]
}

126
2024/8xxx/CVE-2024-8695.json
View File

@ -1,18 +1,136 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8695",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@docker.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Docker",
"product": {
"product_data": [
{
"product_name": "Docker Desktop",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.34.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://docs.docker.com/desktop/release-notes/#4342",
"refsource": "MISC",
"name": "https://docs.docker.com/desktop/release-notes/#4342"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Extensions are enabled"
}
],
"value": "Docker Extensions are enabled"
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/extensions/settings-feedback/#turn-on-or-turn-off-extensions\">Turn off&nbsp;Docker Extensions</a><br>"
}
],
"value": "Turn off\u00a0Docker Extensions https://docs.docker.com/extensions/settings-feedback/#turn-on-or-turn-off-extensions"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Configure a <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/extensions/private-marketplace/\">private marketplace</a> with a curated list of trusted extensions (for Docker Business customers only)"
}
],
"value": "Configure a private marketplace https://docs.docker.com/extensions/private-marketplace/ with a curated list of trusted extensions (for Docker Business customers only)"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Docker Desktop to 4.34.2 or a later version"
}
],
"value": "Update Docker Desktop to 4.34.2 or a later version"
}
],
"credits": [
{
"lang": "en",
"value": "Cure53"
}
]
}

126
2024/8xxx/CVE-2024-8696.json
View File

@ -1,18 +1,136 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8696",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@docker.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Docker",
"product": {
"product_data": [
{
"product_name": "Docker Desktop",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.34.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://docs.docker.com/desktop/release-notes/#4342",
"refsource": "MISC",
"name": "https://docs.docker.com/desktop/release-notes/#4342"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Extensions are enabled"
}
],
"value": "Docker Extensions are enabled"
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/extensions/settings-feedback/#turn-on-or-turn-off-extensions\">Turn off&nbsp;Docker Extensions</a><br>"
}
],
"value": "Turn off\u00a0Docker Extensions https://docs.docker.com/extensions/settings-feedback/#turn-on-or-turn-off-extensions"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Configure a <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/extensions/private-marketplace/\">private marketplace</a> with a curated list of trusted extensions (for Docker Business customers only)"
}
],
"value": "Configure a private marketplace https://docs.docker.com/extensions/private-marketplace/ with a curated list of trusted extensions (for Docker Business customers only)"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Docker Desktop to 4.34.2 or a later version"
}
],
"value": "Update Docker Desktop to 4.34.2 or a later version"
}
],
"credits": [
{
"lang": "en",
"value": "Cure53"
}
]
}

95
2024/8xxx/CVE-2024-8754.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-642: External Control of Critical State Data",
"cweId": "CWE-642"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.9.7",
"version_value": "17.1.7"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2.5"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/464062",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/464062"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 17.3.2, 17.2.5, 17.1.7 or above."
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was discovered internally by GitLab team member [Joern Schneeweisz](https://gitlab.com/joernchen)."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

18
2024/8xxx/CVE-2024-8757.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8757",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}