admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-29 23:00:36 +00:00
parent 7ca28a8808
commit 73b52dfac8
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 514 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2024/10xxx/CVE-2024-10519.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10519",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

36
2024/44xxx/CVE-2024-44229.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information leakage was addressed with additional validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1. Private browsing may leak some browsing history."
"value": "An information leakage was addressed with additional validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. Private browsing may leak some browsing history."
}
]
},
@ -57,6 +57,30 @@
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.1"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.1"
}
]
}
}
]
}
@ -75,6 +99,16 @@
"url": "https://support.apple.com/en-us/121563",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121563"
},
{
"url": "https://support.apple.com/en-us/121564",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121564"
},
{
"url": "https://support.apple.com/en-us/121571",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121571"
}
]
}

36
2024/44xxx/CVE-2024-44244.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. Processing maliciously crafted web content may lead to an unexpected process crash."
"value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash."
}
]
},
@ -81,6 +81,30 @@
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.1"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.1"
}
]
}
}
]
}
@ -109,6 +133,16 @@
"url": "https://support.apple.com/en-us/121563",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121563"
},
{
"url": "https://support.apple.com/en-us/121564",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121564"
},
{
"url": "https://support.apple.com/en-us/121571",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121571"
}
]
}

36
2024/44xxx/CVE-2024-44259.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker may be able to misuse a trust relationship to download malicious content."
"value": "This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. An attacker may be able to misuse a trust relationship to download malicious content."
}
]
},
@ -57,6 +57,30 @@
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.1"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.1"
}
]
}
}
]
}
@ -80,6 +104,16 @@
"url": "https://support.apple.com/en-us/121563",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121563"
},
{
"url": "https://support.apple.com/en-us/121564",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121564"
},
{
"url": "https://support.apple.com/en-us/121571",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121571"
}
]
}

36
2024/44xxx/CVE-2024-44296.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
"value": "The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
}
]
},
@ -81,6 +81,30 @@
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.1"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.1"
}
]
}
}
]
}
@ -114,6 +138,16 @@
"url": "https://support.apple.com/en-us/121563",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121563"
},
{
"url": "https://support.apple.com/en-us/121564",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121564"
},
{
"url": "https://support.apple.com/en-us/121571",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121571"
}
]
}

81
2024/50xxx/CVE-2024-50348.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50348",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS (Cross Site Scripting) payload and execute. This vulnerability is fixed in 2.16.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "instantsoft",
"product": {
"product_data": [
{
"product_name": "icms2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.16.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/instantsoft/icms2/security/advisories/GHSA-f6cf-jg84-fw29",
"refsource": "MISC",
"name": "https://github.com/instantsoft/icms2/security/advisories/GHSA-f6cf-jg84-fw29"
},
{
"url": "https://github.com/instantsoft/icms2/commit/e02de2fa1850bb40c9b2050b9256c838a0ea7aa3",
"refsource": "MISC",
"name": "https://github.com/instantsoft/icms2/commit/e02de2fa1850bb40c9b2050b9256c838a0ea7aa3"
}
]
},
"source": {
"advisory": "GHSA-f6cf-jg84-fw29",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

100
2024/51xxx/CVE-2024-51378.json
View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-51378",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-51378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "getresetstatus in dns/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cwe.mitre.org/data/definitions/78.html",
"refsource": "MISC",
"name": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"url": "https://github.com/usmannasir/cyberpanel/commit/1c0c6cbcf71abe573da0b5fddfb9603e7477f683",
"refsource": "MISC",
"name": "https://github.com/usmannasir/cyberpanel/commit/1c0c6cbcf71abe573da0b5fddfb9603e7477f683"
},
{
"url": "https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/",
"refsource": "MISC",
"name": "https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/"
},
{
"url": "https://cyberpanel.net/KnowledgeBase/home/change-logs/",
"refsource": "MISC",
"name": "https://cyberpanel.net/KnowledgeBase/home/change-logs/"
},
{
"url": "https://cwe.mitre.org/data/definitions/420.html",
"refsource": "MISC",
"name": "https://cwe.mitre.org/data/definitions/420.html"
},
{
"url": "https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel",
"refsource": "MISC",
"name": "https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel"
},
{
"url": "https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/",
"refsource": "MISC",
"name": "https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
}

100
2024/51xxx/CVE-2024-51567.json
View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-51567",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-51567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cwe.mitre.org/data/definitions/78.html",
"refsource": "MISC",
"name": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"url": "https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce",
"refsource": "MISC",
"name": "https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce"
},
{
"url": "https://github.com/usmannasir/cyberpanel/commit/5b08cd6d53f4dbc2107ad9f555122ce8b0996515",
"refsource": "MISC",
"name": "https://github.com/usmannasir/cyberpanel/commit/5b08cd6d53f4dbc2107ad9f555122ce8b0996515"
},
{
"url": "https://cyberpanel.net/KnowledgeBase/home/change-logs/",
"refsource": "MISC",
"name": "https://cyberpanel.net/KnowledgeBase/home/change-logs/"
},
{
"url": "https://cwe.mitre.org/data/definitions/420.html",
"refsource": "MISC",
"name": "https://cwe.mitre.org/data/definitions/420.html"
},
{
"url": "https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel",
"refsource": "MISC",
"name": "https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel"
},
{
"url": "https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/",
"refsource": "MISC",
"name": "https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
}

91
2024/51xxx/CVE-2024-51568.json Normal file
View File

@ -0,0 +1,91 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-51568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cwe.mitre.org/data/definitions/78.html",
"refsource": "MISC",
"name": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"url": "https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce",
"refsource": "MISC",
"name": "https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce"
},
{
"url": "https://cyberpanel.net/KnowledgeBase/home/change-logs/",
"refsource": "MISC",
"name": "https://cyberpanel.net/KnowledgeBase/home/change-logs/"
},
{
"url": "https://cyberpanel.net/blog/cyberpanel-v2-3-5",
"refsource": "MISC",
"name": "https://cyberpanel.net/blog/cyberpanel-v2-3-5"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
}