admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-05 14:00:33 +00:00
parent 44a52fa943
commit 808650a37b
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
14 changed files with 736 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
2021/47xxx/CVE-2021-47488.json
View File

@ -5,109 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2021-47488",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: Fix memory leak caused by missing cgroup_bpf_offline\n\nWhen enabling CONFIG_CGROUP_BPF, kmemleak can be observed by running\nthe command as below:\n\n $mount -t cgroup -o none,name=foo cgroup cgroup/\n $umount cgroup/\n\nunreferenced object 0xc3585c40 (size 64):\n comm \"mount\", pid 425, jiffies 4294959825 (age 31.990s)\n hex dump (first 32 bytes):\n 01 00 00 80 84 8c 28 c0 00 00 00 00 00 00 00 00 ......(.........\n 00 00 00 00 00 00 00 00 6c 43 a0 c3 00 00 00 00 ........lC......\n backtrace:\n [<e95a2f9e>] cgroup_bpf_inherit+0x44/0x24c\n [<1f03679c>] cgroup_setup_root+0x174/0x37c\n [<ed4b0ac5>] cgroup1_get_tree+0x2c0/0x4a0\n [<f85b12fd>] vfs_get_tree+0x24/0x108\n [<f55aec5c>] path_mount+0x384/0x988\n [<e2d5e9cd>] do_mount+0x64/0x9c\n [<208c9cfe>] sys_mount+0xfc/0x1f4\n [<06dd06e0>] ret_fast_syscall+0x0/0x48\n [<a8308cb3>] 0xbeb4daa8\n\nThis is because that since the commit 2b0d3d3e4fcf (\"percpu_ref: reduce\nmemory footprint of percpu_ref in fast path\") root_cgrp->bpf.refcnt.data\nis allocated by the function percpu_ref_init in cgroup_bpf_inherit which\nis called by cgroup_setup_root when mounting, but not freed along with\nroot_cgrp when umounting. Adding cgroup_bpf_offline which calls\npercpu_ref_kill to cgroup_kill_sb can free root_cgrp->bpf.refcnt.data in\numount path.\n\nThis patch also fixes the commit 4bfc0bb2c60e (\"bpf: decouple the lifetime\nof cgroup_bpf from cgroup itself\"). A cgroup_bpf_offline is needed to do a\ncleanup that frees the resources which are allocated by cgroup_bpf_inherit\nin cgroup_setup_root.\n\nAnd inside cgroup_bpf_offline, cgroup_get() is at the beginning and\ncgroup_put is at the end of cgroup_bpf_release which is called by\ncgroup_bpf_offline. So cgroup_bpf_offline can keep the balance of\ncgroup's refcount."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4bfc0bb2c60e",
"version_value": "01599bf7cc2b"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "5.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.3",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.77",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.14.16",
"lessThanOrEqual": "5.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/01599bf7cc2b49c3d2be886cb438647dc25446ed",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/01599bf7cc2b49c3d2be886cb438647dc25446ed"
},
{
"url": "https://git.kernel.org/stable/c/b529f88d93884cf8ccafda793ee3d27b82fa578d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b529f88d93884cf8ccafda793ee3d27b82fa578d"
},
{
"url": "https://git.kernel.org/stable/c/04f8ef5643bcd8bcde25dfdebef998aea480b2ba",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/04f8ef5643bcd8bcde25dfdebef998aea480b2ba"
}
]
},
"generator": {
"engine": "bippy-9e1c9544281a"
}
}

114
2024/12xxx/CVE-2024-12227.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12227",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. Upgrading to version 2.0.148.0 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in MSI Dragon Center bis 2.0.146.0 gefunden. Betroffen hiervon ist die Funktion MmUnMapIoSpace in der Bibliothek NTIOLib_X64.sys der Komponente IOCTL Handler. Mit der Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Ein Aktualisieren auf die Version 2.0.148.0 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service",
"cweId": "CWE-404"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MSI",
"product": {
"product_data": [
{
"product_name": "Dragon Center",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.146"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.286959",
"refsource": "MISC",
"name": "https://vuldb.com/?id.286959"
},
{
"url": "https://vuldb.com/?ctiid.286959",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.286959"
},
{
"url": "https://vuldb.com/?submit.456017",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.456017"
},
{
"url": "https://shareforall.notion.site/MSI-Dragon-Center-NTIOLib_X64-0xC3506104-MmMapIoSpace-DOS-15160437bb1e801daf58d4aea052970e",
"refsource": "MISC",
"name": "https://shareforall.notion.site/MSI-Dragon-Center-NTIOLib_X64-0xC3506104-MmMapIoSpace-DOS-15160437bb1e801daf58d4aea052970e"
},
{
"url": "https://www.msi.com/Landing/dragon-center-download/nb",
"refsource": "MISC",
"name": "https://www.msi.com/Landing/dragon-center-download/nb"
}
]
},
"credits": [
{
"lang": "en",
"value": "TopGun (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.5,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C"
}
]
}

114
2024/12xxx/CVE-2024-12228.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12228",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Affected is an unknown function of the file /admin/user-search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in PHPGurukul Complaint Management System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/user-search.php. Mittels Manipulieren des Arguments search mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHPGurukul",
"product": {
"product_data": [
{
"product_name": "Complaint Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.286974",
"refsource": "MISC",
"name": "https://vuldb.com/?id.286974"
},
{
"url": "https://vuldb.com/?ctiid.286974",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.286974"
},
{
"url": "https://vuldb.com/?submit.455059",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.455059"
},
{
"url": "https://github.com/PunyHunter/CVE/issues/2",
"refsource": "MISC",
"name": "https://github.com/PunyHunter/CVE/issues/2"
},
{
"url": "https://phpgurukul.com/",
"refsource": "MISC",
"name": "https://phpgurukul.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "punnyhunter (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

18
2024/12xxx/CVE-2024-12241.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12241",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

69
2024/40xxx/CVE-2024-40763.json
View File

@ -1,18 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40763",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@sonicwall.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SonicWall",
"product": {
"product_data": [
{
"product_name": "SMA100",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.2.1.13-72sv and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018",
"refsource": "MISC",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SNWLID-2024-0018",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Alain Mowat of Orange Cyberdefense, Switzerland."
}
]
}

69
2024/45xxx/CVE-2024-45318.json
View File

@ -1,18 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45318",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@sonicwall.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SonicWall",
"product": {
"product_data": [
{
"product_name": "SMA100",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.2.1.13-72sv and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018",
"refsource": "MISC",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SNWLID-2024-0018",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Alain Mowat of Orange Cyberdefense, Switzerland."
}
]
}

69
2024/45xxx/CVE-2024-45319.json
View File

@ -1,18 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45319",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@sonicwall.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the SonicWall SMA100 SSLVPN \n\nfirmware\u00a010.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SonicWall",
"product": {
"product_data": [
{
"product_name": "SMA100",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.2.1.13-72sv and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018",
"refsource": "MISC",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SNWLID-2024-0018",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Alain Mowat of Orange Cyberdefense, Switzerland."
}
]
}

11
2024/50xxx/CVE-2024-50010.json
View File

@ -77,6 +77,12 @@
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12",
"lessThanOrEqual": "*",
@ -123,6 +129,11 @@
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/d62ba2a5536df83473a2ac15ab302258e3845251"
},
{
"url": "https://git.kernel.org/stable/c/b8b0e9650eeb6637b4e1cf3d6aaf0e96f87862e7",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b8b0e9650eeb6637b4e1cf3d6aaf0e96f87862e7"
},
{
"url": "https://git.kernel.org/stable/c/0d196e7589cefe207d5d41f37a0a28a1fdeeb7c6",
"refsource": "MISC",

148
2024/52xxx/CVE-2024-52271.json
View File

@ -1,18 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52271",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.\n\n\nThis issue affects Documenso: through 1.8.0, >1.8.0 and Documenso SaaS (Hosted) as of 2024-12-05."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"cweId": "CWE-451"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Documenso",
"product": {
"product_data": [
{
"product_name": "Documenso",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "0",
"versionType": "git"
},
{
"status": "affected",
"version": ">1.8.0",
"versionType": "git"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Documenso SaaS (Hosted)",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2024-12-05",
"status": "affected",
"version": "0",
"versionType": "date"
},
{
"status": "affected",
"version": "2024-12-05",
"versionType": "date"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.vulsec.org/advisories",
"refsource": "MISC",
"name": "https://www.vulsec.org/advisories"
},
{
"url": "https://github.com/documenso/documenso",
"refsource": "MISC",
"name": "https://github.com/documenso/documenso"
},
{
"url": "https://www.documenso.com/",
"refsource": "MISC",
"name": "https://www.documenso.com/"
},
{
"url": "https://github.com/documenso/documenso/issues/1512",
"refsource": "MISC",
"name": "https://github.com/documenso/documenso/issues/1512"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<ul><li>If other party initiated e-signing - Download the PDF file for a security professionals/educated persons inspection</li><li>If possible -&nbsp;Download the PDF file and perform full flattening (of the entire document, not just form fields)</li></ul><br>"
}
],
"value": "* If other party initiated e-signing - Download the PDF file for a security professionals/educated persons inspection\n * If possible -\u00a0Download the PDF file and perform full flattening (of the entire document, not just form fields)"
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Known, potentially in use (e.g., spear phishing)"
}
],
"value": "Known, potentially in use (e.g., spear phishing)"
}
],
"credits": [
{
"lang": "en",
"value": "Erez Kalman"
}
]
}

2
2024/52xxx/CVE-2024-52277.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.This issue affects DocuSeal: through 1.8.1, >1.8.1."
"value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.\n\n\nThis issue affects DocuSeal: through 1.8.1, >1.8.1."
}
]
},

3
2024/52xxx/CVE-2024-52336.json
View File

@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "Improper Privilege Management",
"cweId": "CWE-269"
}
]
}

69
2024/53xxx/CVE-2024-53702.json
View File

@ -1,18 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53702",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@sonicwall.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"cweId": "CWE-338"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SonicWall",
"product": {
"product_data": [
{
"product_name": "SMA100",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.2.1.13-72sv and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018",
"refsource": "MISC",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SNWLID-2024-0018",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Alain Mowat of Orange Cyberdefense, Switzerland."
}
]
}

69
2024/53xxx/CVE-2024-53703.json
View File

@ -1,18 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53703",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@sonicwall.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SonicWall",
"product": {
"product_data": [
{
"product_name": "SMA100",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.2.1.13-72sv and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018",
"refsource": "MISC",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SNWLID-2024-0018",
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Alain Mowat of Orange Cyberdefense, Switzerland."
}
]
}

18
2024/54xxx/CVE-2024-54678.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-54678",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}