admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-17 15:00:35 +00:00
parent 05b6b8aa1e
commit 8102aa078a
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
8 changed files with 404 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
2021/27xxx/CVE-2021-27915.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27915",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mautic.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.\n\nThis could lead to the user having elevated access to the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mautic",
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": ">= 1.0.0-beta2",
"version_value": "<= 4.4.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422",
"refsource": "MISC",
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2",
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.12 or later."
}
],
"value": "Update to 4.4.12 or later."
}
],
"credits": [
{
"lang": "en",
"value": "Lenon Leite"
},
{
"lang": "en",
"value": "Lenon Leite"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
]
}

120
2021/27xxx/CVE-2021-27916.json
View File

@ -1,17 +1,129 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27916",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mautic.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.\n\nThis vulnerability exists in the implementation of the GrapesJS builder in Mautic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mautic",
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": ">= 3.3.0",
"version_value": "<= 4.4.11"
},
{
"version_affected": "<=",
"version_name": ">= 5.0.0",
"version_value": "<= 5.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p",
"refsource": "MISC",
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "GHSA-9fcx-cv56-w58p",
"discovery": "USER"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to 4.4.12 or 5.0.4 or higher."
}
],
"value": "Upgrade to 4.4.12 or 5.0.4 or higher."
}
],
"credits": [
{
"lang": "en",
"value": "Mattias Michaux"
},
{
"lang": "en",
"value": "Lenon Leite"
},
{
"lang": "en",
"value": "Adrian Schimpf"
},
{
"lang": "en",
"value": "Avikarsha Saha"
},
{
"lang": "en",
"value": "John Linhart"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
]
}

2
2021/43xxx/CVE-2021-43072.json
View File

@ -117,7 +117,7 @@
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiAnalyzer version 7.0.3 or above \nPlease upgrade to FortiAnalyzer version 6.4.8 or above \nPlease upgrade to FortiManager version 7.0.3 or above \nPlease upgrade to FortiManager version 6.4.8 or above \nPlease upgrade to FortiOS version 7.2.0 or above \nPlease upgrade to FortiOS version 7.0.6 or above \nPlease upgrade to FortiProxy version 7.0.4 or above \nPlease upgrade to FortiProxy version 2.0.9 or above \n"
"value": "Please upgrade to FortiAnalyzer version 7.0.3 or above \nPlease upgrade to FortiAnalyzer version 6.4.8 or above \nPlease upgrade to FortiManager version 7.0.3 or above \nPlease upgrade to FortiManager version 6.4.8 or above \nPlease upgrade to FortiOS version 7.2.0 or above \nPlease upgrade to FortiOS version 7.0.6 or above \nPlease upgrade to FortiProxy version 7.0.4 or above \nPlease upgrade to FortiProxy version 2.0.9 or above"
}
],
"impact": {

2
2023/36xxx/CVE-2023-36549.json
View File

@ -70,7 +70,7 @@
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiWLM version 8.6.6 or above \nPlease upgrade to FortiWLM version 8.5.5 or above \n"
"value": "Please upgrade to FortiWLM version 8.6.6 or above \nPlease upgrade to FortiWLM version 8.5.5 or above"
}
],
"impact": {

56
2023/42xxx/CVE-2023-42790.json
View File

@ -35,6 +35,32 @@
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.4.0"
},
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.6"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.12"
},
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.13"
}
]
}
},
{
"product_name": "FortiOS",
"version": {
@ -66,32 +92,6 @@
}
]
}
},
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.4.0"
},
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.6"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.12"
},
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.13"
}
]
}
}
]
}
@ -111,7 +111,7 @@
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiOS version 7.4.2 or above\nPlease upgrade to FortiOS version 7.2.6 or above\nPlease upgrade to FortiOS version 7.0.13 or above\nPlease upgrade to FortiOS version 6.4.15 or above\nPlease upgrade to FortiOS version 6.2.16 or above\nPlease upgrade to FortiProxy version 7.4.1 or above\nPlease upgrade to FortiProxy version 7.2.7 or above\nPlease upgrade to FortiProxy version 7.0.13 or above\nPlease upgrade to FortiProxy version 2.0.14 or above\nFortinet in Q3/23 has remediated this issue in FortiSASE version 23.3.b and hence the customers need not perform any action.\n"
"value": "Please upgrade to FortiOS version 7.4.2 or above\r\nPlease upgrade to FortiOS version 7.2.6 or above\r\nPlease upgrade to FortiOS version 7.0.13 or above\r\nPlease upgrade to FortiOS version 6.4.15 or above\r\nPlease upgrade to FortiOS version 6.2.16 or above\r\nPlease upgrade to FortiProxy version 7.4.1 or above\r\nPlease upgrade to FortiProxy version 7.2.7 or above\r\nPlease upgrade to FortiProxy version 7.0.13 or above\r\nPlease upgrade to FortiProxy version 2.0.14 or above\r\nFortinet in Q3/23 has remediated this issue in FortiSASE version 23.3.b and hence the customers need not perform any action."
}
],
"impact": {
@ -122,7 +122,7 @@
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "CRITICAL",
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",

60
2024/38xxx/CVE-2024-38860.json
View File

@ -1,17 +1,69 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38860",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@checkmk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Checkmk GmbH",
"product": {
"product_data": [
{
"product_name": "Checkmk",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.0",
"version_value": "2.2.0p34"
},
{
"version_affected": "<",
"version_name": "2.3.0",
"version_value": "2.3.0p16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://checkmk.com/werk/17094",
"refsource": "MISC",
"name": "https://checkmk.com/werk/17094"
}
]
}

89
2024/7xxx/CVE-2024-7788.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7788",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@documentfoundation.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Digital Signature Invalidation\u00a0 vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347 Improper Verification of Cryptographic Signature",
"cweId": "CWE-347"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Document Foundation",
"product": {
"product_data": [
{
"product_name": "LibreOffice",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "24.2",
"version_value": "< 24.2.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788",
"refsource": "MISC",
"name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Thanks to Thanks to Yufan You for finding and reporting this issue"
},
{
"lang": "en",
"value": "Thanks to Michael Stahl of allotropia for providing a fix"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2024/8xxx/CVE-2024-8950.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8950",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}