admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-06 21:00:37 +00:00
parent e6c635729b
commit 8167b5e807
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
4 changed files with 274 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2024/12xxx/CVE-2024-12325.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12325",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

100
2024/12xxx/CVE-2024-12326.json Normal file
View File

@ -0,0 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-12326",
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in CVE-2022-30110. However, it was still possible to do a browser preview of a SVG file by sending a manipulated MIME type during the upload, where the case of any letter in image/svg+xml had been changed (like image/svg+XML). The check for image/svg+xml has been changed to be case insensitive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jirafeau project",
"product": {
"product_data": [
{
"product_name": "Jirafeau",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.5.0",
"version_value": "4.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/jirafeau/Jirafeau/-/commit/6cfca8753d54e2025c6020b2af32529e25f58c66",
"refsource": "MISC",
"name": "https://gitlab.com/jirafeau/Jirafeau/-/commit/6cfca8753d54e2025c6020b2af32529e25f58c66"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30110",
"refsource": "MISC",
"name": "https://www.cve.org/CVERecord?id=CVE-2022-30110"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to version 4.6.1"
}
],
"credits": [
{
"lang": "en",
"value": "Patrick Canterino"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}
}

83
2024/7xxx/CVE-2024-7874.json
View File

@ -1,18 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7874",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tungsten Automation (Kofax) TotalAgility in versions all through\u00a07.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpConnectionId\u00a0parameter manipulation in a form sent to\u00a0endpoints \"/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx\" \nand\u00a0\"/TotalAgility/Kofax/BrowserDevice/ScanFrontDebug.aspx\"\nThis allows for injection of a malicious JavaScript code, leading to a possible information leak.\u00a0\nExploitation is possible only while using POST requests and also requires retrieving/generating a proper VIEWSTATE parameter, which limits the risk of a successful attack."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tungsten Automation",
"product": {
"product_data": [
{
"product_name": "TotalAgility",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "7.9.0.25.0.954"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.tungstenautomation.com/products/totalagility",
"refsource": "MISC",
"name": "https://www.tungstenautomation.com/products/totalagility"
},
{
"url": "https://cert.pl/en/posts/2024/12/CVE-2024-7874",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2024/12/CVE-2024-7874"
},
{
"url": "https://cert.pl/posts/2024/12/CVE-2024-7874",
"refsource": "MISC",
"name": "https://cert.pl/posts/2024/12/CVE-2024-7874"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Amin ACHOUR"
},
{
"lang": "en",
"value": "Abderrahmane Bounhidja"
}
]
}

83
2024/7xxx/CVE-2024-7875.json
View File

@ -1,18 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7875",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tungsten Automation\u00a0(Kofax) TotalAgility in versions all through\u00a07.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpScreenResolutionWidth\u00a0parameter manipulation in a form sent to an\u00a0endpoint\u00a0/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx\nThis allows for injection of a malicious JavaScript code, leading to a possible information leak.\u00a0\nExploitation is possible only while using POST requests and also requires retrieving/generating a proper VIEWSTATE parameter, which limits the risk of a successful attack."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tungsten Automation",
"product": {
"product_data": [
{
"product_name": "TotalAgility",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "7.9.0.25.0.954"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.tungstenautomation.com/products/totalagility",
"refsource": "MISC",
"name": "https://www.tungstenautomation.com/products/totalagility"
},
{
"url": "https://cert.pl/en/posts/2024/12/CVE-2024-7874",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2024/12/CVE-2024-7874"
},
{
"url": "https://cert.pl/posts/2024/12/CVE-2024-7874",
"refsource": "MISC",
"name": "https://cert.pl/posts/2024/12/CVE-2024-7874"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Amin ACHOUR"
},
{
"lang": "en",
"value": "Abderrahmane Bounhidja"
}
]
}