admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-12 22:00:35 +00:00
parent 8f2ae4e4b4
commit 81a490ab79
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 300 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2024/35xxx/CVE-2024-35329.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c."
"value": "** DISPUTED ** libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the yaml_document_initialize and yaml_document_delete functions."
}
]
},

56
2024/36xxx/CVE-2024-36523.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/648540858/wvp-GB28181-pro/issues/1456",
"refsource": "MISC",
"name": "https://github.com/648540858/wvp-GB28181-pro/issues/1456"
}
]
}

61
2024/37xxx/CVE-2024-37665.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37665",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-37665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/guipi01/WVP-GB28181",
"refsource": "MISC",
"name": "https://github.com/guipi01/WVP-GB28181"
},
{
"url": "https://github.com/648540858/wvp-GB28181-pro",
"refsource": "MISC",
"name": "https://github.com/648540858/wvp-GB28181-pro"
}
]
}

86
2024/3xxx/CVE-2024-3467.json
View File

@ -1,18 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3467",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AVEVA",
"product": {
"product_data": [
{
"product_name": "PI Asset Framework Client",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2023"
},
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2018 SP3 P04"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-03",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-03"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p></p>\n\n<p>AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible:</p><ul><li>(Recommended) All affected versions can be fixed by upgrading to PI AF Client 2023 Patch 1 or later:<br>From <a target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\">OSI Soft Customer Portal</a>, search for \"Asset Framework\" and select \"PI Asset Framework (AF) Client 2023 Patch 1\" or later.</li><li>(Alternative) AF Client 2018 SP3 P04 and prior can be fixed by deploying PI AF Client 2018 SP3 Patch 5 or later:<br>From <a target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\">OSI Soft Customer Portal</a>, search for \"Asset Framework\" and select either \"PI Asset Framework (AF) Client 2018 SP3 Patch 5\" or later.</li></ul><p>AVEVA further recommends users follow general defensive measures:</p><ul><li>Run PI System Explorer as a least privilege interactive account when possible.</li><li>Establish procedures for verifying the source of XML is trusted before importing into PI System Explorer.</li></ul><p>For additional information please refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\">AVEVA-2024-004</a></p>"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible:\n\n * (Recommended) All affected versions can be fixed by upgrading to PI AF Client 2023 Patch 1 or later:\nFrom OSI Soft Customer Portal https://my.osisoft.com/ , search for \"Asset Framework\" and select \"PI Asset Framework (AF) Client 2023 Patch 1\" or later.\n * (Alternative) AF Client 2018 SP3 P04 and prior can be fixed by deploying PI AF Client 2018 SP3 Patch 5 or later:\nFrom OSI Soft Customer Portal https://my.osisoft.com/ , search for \"Asset Framework\" and select either \"PI Asset Framework (AF) Client 2018 SP3 Patch 5\" or later.\n\n\nAVEVA further recommends users follow general defensive measures:\n\n * Run PI System Explorer as a least privilege interactive account when possible.\n * Establish procedures for verifying the source of XML is trusted before importing into PI System Explorer.\n\n\nFor additional information please refer to AVEVA-2024-004 https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"credits": [
{
"lang": "en",
"value": "AVEVA reported this vulnerability to CISA."
}
]
}

82
2024/3xxx/CVE-2024-3468.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3468",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AVEVA",
"product": {
"product_data": [
{
"product_name": "PI Web API",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2023"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-02",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-02"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible:</p><p>From <a target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\">OSI Soft Customer Portal</a>, search for \"PI Web API\" and select version \"2023 SP1\" or later.</p><p>(Alternative) PI Web API 2021 SP3 can be fixed by upgrading PI AF Client to one of the versions specified in AVEVA Security Bulletin AVEVA-2024-004 / ICSA-24-163-03</p><p>AVEVA further recommends users follow general defensive measures:</p><ul><li>Set \"DisableWrites\" configuration setting to true, if this instance of PI Web API is used only for reading data or GET requests.</li><li>Uninstall Core Endpoints feature if this instance of PI Web API is used only for data collection from AVEVA Adapters. Keep OMF feature installed.</li><li>Limit AF Servers' Administrators, so that most of the PI Web API user accounts don't have the permission to change the backend AF servers.</li></ul><p>For additional information please refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\">AVEVA-2024-003</a></p>\n\n<br>"
}
],
"value": "AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible:\n\nFrom OSI Soft Customer Portal https://my.osisoft.com/ , search for \"PI Web API\" and select version \"2023 SP1\" or later.\n\n(Alternative) PI Web API 2021 SP3 can be fixed by upgrading PI AF Client to one of the versions specified in AVEVA Security Bulletin AVEVA-2024-004 / ICSA-24-163-03\n\nAVEVA further recommends users follow general defensive measures:\n\n * Set \"DisableWrites\" configuration setting to true, if this instance of PI Web API is used only for reading data or GET requests.\n * Uninstall Core Endpoints feature if this instance of PI Web API is used only for data collection from AVEVA Adapters. Keep OMF feature installed.\n * Limit AF Servers' Administrators, so that most of the PI Web API user accounts don't have the permission to change the backend AF servers.\n\n\nFor additional information please refer to AVEVA-2024-003 https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
],
"credits": [
{
"lang": "en",
"value": "AVEVA reported this vulnerability to CISA."
}
]
}

18
2024/5xxx/CVE-2024-5938.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5938",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5939.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}