admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-08 00:00:38 +00:00
parent 9a47b8dbe6
commit 87b7b078b3
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 429 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
2024/6xxx/CVE-2024-6706.json
View File

@ -1,18 +1,76 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6706",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosures@korelogic.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Open WebUI",
"product": {
"product_data": [
{
"product_name": "Open WebUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.1.105"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt",
"refsource": "MISC",
"name": "https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Jaggar Henry and Sean Segreti of KoreLogic, Inc."
}
]
}

77
2024/6xxx/CVE-2024-6707.json
View File

@ -1,18 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6707",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosures@korelogic.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Open WebUI",
"product": {
"product_data": [
{
"product_name": "Open WebUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.1.105"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt",
"refsource": "MISC",
"name": "https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Jaggar Henry and Sean Segreti of KoreLogic, Inc."
}
]
}

83
2024/6xxx/CVE-2024-6890.json
View File

@ -1,18 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6890",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosures@korelogic.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cwe-321"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "cwe-334"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "cwe-799"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Journyx",
"product": {
"product_data": [
{
"product_name": "Journyx (jtime)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.5.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt",
"refsource": "MISC",
"name": "https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Jaggar Henry of KoreLogic, Inc."
}
]
}

77
2024/6xxx/CVE-2024-6891.json
View File

@ -1,18 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6891",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosures@korelogic.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
"cweId": "CWE-95"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Journyx",
"product": {
"product_data": [
{
"product_name": "Journyx (jtime)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.5.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt",
"refsource": "MISC",
"name": "https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Jaggar Henry of KoreLogic, Inc."
}
]
}

68
2024/6xxx/CVE-2024-6892.json
View File

@ -1,18 +1,76 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6892",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosures@korelogic.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-81 Improper Neutralization of Script in an Error Message Web Page",
"cweId": "CWE-81"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Journyx",
"product": {
"product_data": [
{
"product_name": "Journyx (jtime)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.5.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt",
"refsource": "MISC",
"name": "https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Jaggar Henry of KoreLogic, Inc."
}
]
}

68
2024/6xxx/CVE-2024-6893.json
View File

@ -1,18 +1,76 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6893",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosures@korelogic.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The \"soap_cgi.pyc\" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Journyx",
"product": {
"product_data": [
{
"product_name": "Journyx (jtime)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.5.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt",
"refsource": "MISC",
"name": "https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Jaggar Henry of KoreLogic, Inc."
}
]
}

18
2024/7xxx/CVE-2024-7599.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}