admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-19 22:00:35 +00:00
parent 6ab9a5023c
commit 8bcd584186
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 405 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

167
2024/1xxx/CVE-2024-1480.json
View File

@ -1,17 +1,176 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1480",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ot-cert@dragos.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-257 Storing Passwords in a Recoverable Format",
"cweId": "CWE-257"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unitronics",
"product": {
"product_data": [
{
"product_name": "Vision230",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "0"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Vision280",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "0"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Vision290",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "0"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Vision530",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "0"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Vision120",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "0"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-109-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-109-01"
},
{
"url": "https://www.dragos.com/advisory/unitronics-vision-standard/",
"refsource": "MISC",
"name": "https://www.dragos.com/advisory/unitronics-vision-standard/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

56
2024/30xxx/CVE-2024-30974.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30974",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-30974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/torchstar/autoexpress/blob/master/buginfodetail.md",
"url": "https://github.com/torchstar/autoexpress/blob/master/buginfodetail.md"
}
]
}

91
2024/31xxx/CVE-2024-31993.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31993",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the Mealie server will also vary depending on whether or not the target file is an image, is not an image, or does not exist. Additionally, when a file is retrieved the file may remain stored on Mealie\u2019s file system as original.jpg under the UUID of the recipe it was requested for. If the attacker has access to an admin account (e.g. the default changeme@example.com), this file can then be retrieved. Note that if Mealie is running in a development setting this could be leveraged by an attacker to retrieve any file that the Mealie server had downloaded in this fashion without the need for administrator access. This vulnerability is fixed in 1.4.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mealie-recipes",
"product": {
"product_data": [
{
"product_name": "mealie",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/"
},
{
"url": "https://github.com/mealie-recipes/mealie/pull/3368",
"refsource": "MISC",
"name": "https://github.com/mealie-recipes/mealie/pull/3368"
},
{
"url": "https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f",
"refsource": "MISC",
"name": "https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f"
},
{
"url": "https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107",
"refsource": "MISC",
"name": "https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107"
}
]
},
"source": {
"advisory": "GHSA-vgmj-mq9v-q97p",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

91
2024/31xxx/CVE-2024-31994.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31994",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole (leading to possible disk consumption), however the more likely scenario given resource limitations is that the container will OOM during file retrieval if the target file size is greater than the allocated memory of the container. At best this can be used to force the container to infinitely restart due to OOM (if so configured in `docker-compose.yml), or at worst this can be used to force the Mealie container to crash and remain offline. In the event that the file can be retrieved, the lack of rate limiting on this endpoint also permits an attacker to generate ongoing requests to any target of their choice, potentially contributing to an external-facing DoS attack. This vulnerability is fixed in 1.4.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mealie-recipes",
"product": {
"product_data": [
{
"product_name": "mealie",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/"
},
{
"url": "https://github.com/mealie-recipes/mealie/pull/3368",
"refsource": "MISC",
"name": "https://github.com/mealie-recipes/mealie/pull/3368"
},
{
"url": "https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f",
"refsource": "MISC",
"name": "https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f"
},
{
"url": "https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107",
"refsource": "MISC",
"name": "https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107"
}
]
},
"source": {
"advisory": "GHSA-vhq4-cpq5-3fv8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
]
}

18
2024/4xxx/CVE-2024-4019.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}