admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-19 13:00:55 +00:00
parent 724924d643
commit 8bfa6a0921
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 1923 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
2021/32xxx/CVE-2021-32589.json
View File

@ -1,17 +1,167 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32589",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use after free in Fortinet FortiManager, FortiAnalyzer allows attacker to execute unauthorized code or commands via <insert attack vector here>"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiManager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0.0"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.5"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.7"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.10"
},
{
"version_affected": "<=",
"version_name": "5.6.0",
"version_value": "5.6.10"
},
{
"version_affected": "<=",
"version_name": "5.4.0",
"version_value": "5.4.7"
},
{
"version_affected": "<=",
"version_name": "5.2.0",
"version_value": "5.2.10"
},
{
"version_affected": "<=",
"version_name": "5.0.0",
"version_value": "5.0.12"
}
]
}
},
{
"product_name": "FortiAnalyzer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0.0"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.5"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.7"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.10"
},
{
"version_affected": "<=",
"version_name": "5.6.0",
"version_value": "5.6.10"
},
{
"version_affected": "<=",
"version_name": "5.4.0",
"version_value": "5.4.7"
},
{
"version_affected": "=",
"version_value": "5.3.11"
},
{
"version_affected": "<=",
"version_name": "5.2.4",
"version_value": "5.2.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-21-067",
"refsource": "MISC",
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-21-067"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiPortal version 6.0.6 or above \nPlease upgrade to FortiPortal version 5.3.7 or above \nPlease upgrade to FortiManager version 7.0.1 or above \nPlease upgrade to FortiManager version 6.4.6 or above \nPlease upgrade to FortiManager version 6.2.8 or above \nPlease upgrade to FortiManager version 6.0.11 or above \nPlease upgrade to FortiManager version 5.6.11 or above \nPlease upgrade to FortiAnalyzer version 7.0.1 or above \nPlease upgrade to FortiAnalyzer version 6.4.6 or above \nPlease upgrade to FortiAnalyzer version 6.2.8 or above \nPlease upgrade to FortiAnalyzer version 6.0.11 or above \nPlease upgrade to FortiAnalyzer version 5.6.11 or above"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C"
}
]
}

1511
2024/12xxx/CVE-2024-12782.json
View File

File diff suppressed because it is too large Load Diff

114
2024/12xxx/CVE-2024-12783.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12783",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the argument extra-cost leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in itsourcecode Vehicle Management System 1.0 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /billaction.php. Dank der Manipulation des Arguments extra-cost mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "itsourcecode",
"product": {
"product_data": [
{
"product_name": "Vehicle Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.288959",
"refsource": "MISC",
"name": "https://vuldb.com/?id.288959"
},
{
"url": "https://vuldb.com/?ctiid.288959",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.288959"
},
{
"url": "https://vuldb.com/?submit.462628",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.462628"
},
{
"url": "https://github.com/FinleyTang/Vehicle-Management-System/blob/main/Vehicle%20Management%20System%20billaction.php%20has%20Cross-site%20Scripting%20(XSS).pdf",
"refsource": "MISC",
"name": "https://github.com/FinleyTang/Vehicle-Management-System/blob/main/Vehicle%20Management%20System%20billaction.php%20has%20Cross-site%20Scripting%20(XSS).pdf"
},
{
"url": "https://itsourcecode.com/",
"refsource": "MISC",
"name": "https://itsourcecode.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "FinleyTang (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

81
2024/45xxx/CVE-2024-45818.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45818",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xen.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The hypervisor contains code to accelerate VGA memory accesses for HVM\nguests, when the (virtual) VGA is in \"standard\" mode. Locking involved\nthere has an unusual discipline, leaving a lock acquired past the\nreturn from the function that acquired it. This behavior results in a\nproblem when emulating an instruction with two memory accesses, both of\nwhich touch VGA memory (plus some further constraints which aren't\nrelevant here). When emulating the 2nd access, the lock that is already\nbeing held would be attempted to be re-acquired, resulting in a\ndeadlock.\n\nThis deadlock was already found when the code was first introduced, but\nwas analysed incorrectly and the fix was incomplete. Analysis in light\nof the new finding cannot find a way to make the existing locking\ndiscipline work.\n\nIn staging, this logic has all been removed because it was discovered\nto be accidentally disabled since Xen 4.7. Therefore, we are fixing the\nlocking problem by backporting the removal of most of the feature. Note\nthat even with the feature disabled, the lock would still be acquired\nfor any accesses to the VGA MMIO region."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xen",
"product": {
"product_data": [
{
"product_name": "Xen",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-463"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-463.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-463.html"
}
]
},
"configuration": [
{
"lang": "en",
"value": "Xen versions 4.6 through 4.19 are vulnerable. Staging (4.20 dev) is\nnot vulnerable; as noted above, the functionality was already removed\nprior to the discovery of this issue.\n\nOnly x86 systems running HVM guests are vulnerable. Architectures other\nthan x86 are not vulnerable.\n\nOnly HVM guests can leverage the vulnerability. PVH and PV guests\ncannot leverage the vulnerability."
}
],
"work_around": [
{
"lang": "en",
"value": "Running only PV or PVH guests will avoid this vulnerability."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Manuel Andreas of Technical University of\nMunich."
}
]
}

81
2024/45xxx/CVE-2024-45819.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45819",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xen.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PVH guests have their ACPI tables constructed by the toolstack. The\nconstruction involves building the tables in local memory, which are\nthen copied into guest memory. While actually used parts of the local\nmemory are filled in correctly, excess space that is being allocated is\nleft with its prior contents."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xen",
"product": {
"product_data": [
{
"product_name": "Xen",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-464"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-464.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-464.html"
}
]
},
"configuration": [
{
"lang": "en",
"value": "Xen versions 4.8 and onwards are vulnerable. Xen 4.7 and older are not\nvulnerable.\n\nOnly x86 systems running PVH guests are vulnerable. Architectures other\nthan x86 are not vulnerable.\n\nOnly PVH guests can leverage the vulnerability. HVM and PV guests\ncannot leverage the vulnerability. Note that PV guests when run inside\nthe (PVH) shim can't leverage the vulnerability."
}
],
"work_around": [
{
"lang": "en",
"value": "Running only PV or HVM guests will avoid this vulnerability."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jason Andryuk of AMD."
}
]
}