admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-25 21:00:40 +00:00
parent 94476aecab
commit 8f68226f84
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 435 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2024/1xxx/CVE-2024-1023.json
View File

@ -173,6 +173,19 @@
]
}
},
{
"product_name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat build of Quarkus 3.2.11.Final",
"version": {
@ -479,6 +492,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4884",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1023",
"refsource": "MISC",

18
2024/1xxx/CVE-2024-1300.json
View File

@ -236,6 +236,19 @@
]
}
},
{
"product_name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat build of Quarkus 3.2.11.Final",
"version": {
@ -534,6 +547,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4884",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1300",
"refsource": "MISC",

31
2024/2xxx/CVE-2024-2700.json
View File

@ -48,6 +48,19 @@
]
}
},
{
"product_name": "Red Hat build of Apicurio Registry 2.6.1 GA",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat build of Quarkus 3.2.12.Final",
"version": {
@ -627,19 +640,6 @@
]
}
},
{
"product_name": "Red Hat build of Apicurio Registry",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Build of Keycloak",
"version": {
@ -733,6 +733,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:4028"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4873",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:4873"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-2700",
"refsource": "MISC",

76
2024/41xxx/CVE-2024-41808.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41808",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. It has been noted that the front-end uses `DOMPurify` or Vue templating to escape cross-site scripting (XSS) extensively, however certain areas of the front end lack this XSS protection. When combining the missing protection with the insecure authentication handling that the front-end uses, a malicious user may be able to take over any victim's account provided they meet the exploitation steps. As of time of publication, no patched version is available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openobserve",
"product": {
"product_data": [
{
"product_name": "openobserve",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 0.9.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76j",
"refsource": "MISC",
"name": "https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76j"
}
]
},
"source": {
"advisory": "GHSA-hx23-g7m8-h76j",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

91
2024/41xxx/CVE-2024-41809.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41809",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of `openobserve/web/src/views/MemberSubscription.vue`. Version 0.10.0 sanitizes incoming html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openobserve",
"product": {
"product_data": [
{
"product_name": "openobserve",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.4.4, < 0.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/openobserve/openobserve/security/advisories/GHSA-rw8w-37p9-mrrp",
"refsource": "MISC",
"name": "https://github.com/openobserve/openobserve/security/advisories/GHSA-rw8w-37p9-mrrp"
},
{
"url": "https://github.com/openobserve/openobserve/commit/2334377ebc8b74beb06ab3e5712dbdb1be1eff02",
"refsource": "MISC",
"name": "https://github.com/openobserve/openobserve/commit/2334377ebc8b74beb06ab3e5712dbdb1be1eff02"
},
{
"url": "https://github.com/openobserve/openobserve/commit/64587261968217dfb8af4c4f6054d58bbc6d331d",
"refsource": "MISC",
"name": "https://github.com/openobserve/openobserve/commit/64587261968217dfb8af4c4f6054d58bbc6d331d"
},
{
"url": "https://github.com/openobserve/openobserve/blob/v0.5.2/web/src/views/MemberSubscription.vue#L32",
"refsource": "MISC",
"name": "https://github.com/openobserve/openobserve/blob/v0.5.2/web/src/views/MemberSubscription.vue#L32"
}
]
},
"source": {
"advisory": "GHSA-rw8w-37p9-mrrp",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

18
2024/5xxx/CVE-2024-5971.json
View File

@ -35,6 +35,19 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 8",
"version": {
@ -230,6 +243,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:4392"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4884",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-5971",
"refsource": "MISC",

18
2024/6xxx/CVE-2024-6162.json
View File

@ -35,6 +35,19 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat build of Apache Camel 4.0 for Spring Boot",
"version": {
@ -212,6 +225,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:4884",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:4884"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-6162",
"refsource": "MISC",

100
2024/7xxx/CVE-2024-7105.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7105",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in ForIP Tecnologia Administra\u00e7\u00e3o PABX 1.x. Affected is an unknown function of the file /detalheIdUra of the component Lista Ura Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in ForIP Tecnologia Administra\u00e7\u00e3o PABX 1.x entdeckt. Es betrifft eine unbekannte Funktion der Datei /detalheIdUra der Komponente Lista Ura Page. Durch Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ForIP Tecnologia",
"product": {
"product_data": [
{
"product_name": "Administra\u00e7\u00e3o PABX",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.272430",
"refsource": "MISC",
"name": "https://vuldb.com/?id.272430"
},
{
"url": "https://vuldb.com/?ctiid.272430",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.272430"
},
{
"url": "https://vuldb.com/?submit.376659",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.376659"
},
{
"url": "https://docs.google.com/document/d/1Q3kLR-HXSmj1LFpnCAt964YHACWwdckz4O8n4ocgB1I/edit?usp=sharing",
"refsource": "MISC",
"name": "https://docs.google.com/document/d/1Q3kLR-HXSmj1LFpnCAt964YHACWwdckz4O8n4ocgB1I/edit?usp=sharing"
}
]
},
"credits": [
{
"lang": "en",
"value": "gabriel (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

94
2024/7xxx/CVE-2024-7106.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7106",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/media_folders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272431. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In Spina CMS 2.18.0 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /admin/media_folders. Mittels dem Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Spina",
"product": {
"product_data": [
{
"product_name": "CMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.18.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.272431",
"refsource": "MISC",
"name": "https://vuldb.com/?id.272431"
},
{
"url": "https://vuldb.com/?ctiid.272431",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.272431"
},
{
"url": "https://vuldb.com/?submit.376769",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.376769"
},
{
"url": "https://github.com/topsky979/Security-Collections/blob/main/cve3/README.md",
"refsource": "MISC",
"name": "https://github.com/topsky979/Security-Collections/blob/main/cve3/README.md"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
}
]
}