admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-19 11:00:35 +00:00
parent 4328e4f6b3
commit 95e2275c5b
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 272 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
2024/37xxx/CVE-2024-37547.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Livemesh Livemesh Addons for Elementor.This issue affects Livemesh Addons for Elementor: from n/a through 8.3.7."
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Livemesh Livemesh Addons for Elementor.This issue affects Livemesh Addons for Elementor: from n/a through 8.4.0."
}
]
},
@ -40,9 +40,24 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "8.3.7"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "8.4.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.4.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -68,6 +83,19 @@
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;8.4.1 or a higher version."
}
],
"value": "Update to\u00a08.4.1 or a higher version."
}
],
"credits": [
{
"lang": "en",

101
2024/41xxx/CVE-2024-41107.json
View File

@ -1,18 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41107",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account.\u00a0In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account.\n\nAffected users are recommended to disable the SAML authentication plugin by setting the\u00a0\"saml2.enabled\" global setting to \"false\", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.\n\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing",
"cweId": "CWE-290"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache CloudStack",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "4.5.0",
"version_value": "4.18.2.1"
},
{
"version_affected": "<=",
"version_name": "4.19.0.0",
"version_value": "4.19.0.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3"
},
{
"url": "https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107",
"refsource": "MISC",
"name": "https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107"
},
{
"url": "https://github.com/apache/cloudstack/issues/4519",
"refsource": "MISC",
"name": "https://github.com/apache/cloudstack/issues/4519"
},
{
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107",
"refsource": "MISC",
"name": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Christian Gross of Netcloud AG"
},
{
"lang": "en",
"value": "Damon Smith of Apple Services Engineering Security"
},
{
"lang": "en",
"value": "Adam Pond of Apple Services Engineering Security"
},
{
"lang": "en",
"value": "Terry Thibault of Apple Services Engineering Security"
}
]
}

18
2024/6xxx/CVE-2024-6914.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6914",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6915.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6915",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

108
2024/6xxx/CVE-2024-6916.json Normal file
View File

@ -0,0 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-6916",
"ASSIGNER": "zowe-security@lists.openmainframeproject.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-257: Storing Passwords in a Recoverable Format"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-1295: Debug Messages Revealing Unnecessary Information"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Open Mainframe Project",
"product": {
"product_data": [
{
"product_name": "Zowe CLI - Imperative",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.1.0",
"version_value": "5.22.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/zowe/zowe-cli/packages/imperative",
"refsource": "MISC",
"name": "https://github.com/zowe/zowe-cli/packages/imperative"
}
]
},
"exploit": [
{
"lang": "en",
"value": "There are no known exploits of this issue."
}
],
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Imperative 5.22.6 or later, included in Zowe CLI >=7.23.8, which is part of Zowe 2.16.0 or later."
}
],
"credits": [
{
"lang": "en",
"value": "Broadcom Inc."
}
],
"impact": {
"cvss": [
{
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C/CR:M/IR:X/AR:X/MAV:L/MAC:L/MPR:L/MUI:R/MS:C/MC:H/MI:N/MA:N"
}
]
}
}