admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-02 14:10:15 +00:00
parent b1f681cf8c
commit 978ef0820f
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 272 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/47xxx/CVE-2023-47995.json
View File

@ -61,6 +61,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2024-c0b61ab46b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLDUDJOWZAKBQMQ7XYNJTRCFPOB56BOE/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2024-e6a35cd250",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3ZNVRL5PCTMMA3ZBDKH5WH4RT4ST3HW/"
}
]
}

5
2023/47xxx/CVE-2023-47997.json
View File

@ -61,6 +61,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2024-c0b61ab46b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLDUDJOWZAKBQMQ7XYNJTRCFPOB56BOE/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2024-e6a35cd250",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3ZNVRL5PCTMMA3ZBDKH5WH4RT4ST3HW/"
}
]
}

19
2023/4xxx/CVE-2023-4459.json
View File

@ -85,20 +85,6 @@
"product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-305.125.1.rt7.201.el8_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
@ -326,11 +312,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1367"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1382",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4459",
"refsource": "MISC",

19
2023/7xxx/CVE-2023-7192.json
View File

@ -85,20 +85,6 @@
"product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-305.125.1.rt7.201.el8_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
@ -371,11 +357,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1367"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1382",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-7192",
"refsource": "MISC",

30
2024/0xxx/CVE-2024-0646.json
View File

@ -214,20 +214,6 @@
"product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-305.125.1.rt7.201.el8_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
@ -262,12 +248,6 @@
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
@ -612,16 +592,6 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1368"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1377",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1377"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1382",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0646",
"refsource": "MISC",

5
2024/28xxx/CVE-2024-28757.json
View File

@ -66,6 +66,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2024-4e6e660fae",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2024-40b98c9ced",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/"
}
]
}

100
2024/29xxx/CVE-2024-29027.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. The patch in versions 6.5.5 and 7.0.0-alpha.29 added string sanitation for Cloud Function name and Cloud Job name. As a workaround, sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "parse-community",
"product": {
"product_data": [
{
"product_name": "parse-server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 6.5.5"
},
{
"version_affected": "=",
"version_value": ">= 7.0.0-alpha.1, < 7.0.0-alpha.29"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29",
"refsource": "MISC",
"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29"
},
{
"url": "https://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b",
"refsource": "MISC",
"name": "https://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b"
},
{
"url": "https://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e",
"refsource": "MISC",
"name": "https://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e"
},
{
"url": "https://github.com/parse-community/parse-server/releases/tag/6.5.5",
"refsource": "MISC",
"name": "https://github.com/parse-community/parse-server/releases/tag/6.5.5"
},
{
"url": "https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29",
"refsource": "MISC",
"name": "https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29"
}
]
},
"source": {
"advisory": "GHSA-6hh7-46r2-vf29",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

5
2024/2xxx/CVE-2024-2169.json
View File

@ -95,11 +95,6 @@
"url": "https://kb.cert.org/vuls/id/417980",
"refsource": "MISC",
"name": "https://kb.cert.org/vuls/id/417980"
},
{
"url": "https://www.kb.cert.org/vuls/id/417980",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/417980"
}
]
},

103
2024/2xxx/CVE-2024-2604.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2604",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257182 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In SourceCodester File Manager App 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /endpoint/update-file.php. Mit der Manipulation des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "File Manager App",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.257182",
"refsource": "MISC",
"name": "https://vuldb.com/?id.257182"
},
{
"url": "https://vuldb.com/?ctiid.257182",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.257182"
},
{
"url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/Arbitrary%20File%20Upload%20-%20update-file.php.md",
"refsource": "MISC",
"name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/Arbitrary%20File%20Upload%20-%20update-file.php.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "Joshua Lictan"
},
{
"lang": "en",
"value": "nochizplz (VulDB User)"
},
{
"lang": "en",
"value": "nochizplz (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

67
2024/2xxx/CVE-2024-2615.json
View File

@ -1,18 +1,75 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2615",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 124"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "124"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1881074%2C1882438%2C1881650",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1881074%2C1882438%2C1881650"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-12/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Paul Bone and the Mozilla Fuzzing Team"
}
]
}