mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-06 18:53:08 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
6f597efe37
commit
9b33c2037b
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "<p>A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim.</p>\n<p>Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded.</p>\n<p>The security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads.</p>\n"
|
||||
"value": "A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim.\nCombining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded.\nThe security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads.\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "<p>An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate <a href=\"https://docs.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0\">keyCredential</a>\u202f on an Azure AD <a href=\"https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals\">Application or Service Principal</a> (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.</p>\n<p>Azure AD\u202faddressed this vulnerability by preventing disclosure of any private key\u202fvalues added\u202fto the application.</p>\n<p>Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information.</p>\n<p>For more details on this issue, please refer to the <a href=\"https://aka.ms/CVE-2021-42306-AAD\">MSRC Blog Entry</a>.</p>\n"
|
||||
"value": "An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential\u202f on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.\nAzure AD\u202faddressed this vulnerability by preventing disclosure of any private key\u202fvalues added\u202fto the application.\nMicrosoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information.\nFor more details on this issue, please refer to the MSRC Blog Entry.\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -72,6 +72,26 @@
|
||||
"url": "https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc3"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/advisories/GHSA-w52x-cp47-xhhw",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/advisories/GHSA-w52x-cp47-xhhw"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/gpac/gpac/releases/tag/v2.2.1",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/gpac/gpac/releases/tag/v2.2.1"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/gpac/gpac/commit/851560e3dc8155d45ace4b0d77421f241ed71dc4"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/gpac/gpac/issues/2396",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/gpac/gpac/issues/2396"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-30313",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2023-30313",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An issue discovered in Wavlink QUANTUM D2G routers allows attackers to hijack TCP sessions which could lead to a denial of service."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.ndss-symposium.org/ndss-paper/exploiting-sequence-number-leakage-tcp-hijacking-in-nat-enabled-wi-fi-networks/",
|
||||
"url": "https://www.ndss-symposium.org/ndss-paper/exploiting-sequence-number-leakage-tcp-hijacking-in-nat-enabled-wi-fi-networks/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -141,6 +141,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-b01c2a820106"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -153,6 +153,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-c298863b1525"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -109,6 +109,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-c298863b1525"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -153,6 +153,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-c298863b1525"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -153,6 +153,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-c298863b1525"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -109,6 +109,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-c298863b1525"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -109,6 +109,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-c298863b1525"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -98,6 +98,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-c298863b1525"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -120,6 +120,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-d175d3acf727"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -119,6 +119,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-c298863b1525"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -109,6 +109,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-c298863b1525"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -87,6 +87,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -153,6 +153,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -141,6 +141,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-d175d3acf727"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -141,6 +141,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -141,6 +141,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -141,6 +141,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -141,6 +141,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -130,6 +130,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -141,6 +141,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f0117140d9a"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -131,6 +131,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -119,6 +119,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -120,6 +120,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -120,6 +120,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -152,6 +152,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -130,6 +130,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -152,6 +152,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -98,6 +98,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -163,6 +163,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -98,6 +98,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -141,6 +141,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -163,6 +163,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -109,6 +109,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -141,6 +141,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -130,6 +130,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -120,6 +120,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -109,6 +109,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -119,6 +119,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -119,6 +119,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -141,6 +141,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -119,6 +119,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -161,6 +161,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-851b3ed3d212"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -167,6 +167,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f0117140d9a"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -163,6 +163,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -163,6 +163,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -119,6 +119,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -119,6 +119,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -119,6 +119,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -98,6 +98,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -124,6 +124,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f0117140d9a"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -141,30 +141,10 @@
|
||||
"url": "https://git.kernel.org/stable/c/29346e217b8ab8a52889b88f00b268278d6b7668",
|
||||
"refsource": "MISC",
|
||||
"name": "https://git.kernel.org/stable/c/29346e217b8ab8a52889b88f00b268278d6b7668"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2024/04/11/9",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2024/04/11/9"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2024/04/11/11",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2024/04/11/11"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2024/04/12/2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2024/04/12/2"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2024/04/12/1",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2024/04/12/1"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-851b3ed3d212"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -113,6 +113,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-851b3ed3d212"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -163,6 +163,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -193,6 +193,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-851b3ed3d212"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -98,6 +98,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -113,6 +113,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-851b3ed3d212"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -141,6 +141,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -163,6 +163,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -167,6 +167,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f0117140d9a"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -152,6 +152,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -119,6 +119,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -137,6 +137,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-5f0117140d9a"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -108,6 +108,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-4986f5686161"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -153,6 +153,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -109,6 +109,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -142,6 +142,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-d175d3acf727"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -87,6 +87,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -153,6 +153,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -120,6 +120,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -109,6 +109,6 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "bippy-8df59b4913de"
|
||||
"engine": "bippy-a5840b7849dd"
|
||||
}
|
||||
}
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-22641",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2024-22641",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://github.com/zunak/CVE-2024-22641",
|
||||
"url": "https://github.com/zunak/CVE-2024-22641"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,117 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-35239",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to one of the patched versions (13.0.1, 12.2.2, 10.5.3, 8.13.13)."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "umbraco",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Umbraco.Forms.Issues",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": ">= 13.0.0, < 13.0.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": ">= 12.0.0, < 12.2.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": ">= 10.0.0, < 10.5.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 8.13.13 "
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-p572-p2rj-q5f4",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-p572-p2rj-q5f4"
|
||||
},
|
||||
{
|
||||
"url": "https://docs.umbraco.com/umbraco-forms/developer/configuration#editing-configuration-values",
|
||||
"refsource": "MISC",
|
||||
"name": "https://docs.umbraco.com/umbraco-forms/developer/configuration#editing-configuration-values"
|
||||
},
|
||||
{
|
||||
"url": "https://docs.umbraco.com/umbraco-forms/release-notes#id-13.0.1-january-16th-2024",
|
||||
"refsource": "MISC",
|
||||
"name": "https://docs.umbraco.com/umbraco-forms/release-notes#id-13.0.1-january-16th-2024"
|
||||
},
|
||||
{
|
||||
"url": "https://docs.umbraco.com/umbraco-forms/v/10.forms.latest/release-notes",
|
||||
"refsource": "MISC",
|
||||
"name": "https://docs.umbraco.com/umbraco-forms/v/10.forms.latest/release-notes"
|
||||
},
|
||||
{
|
||||
"url": "https://docs.umbraco.com/umbraco-forms/v/12.forms.latest/release-notes#id-12.2.2-january-16th-2024",
|
||||
"refsource": "MISC",
|
||||
"name": "https://docs.umbraco.com/umbraco-forms/v/12.forms.latest/release-notes#id-12.2.2-january-16th-2024"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-p572-p2rj-q5f4",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 2.7,
|
||||
"baseSeverity": "LOW",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,94 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-35240",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "umbraco",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Umbraco.Commerce.Issues",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": ">= 12.0.0, < 12.1.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 10.0.5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/umbraco/Umbraco.Commerce.Issues/security/advisories/GHSA-rpj9-xjwm-wr6w",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/umbraco/Umbraco.Commerce.Issues/security/advisories/GHSA-rpj9-xjwm-wr6w"
|
||||
},
|
||||
{
|
||||
"url": "https://docs.umbraco.com/umbraco-commerce/release-notes#id-13.0.0-december-13th-2023",
|
||||
"refsource": "MISC",
|
||||
"name": "https://docs.umbraco.com/umbraco-commerce/release-notes#id-13.0.0-december-13th-2023"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-rpj9-xjwm-wr6w",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.4,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-35511",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2024-35511",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the \"username\" parameter of /msms/admin/index.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://github.com/efekaanakkar/CVE-2024-35511/blob/main/Men%20Salon%20Management%20System%20Using%20PHP%20and%20MySQL.md",
|
||||
"url": "https://github.com/efekaanakkar/CVE-2024-35511/blob/main/Men%20Salon%20Management%20System%20Using%20PHP%20and%20MySQL.md"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-35548",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2024-35548",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://github.com/baomidou/mybatis-plus/issues/6167",
|
||||
"url": "https://github.com/baomidou/mybatis-plus/issues/6167"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
18
2024/5xxx/CVE-2024-5450.json
Normal file
18
2024/5xxx/CVE-2024-5450.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-5450",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
18
2024/5xxx/CVE-2024-5451.json
Normal file
18
2024/5xxx/CVE-2024-5451.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-5451",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user