admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-16 21:00:55 +00:00
parent 7fb13ccf22
commit a3785eed5a
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
12 changed files with 659 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
2024/12xxx/CVE-2024-12666.json
View File

@ -1,17 +1,150 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12666",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In ClassCMS bis 4.8 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /admin?do=admin:user:editPost der Komponente User Management Page. Mittels dem Manipulieren mit unbekannten Daten kann eine improper handling of insufficient privileges-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of Insufficient Privileges",
"cweId": "CWE-274"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ClassCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0"
},
{
"version_affected": "=",
"version_value": "4.1"
},
{
"version_affected": "=",
"version_value": "4.2"
},
{
"version_affected": "=",
"version_value": "4.3"
},
{
"version_affected": "=",
"version_value": "4.4"
},
{
"version_affected": "=",
"version_value": "4.5"
},
{
"version_affected": "=",
"version_value": "4.6"
},
{
"version_affected": "=",
"version_value": "4.7"
},
{
"version_affected": "=",
"version_value": "4.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.288535",
"refsource": "MISC",
"name": "https://vuldb.com/?id.288535"
},
{
"url": "https://vuldb.com/?ctiid.288535",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.288535"
},
{
"url": "https://vuldb.com/?submit.461120",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.461120"
},
{
"url": "https://github.com/Jack-Black-13/blob/blob/main/ClassCMS%20V4.8%20Vertical%20Privilege%20Escalation.md",
"refsource": "MISC",
"name": "https://github.com/Jack-Black-13/blob/blob/main/ClassCMS%20V4.8%20Vertical%20Privilege%20Escalation.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "vulbox (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.7,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
}
]
}

104
2024/12xxx/CVE-2024-12667.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in InvoicePlane bis 1.6.1 gefunden. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /invoices/view. Mittels Manipulieren mit unbekannten Daten kann eine session expiration-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.6.2-beta-1 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Expiration",
"cweId": "CWE-613"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "InvoicePlane",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.6.0"
},
{
"version_affected": "=",
"version_value": "1.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.288536",
"refsource": "MISC",
"name": "https://vuldb.com/?id.288536"
},
{
"url": "https://vuldb.com/?ctiid.288536",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.288536"
},
{
"url": "https://vuldb.com/?submit.449923",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.449923"
},
{
"url": "https://github.com/InvoicePlane/InvoicePlane/releases/tag/v1.6.2-beta-1",
"refsource": "MISC",
"name": "https://github.com/InvoicePlane/InvoicePlane/releases/tag/v1.6.2-beta-1"
}
]
},
"credits": [
{
"lang": "en",
"value": "fahadletsleep (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.7,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"
}
]
}

18
2024/12xxx/CVE-2024-12689.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12689",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12690.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12690",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12691.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12691",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2024/55xxx/CVE-2024-55099.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/achchhelalchauhan/phpgurukul/blob/main/SQL%20injection%20ONHP-username.pdf",
"url": "https://github.com/achchhelalchauhan/phpgurukul/blob/main/SQL%20injection%20ONHP-username.pdf"
},
{
"refsource": "MISC",
"name": "https://github.com/kuzgunaka/CVE-2024-55099-Online-Nurse-Hiring-System-v1.0-SQL-Injection-Vulnerability-",
"url": "https://github.com/kuzgunaka/CVE-2024-55099-Online-Nurse-Hiring-System-v1.0-SQL-Injection-Vulnerability-"
}
]
}

61
2024/55xxx/CVE-2024-55100.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55100",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-55100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fullname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql/",
"refsource": "MISC",
"name": "https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql/"
},
{
"refsource": "MISC",
"name": "https://github.com/kuzgunaka/test1/blob/main/CVE-2024-55100-Online-Nurse-Hiring-System-v1.0-Stored-Cross-Site-Scripting-Vulnerability.md",
"url": "https://github.com/kuzgunaka/test1/blob/main/CVE-2024-55100-Online-Nurse-Hiring-System-v1.0-Stored-Cross-Site-Scripting-Vulnerability.md"
}
]
}

61
2024/55xxx/CVE-2024-55103.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55103",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-55103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the component /admin/profile.php via the fullname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql/",
"refsource": "MISC",
"name": "https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql/"
},
{
"refsource": "MISC",
"name": "https://github.com/kuzgunaka/test1/blob/main/CVE-2024-55103-Online-Nurse-Hiring-System-v1.0-SQL-Injection-Vulnerability.md",
"url": "https://github.com/kuzgunaka/test1/blob/main/CVE-2024-55103-Online-Nurse-Hiring-System-v1.0-SQL-Injection-Vulnerability.md"
}
]
}

61
2024/55xxx/CVE-2024-55104.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55104",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-55104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql/",
"refsource": "MISC",
"name": "https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql/"
},
{
"refsource": "MISC",
"name": "https://github.com/kuzgunaka/test1/blob/main/CVE-2024-55104-Online-Nurse-Hiring-System-v1.0-SQL-Injection-Vulnerability.md",
"url": "https://github.com/kuzgunaka/test1/blob/main/CVE-2024-55104-Online-Nurse-Hiring-System-v1.0-SQL-Injection-Vulnerability.md"
}
]
}

71
2024/55xxx/CVE-2024-55557.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55557",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-55557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://apps.microsoft.com/detail/9nhtv46lg4nh?hl=en-us&gl=US",
"refsource": "MISC",
"name": "https://apps.microsoft.com/detail/9nhtv46lg4nh?hl=en-us&gl=US"
},
{
"url": "https://github.com/nroduit/Weasis/releases/tag/v4.5.1",
"refsource": "MISC",
"name": "https://github.com/nroduit/Weasis/releases/tag/v4.5.1"
},
{
"refsource": "MISC",
"name": "https://github.com/partywavesec/CVE-2024-55557",
"url": "https://github.com/partywavesec/CVE-2024-55557"
},
{
"refsource": "MISC",
"name": "https://www.partywave.site/show/research/CVE-2024-55557%20-%20Weasis%204.5.1",
"url": "https://www.partywave.site/show/research/CVE-2024-55557%20-%20Weasis%204.5.1"
}
]
}

73
2024/55xxx/CVE-2024-55949.json
View File

@ -1,18 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55949",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue has been addressed in commit `f246c9053f9603e610d98439799bdd2a6b293427` which is included in RELEASE.2024-12-13T22-19-12Z. There are no workarounds possible, all users are advised to upgrade immediately."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "minio",
"product": {
"product_data": [
{
"product_name": "minio",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= RELEASE.2022-06-25T15-50-16Z, < RELEASE.2024-12-13T22-19-12Z"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/minio/minio/security/advisories/GHSA-cwq8-g58r-32hg",
"refsource": "MISC",
"name": "https://github.com/minio/minio/security/advisories/GHSA-cwq8-g58r-32hg"
},
{
"url": "https://github.com/minio/minio/pull/20756",
"refsource": "MISC",
"name": "https://github.com/minio/minio/pull/20756"
},
{
"url": "https://github.com/minio/minio/commit/580d9db85e04f1b63cc2909af50f0ed08afa965f",
"refsource": "MISC",
"name": "https://github.com/minio/minio/commit/580d9db85e04f1b63cc2909af50f0ed08afa965f"
},
{
"url": "https://github.com/minio/minio/commit/f246c9053f9603e610d98439799bdd2a6b293427",
"refsource": "MISC",
"name": "https://github.com/minio/minio/commit/f246c9053f9603e610d98439799bdd2a6b293427"
}
]
},
"source": {
"advisory": "GHSA-cwq8-g58r-32hg",
"discovery": "UNKNOWN"
}
}

68
2024/55xxx/CVE-2024-55951.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55951",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There are no workarounds for this issue aside from upgrading."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "metabase",
"product": {
"product_data": [
{
"product_name": "metabase",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.52.0, < 1.52.2.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-rhjf-q2qw-rvx3",
"refsource": "MISC",
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-rhjf-q2qw-rvx3"
},
{
"url": "https://downloads.metabase.com/v0.52.2.5/metabase.jar",
"refsource": "MISC",
"name": "https://downloads.metabase.com/v0.52.2.5/metabase.jar"
},
{
"url": "https://hub.docker.com/r/metabase/metabase/tags",
"refsource": "MISC",
"name": "https://hub.docker.com/r/metabase/metabase/tags"
}
]
},
"source": {
"advisory": "GHSA-rhjf-q2qw-rvx3",
"discovery": "UNKNOWN"
}
}