"-Synchronized-Data."

This commit is contained in:
CVE Team 2024-09-26 19:01:06 +00:00
parent acdd17d053
commit a96a81df77
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
20 changed files with 478 additions and 66 deletions

View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.\u00a0 There is no impact on integrity or availability.\n\n"
"value": "Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.\u00a0 There is no impact on integrity or availability."
}
]
},
@ -21,17 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper AuthenticationCWE-200: Exposure of Sensitive Information",
"cweId": "CWE-287"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}

View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.\n\n"
"value": "SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
"value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"cweId": "CWE-327"
}
]
}

View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.\n\n"
"value": "SAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-476: Pointer Dereference",
"cweId": "CWE-476"
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}

View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability.\n\n"
"value": "SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-209: Generation of Error Message Containing Sensitive Information",
"cweId": "CWE-209"
"value": "CWE-611 Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}

View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files\u00a0which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.\n\n"
"value": "SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files\u00a0which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}

View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nSAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system."
"value": "SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system."
}
]
},
@ -21,7 +21,8 @@
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
@ -35,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "SAP Replication Server ",
"product_name": "SAP Replication Server",
"version": {
"version_data": [
{

View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45987",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-45987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or knowledge. The attack leverages the user's active session to perform the unauthorized action, compromising the integrity of the voting process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/soursec/CVEs/tree/main/CVE-2024-45987",
"url": "https://github.com/soursec/CVEs/tree/main/CVE-2024-45987"
}
]
}

View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45989",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-45989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious third-party or attacker-controlled server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://monica.im/desktop",
"refsource": "MISC",
"name": "https://monica.im/desktop"
},
{
"refsource": "MISC",
"name": "https://github.com/soursec/CVEs/tree/main/CVE-2024-45989",
"url": "https://github.com/soursec/CVEs/tree/main/CVE-2024-45989"
}
]
}

View File

@ -40,8 +40,19 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "16.5"
"version_affected": "<",
"version_name": "16.5",
"version_value": "17.2.8"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3.4"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4.1"
}
]
}
@ -81,18 +92,18 @@
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

View File

@ -1,18 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8118",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@grafana.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-653: Improper Isolation or Compartmentalization",
"cweId": "CWE-653"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Grafana",
"product": {
"product_data": [
{
"product_name": "Grafana",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.5.0",
"version_value": "10.3.10"
},
{
"version_affected": "<",
"version_name": "10.4.0",
"version_value": "10.4.9"
},
{
"version_affected": "<",
"version_name": "11.0.0",
"version_value": "11.0.5"
},
{
"version_affected": "<",
"version_name": "11.1.0",
"version_value": "11.1.6"
},
{
"version_affected": "<",
"version_name": "11.2.0",
"version_value": "11.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://grafana.com/security/security-advisories/cve-2024-8118/",
"refsource": "MISC",
"name": "https://grafana.com/security/security-advisories/cve-2024-8118/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "INTERNAL"
}
}

View File

@ -71,9 +71,14 @@
"name": "https://grafana.com/blog/2024/09/25/grafana-alloy-and-grafana-agent-flow-security-release-high-severity-fix-for-cve-2024-8975-and-cve-2024-8996/"
},
{
"url": "https://github.com/grafana/alloy/releases/tag/v1.4.0",
"url": "https://github.com/grafana/alloy/releases/tag/v1.4.1",
"refsource": "MISC",
"name": "https://github.com/grafana/alloy/releases/tag/v1.4.0"
"name": "https://github.com/grafana/alloy/releases/tag/v1.4.1"
},
{
"url": "https://github.com/grafana/alloy/releases/tag/v1.3.4",
"refsource": "MISC",
"name": "https://github.com/grafana/alloy/releases/tag/v1.3.4"
}
]
},
@ -103,10 +108,10 @@
{
"base64": false,
"type": "text/html",
"value": "Uninstall Alloy, and then perform a clean install with version either 1.3.3 or 1.4.0 or a higher version<br>"
"value": "Uninstall Alloy, and then perform a clean install with version either 1.3.4 or 1.4.1 or a higher version<br>"
}
],
"value": "Uninstall Alloy, and then perform a clean install with version either 1.3.3 or 1.4.0 or a higher version"
"value": "Uninstall Alloy, and then perform a clean install with version either 1.3.4 or 1.4.1 or a higher version"
}
],
"impact": {

View File

@ -66,9 +66,9 @@
"name": "https://grafana.com/blog/2024/09/25/grafana-alloy-and-grafana-agent-flow-security-release-high-severity-fix-for-cve-2024-8975-and-cve-2024-8996/"
},
{
"url": "https://github.com/grafana/agent/releases/tag/v0.43.2",
"url": "https://github.com/grafana/agent/releases/tag/v0.43.3",
"refsource": "MISC",
"name": "https://github.com/grafana/agent/releases/tag/v0.43.2"
"name": "https://github.com/grafana/agent/releases/tag/v0.43.3"
}
]
},
@ -98,10 +98,10 @@
{
"base64": false,
"type": "text/html",
"value": "Uninstall Agent Flow, and then perform a clean install with version either 0.43.1 or a higher version<br>"
"value": "Uninstall Agent Flow, and then perform a clean install with version either 0.43.3 or a higher version<br>"
}
],
"value": "Uninstall Agent Flow, and then perform a clean install with version either 0.43.1 or a higher version"
"value": "Uninstall Agent Flow, and then perform a clean install with version either 0.43.3 or a higher version"
}
],
"impact": {

View File

@ -1,17 +1,129 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9203",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 6.10.1 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Enpass Password Manager bis 6.9.5 f\u00fcr Windows entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion. Durch Manipulieren mit unbekannten Daten kann eine cleartext storage of sensitive information in memory-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Ein Aktualisieren auf die Version 6.10.1 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information in Memory",
"cweId": "CWE-316"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Enpass",
"product": {
"product_data": [
{
"product_name": "Password Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.9.0"
},
{
"version_affected": "=",
"version_value": "6.9.1"
},
{
"version_affected": "=",
"version_value": "6.9.2"
},
{
"version_affected": "=",
"version_value": "6.9.3"
},
{
"version_affected": "=",
"version_value": "6.9.4"
},
{
"version_affected": "=",
"version_value": "6.9.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.278561",
"refsource": "MISC",
"name": "https://vuldb.com/?id.278561"
},
{
"url": "https://vuldb.com/?ctiid.278561",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.278561"
},
{
"url": "https://vuldb.com/?submit.411207",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.411207"
},
{
"url": "https://www.enpass.io/release-notes/windows-10-desktop/",
"refsource": "MISC",
"name": "https://www.enpass.io/release-notes/windows-10-desktop/"
}
]
},
"credits": [
{
"lang": "en",
"value": "efchatz (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.5,
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 1,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N"
}
]
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9229",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9230",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9231",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9232",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9233",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9234",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9235",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}