admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-03 16:00:36 +00:00
parent adb41d4fa5
commit ae7c26398e
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 577 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
2023/30xxx/CVE-2023-30617.json
View File

@ -1,17 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30617",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the \"captured\" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250: Execution with Unnecessary Privileges",
"cweId": "CWE-250"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openkruise",
"product": {
"product_data": [
{
"product_name": "kruise",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.8.0, < 1.3.1"
},
{
"version_affected": "=",
"version_value": "= 1.4.0"
},
{
"version_affected": "=",
"version_value": ">= 1.5.0, < 1.5.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/openkruise/kruise/security/advisories/GHSA-437m-7hj5-9mpw",
"refsource": "MISC",
"name": "https://github.com/openkruise/kruise/security/advisories/GHSA-437m-7hj5-9mpw"
}
]
},
"source": {
"advisory": "GHSA-437m-7hj5-9mpw",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

81
2023/46xxx/CVE-2023-46738.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46738",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to control the ammount of memory that the ObjectNode would allocate. A malicious request could make the ObjectNode allocate more memory that the machine had available, and the attacker could exhaust memory by way of a single malicious request. An attacker would need to be authenticated in order to invoke the vulnerable code with their malicious request and have permissions to delete objects. In addition, the attacker would need to know the names of existing buckets of the CubeFS deployment - otherwise the request would be rejected before it reached the vulnerable code. As such, the most likely attacker is an inside user or an attacker that has breached the account of an existing user in the cluster. The issue has been patched in v3.3.1. There is no other mitigation besides upgrading."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cubefs",
"product": {
"product_data": [
{
"product_name": "cubefs",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-qc6v-g3xw-grmx",
"refsource": "MISC",
"name": "https://github.com/cubefs/cubefs/security/advisories/GHSA-qc6v-g3xw-grmx"
},
{
"url": "https://github.com/cubefs/cubefs/commit/dd46c24873c8f3df48d0a598b704ef9bd24b1ec1",
"refsource": "MISC",
"name": "https://github.com/cubefs/cubefs/commit/dd46c24873c8f3df48d0a598b704ef9bd24b1ec1"
}
]
},
"source": {
"advisory": "GHSA-qc6v-g3xw-grmx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

18
2024/0xxx/CVE-2024-0219.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0219",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/0xxx/CVE-2024-0220.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0220",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

91
2024/21xxx/CVE-2024-21907.json
View File

@ -1,18 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21907",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions",
"cweId": "CWE-755"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/JamesNK/Newtonsoft.Json/issues/2457",
"refsource": "MISC",
"name": "https://github.com/JamesNK/Newtonsoft.Json/issues/2457"
},
{
"url": "https://github.com/JamesNK/Newtonsoft.Json/pull/2462",
"refsource": "MISC",
"name": "https://github.com/JamesNK/Newtonsoft.Json/pull/2462"
},
{
"url": "https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66",
"refsource": "MISC",
"name": "https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66"
},
{
"url": "https://alephsecurity.com/2018/10/22/StackOverflowException/",
"refsource": "MISC",
"name": "https://alephsecurity.com/2018/10/22/StackOverflowException/"
},
{
"url": "https://alephsecurity.com/vulns/aleph-2018004",
"refsource": "MISC",
"name": "https://alephsecurity.com/vulns/aleph-2018004"
},
{
"url": "https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678",
"refsource": "MISC",
"name": "https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678"
},
{
"url": "https://github.com/advisories/GHSA-5crp-9r3c-p9vr",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-5crp-9r3c-p9vr"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

71
2024/21xxx/CVE-2024-21908.json
View File

@ -1,18 +1,81 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21908",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nTinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg",
"refsource": "MISC",
"name": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg"
},
{
"url": "https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes",
"refsource": "MISC",
"name": "https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes"
},
{
"url": "https://github.com/advisories/GHSA-5h9g-x5rv-25wg",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-5h9g-x5rv-25wg"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5h9g-x5rv-25wg",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-5h9g-x5rv-25wg"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

76
2024/21xxx/CVE-2024-21909.json
View File

@ -1,18 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21909",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of \nservice vulnerability. An attacker may trigger the denial of service \ncondition by providing crafted data to the DecodeFromBytes or other \ndecoding mechanisms in PeterO.Cbor. Depending on the usage of the \nlibrary, an unauthenticated and remote attacker may be able to cause the\n denial of service condition.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-407 Inefficient Algorithmic Complexity",
"cweId": "CWE-407"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg",
"refsource": "MISC",
"name": "https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg"
},
{
"url": "https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95",
"refsource": "MISC",
"name": "https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95"
},
{
"url": "https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1",
"refsource": "MISC",
"name": "https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1"
},
{
"url": "https://github.com/advisories/GHSA-6r92-cgxc-r5fg",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-6r92-cgxc-r5fg"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

81
2024/21xxx/CVE-2024-21910.json
View File

@ -1,18 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21910",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39",
"refsource": "MISC",
"name": "https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39"
},
{
"url": "https://github.com/jazzband/django-tinymce/issues/366",
"refsource": "MISC",
"name": "https://github.com/jazzband/django-tinymce/issues/366"
},
{
"url": "https://github.com/jazzband/django-tinymce/releases/tag/3.4.0",
"refsource": "MISC",
"name": "https://github.com/jazzband/django-tinymce/releases/tag/3.4.0"
},
{
"url": "https://pypi.org/project/django-tinymce/3.4.0/",
"refsource": "MISC",
"name": "https://pypi.org/project/django-tinymce/3.4.0/"
},
{
"url": "https://github.com/advisories/GHSA-r8hm-w5f7-wj39",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-r8hm-w5f7-wj39"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

76
2024/21xxx/CVE-2024-21911.json
View File

@ -1,18 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21911",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65",
"refsource": "MISC",
"name": "https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65"
},
{
"url": "https://www.npmjs.com/package/tinymce",
"refsource": "MISC",
"name": "https://www.npmjs.com/package/tinymce"
},
{
"url": "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes",
"refsource": "MISC",
"name": "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes"
},
{
"url": "https://github.com/advisories/GHSA-w7jx-j77m-wp65",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-w7jx-j77m-wp65"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}