mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
6a391449e2
commit
b1edfc84ae
@ -61,6 +61,11 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2024-c0b61ab46b",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLDUDJOWZAKBQMQ7XYNJTRCFPOB56BOE/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2024-e6a35cd250",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3ZNVRL5PCTMMA3ZBDKH5WH4RT4ST3HW/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -61,6 +61,11 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2024-c0b61ab46b",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLDUDJOWZAKBQMQ7XYNJTRCFPOB56BOE/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2024-e6a35cd250",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3ZNVRL5PCTMMA3ZBDKH5WH4RT4ST3HW/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -85,20 +85,6 @@
|
||||
"product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "0:4.18.0-305.125.1.rt7.201.el8_4",
|
||||
"lessThan": "*",
|
||||
"versionType": "rpm",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
@ -326,11 +312,6 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2024:1367"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2024:1382",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2024:1382"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2023-4459",
|
||||
"refsource": "MISC",
|
||||
|
@ -85,20 +85,6 @@
|
||||
"product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "0:4.18.0-305.125.1.rt7.201.el8_4",
|
||||
"lessThan": "*",
|
||||
"versionType": "rpm",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
@ -371,11 +357,6 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2024:1367"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2024:1382",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2024:1382"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2023-7192",
|
||||
"refsource": "MISC",
|
||||
|
@ -214,20 +214,6 @@
|
||||
"product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"version": "0:4.18.0-305.125.1.rt7.201.el8_4",
|
||||
"lessThan": "*",
|
||||
"versionType": "rpm",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
@ -262,12 +248,6 @@
|
||||
],
|
||||
"defaultStatus": "affected"
|
||||
}
|
||||
},
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -612,16 +592,6 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2024:1368"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2024:1377",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2024:1377"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2024:1382",
|
||||
"refsource": "MISC",
|
||||
"name": "https://access.redhat.com/errata/RHSA-2024:1382"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2024-0646",
|
||||
"refsource": "MISC",
|
||||
|
@ -66,6 +66,11 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2024-4e6e660fae",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/"
|
||||
},
|
||||
{
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2024-40b98c9ced",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,109 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-29027",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. The patch in versions 6.5.5 and 7.0.0-alpha.29 added string sanitation for Cloud Function name and Cloud Job name. As a workaround, sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
|
||||
"cweId": "CWE-74"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "parse-community",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "parse-server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 6.5.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": ">= 7.0.0-alpha.1, < 7.0.0-alpha.29"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/parse-community/parse-server/releases/tag/6.5.5",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/parse-community/parse-server/releases/tag/6.5.5"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-6hh7-46r2-vf29",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.1,
|
||||
"baseSeverity": "CRITICAL",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -95,11 +95,6 @@
|
||||
"url": "https://kb.cert.org/vuls/id/417980",
|
||||
"refsource": "MISC",
|
||||
"name": "https://kb.cert.org/vuls/id/417980"
|
||||
},
|
||||
{
|
||||
"url": "https://www.kb.cert.org/vuls/id/417980",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.kb.cert.org/vuls/id/417980"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -1,17 +1,112 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2604",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257182 is the identifier assigned to this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "In SourceCodester File Manager App 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /endpoint/update-file.php. Mit der Manipulation des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-434 Unrestricted Upload",
|
||||
"cweId": "CWE-434"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "SourceCodester",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "File Manager App",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.257182",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.257182"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.257182",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.257182"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/Arbitrary%20File%20Upload%20-%20update-file.php.md",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/Arbitrary%20File%20Upload%20-%20update-file.php.md"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Joshua Lictan"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "nochizplz (VulDB User)"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "nochizplz (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 6.3,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 6.3,
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,18 +1,75 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2615",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@mozilla.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Memory safety bugs fixed in Firefox 124"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Mozilla",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Firefox",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "unspecified",
|
||||
"version_value": "124"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1881074%2C1882438%2C1881650",
|
||||
"refsource": "MISC",
|
||||
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1881074%2C1882438%2C1881650"
|
||||
},
|
||||
{
|
||||
"url": "https://www.mozilla.org/security/advisories/mfsa2024-12/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Paul Bone and the Mozilla Fuzzing Team"
|
||||
}
|
||||
]
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user