admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-06 19:00:57 +00:00
parent 32a6b61582
commit b4535a1c49
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 408 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2024/35xxx/CVE-2024-35498.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35498",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/r4vanan/Stored-xss-Grav-v1.7.45",
"refsource": "MISC",
"name": "https://github.com/r4vanan/Stored-xss-Grav-v1.7.45"
},
{
"refsource": "MISC",
"name": "https://r4vanan.medium.com/a-quick-dive-into-xss-vulnerability-in-grav-cms-v1-7-45-cve-2024-35498-fc236b7d74a0",
"url": "https://r4vanan.medium.com/a-quick-dive-into-xss-vulnerability-in-grav-cms-v1-7-45-cve-2024-35498-fc236b7d74a0"
}
]
}

61
2024/46xxx/CVE-2024-46209.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-46209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/h4ckr4v3n/research_redaxo_5_17_1.git",
"refsource": "MISC",
"name": "https://github.com/h4ckr4v3n/research_redaxo_5_17_1.git"
},
{
"refsource": "MISC",
"name": "https://github.com/h4ckr4v3n/CVE-2024-46209/blob/main/REDAXO%20Stored%20XSS%20%2B%20RCE.pdf",
"url": "https://github.com/h4ckr4v3n/CVE-2024-46209/blob/main/REDAXO%20Stored%20XSS%20%2B%20RCE.pdf"
}
]
}

61
2024/55xxx/CVE-2024-55407.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55407",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-55407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://ite.com",
"refsource": "MISC",
"name": "http://ite.com"
},
{
"refsource": "MISC",
"name": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55407/CVE-2024-55407_Winio64.sys_README.md",
"url": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55407/CVE-2024-55407_Winio64.sys_README.md"
}
]
}

61
2024/55xxx/CVE-2024-55408.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55408",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-55408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in the AsusSAIO.sys component of ASUS System Analysis IO v1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://asus.com",
"refsource": "MISC",
"name": "http://asus.com"
},
{
"refsource": "MISC",
"name": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55408/CVE-2024-55408_AsusSAIO.sys_README.md",
"url": "https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55408/CVE-2024-55408_AsusSAIO.sys_README.md"
}
]
}

105
2024/55xxx/CVE-2024-55628.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-405: Asymmetric Resource Consumption (Amplification)",
"cweId": "CWE-405"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-779: Logging of Excessive Data",
"cweId": "CWE-779"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OISF",
"product": {
"product_data": [
{
"product_name": "suricata",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 7.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j",
"refsource": "MISC",
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j"
},
{
"url": "https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951",
"refsource": "MISC",
"name": "https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951"
},
{
"url": "https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d",
"refsource": "MISC",
"name": "https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d"
},
{
"url": "https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d",
"refsource": "MISC",
"name": "https://github.com/OISF/suricata/commit/3a5671739f5b25e5dd973a74ca5fd8ea40e1ae2d"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/7280",
"refsource": "MISC",
"name": "https://redmine.openinfosecfoundation.org/issues/7280"
}
]
},
"source": {
"advisory": "GHSA-96w4-jqwf-qx2j",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

91
2024/55xxx/CVE-2024-55629.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55629",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications at the TCP endpoints, leading to possible evasions. Suricata 7.0.8 includes options to allow users to configure how to handle TCP urgent data. In IPS mode, you can use a rule such as drop tcp any any -> any any (sid:1; tcp.flags:U*;) to drop all the packets with urgent flag set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-437: Incomplete Model of Endpoint Features",
"cweId": "CWE-437"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OISF",
"product": {
"product_data": [
{
"product_name": "suricata",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 7.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2",
"refsource": "MISC",
"name": "https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2"
},
{
"url": "https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7",
"refsource": "MISC",
"name": "https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7"
},
{
"url": "https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8",
"refsource": "MISC",
"name": "https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/7411",
"refsource": "MISC",
"name": "https://redmine.openinfosecfoundation.org/issues/7411"
}
]
},
"source": {
"advisory": "GHSA-69wr-vhwg-84h2",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}