admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-07 21:00:36 +00:00
parent 4f5bea9f96
commit b75d0be7df
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
20 changed files with 1687 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
2024/43xxx/CVE-2024-43362.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43362",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cacti",
"product": {
"product_data": [
{
"product_name": "cacti",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.2.28"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c",
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c"
}
]
},
"source": {
"advisory": "GHSA-wh9c-v56x-v77c",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
}
]
}

76
2024/43xxx/CVE-2024-43363.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43363",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cacti",
"product": {
"product_data": [
{
"product_name": "cacti",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.2.28"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4",
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4"
}
]
},
"source": {
"advisory": "GHSA-gxq4-mv8h-6qj4",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

76
2024/43xxx/CVE-2024-43364.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43364",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cacti",
"product": {
"product_data": [
{
"product_name": "cacti",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.2.28"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5",
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5"
}
]
},
"source": {
"advisory": "GHSA-fgc6-g8gc-wcg5",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

76
2024/43xxx/CVE-2024-43365.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43365",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the \u201cconsolenewsection\u201d parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cacti",
"product": {
"product_data": [
{
"product_name": "cacti",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.2.28"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr",
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr"
}
]
},
"source": {
"advisory": "GHSA-49f2-hwx9-qffr",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

80
2024/43xxx/CVE-2024-43789.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43789",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "stable: < 3.3.1"
},
{
"version_affected": "=",
"version_value": "beta: < 3.4.0.beta1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-62cq-cpmc-hvqq",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-62cq-cpmc-hvqq"
}
]
},
"source": {
"advisory": "GHSA-62cq-cpmc-hvqq",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

80
2024/45xxx/CVE-2024-45051.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45051",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "stable: < 3.3.2"
},
{
"version_affected": "=",
"version_value": "beta: < 3.4.0.beta2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2vjv-pgh4-6rmq",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-2vjv-pgh4-6rmq"
}
]
},
"source": {
"advisory": "GHSA-2vjv-pgh4-6rmq",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
]
}

89
2024/45xxx/CVE-2024-45060.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45060",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting (XSS) vulnerability due to improper handling of input where a number is expected leading to formula injection. The code in in `45_Quadratic_equation_solver.php` concatenates the user supplied parameters directly into spreadsheet formulas. This allows an attacker to take control over the formula and output unsanitized data into the page, resulting in JavaScript execution. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHPOffice",
"product": {
"product_data": [
{
"product_name": "PhpSpreadsheet",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.29.2"
},
{
"version_affected": "=",
"version_value": ">= 2.0.0, < 2.1.1"
},
{
"version_affected": "=",
"version_value": ">= 2.2.0, < 2.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-v66g-p9x6-v98p",
"refsource": "MISC",
"name": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-v66g-p9x6-v98p"
},
{
"url": "https://github.com/PHPOffice/PhpSpreadsheet/blob/d50b8b5de7e30439fb57eae7df9ea90e79fa0f2d/samples/Basic/45_Quadratic_equation_solver.php#L56",
"refsource": "MISC",
"name": "https://github.com/PHPOffice/PhpSpreadsheet/blob/d50b8b5de7e30439fb57eae7df9ea90e79fa0f2d/samples/Basic/45_Quadratic_equation_solver.php#L56"
}
]
},
"source": {
"advisory": "GHSA-v66g-p9x6-v98p",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
}
]
}

98
2024/45xxx/CVE-2024-45290.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45290",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from GHSA-w9xv-qf98-ccq4, and resides in a different component. An attacker can access any file on the server, or leak information form arbitrary URLs, potentially exposing sensitive information such as AWS IAM credentials. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-36: Absolute Path Traversal",
"cweId": "CWE-36"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHPOffice",
"product": {
"product_data": [
{
"product_name": "PhpSpreadsheet",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.29.2"
},
{
"version_affected": "=",
"version_value": ">= 2.0.0, < 2.1.1"
},
{
"version_affected": "=",
"version_value": ">= 2.2.0, < 2.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-5gpr-w2p5-6m37",
"refsource": "MISC",
"name": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-5gpr-w2p5-6m37"
},
{
"url": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-w9xv-qf98-ccq4",
"refsource": "MISC",
"name": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-w9xv-qf98-ccq4"
}
]
},
"source": {
"advisory": "GHSA-5gpr-w2p5-6m37",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

93
2024/45xxx/CVE-2024-45291.json
View File

@ -1,17 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45291",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files will be included in the output as `data:` URLs, regardless of the file's type. Also URLs can be used for embedding, resulting in a Server-Side Request Forgery vulnerability. When embedding images has been enabled, an attacker can read arbitrary files on the server and perform arbitrary HTTP GET requests. Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. there are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-36: Absolute Path Traversal",
"cweId": "CWE-36"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHPOffice",
"product": {
"product_data": [
{
"product_name": "PhpSpreadsheet",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.29.2"
},
{
"version_affected": "=",
"version_value": ">= 2.0.0, < 2.1.1"
},
{
"version_affected": "=",
"version_value": ">= 2.2.0, < 2.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-w9xv-qf98-ccq4",
"refsource": "MISC",
"name": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-w9xv-qf98-ccq4"
}
]
},
"source": {
"advisory": "GHSA-w9xv-qf98-ccq4",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

84
2024/45xxx/CVE-2024-45292.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45292",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. `\\PhpOffice\\PhpSpreadsheet\\Writer\\Html` does not sanitize \"javascript:\" URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHPOffice",
"product": {
"product_data": [
{
"product_name": "PhpSpreadsheet",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.29.2"
},
{
"version_affected": "=",
"version_value": ">= 2.0.0, < 2.1.1"
},
{
"version_affected": "=",
"version_value": ">= 2.2.0, < 2.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-r8w8-74ww-j4wh",
"refsource": "MISC",
"name": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-r8w8-74ww-j4wh"
}
]
},
"source": {
"advisory": "GHSA-r8w8-74ww-j4wh",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

84
2024/45xxx/CVE-2024-45293.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45293",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel (XLSX) sheets, Server files and sensitive information can be disclosed by providing a crafted sheet. The security scan function in src/PhpSpreadsheet/Reader/Security/XmlScanner.php contains a flawed XML encoding check to retrieve the input file's XML encoding in the toUtf8 function. The function searches for the XML encoding through a defined regex which looks for `encoding=\"*\"` and/or `encoding='*'`, if not found, it defaults to the UTF-8 encoding which bypasses the conversion logic. This logic can be used to pass a UTF-7 encoded XXE payload, by utilizing a whitespace before or after the = in the attribute definition. Sensitive information disclosure through the XXE on sites that allow users to upload their own excel spreadsheets, and parse them using PHPSpreadsheet's Excel parser. This issue has been addressed in release versions 1.29.1, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHPOffice",
"product": {
"product_data": [
{
"product_name": "PhpSpreadsheet",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.2.0, < 2.3.0"
},
{
"version_affected": "=",
"version_value": "< 1.29.1"
},
{
"version_affected": "=",
"version_value": ">= 2.0.0, < 2.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-6hwr-6v2f-3m88",
"refsource": "MISC",
"name": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-6hwr-6v2f-3m88"
}
]
},
"source": {
"advisory": "GHSA-6hwr-6v2f-3m88",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

80
2024/45xxx/CVE-2024-45297.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45297",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "stable: < 3.3.2"
},
{
"version_affected": "=",
"version_value": "beta: < 3.4.0.beta2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-58xw-3qr3-53gp",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-58xw-3qr3-53gp"
}
]
},
"source": {
"advisory": "GHSA-58xw-3qr3-53gp",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

81
2024/47xxx/CVE-2024-47610.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47610",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addressed as follows: 1. HTML sanitization has been enabled in the front-end markdown rendering library - `easymde`. 2. Stored markdown is also validated on the backend, to ensure that malicious markdown is not stored in the database. These changes are available in release versions 0.16.5 and later. All users are advised to upgrade. There are no workarounds, an update is required to get the new validation functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "inventree",
"product": {
"product_data": [
{
"product_name": "InvenTree",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.16.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/inventree/InvenTree/security/advisories/GHSA-wp3m-jhgv-rhqr",
"refsource": "MISC",
"name": "https://github.com/inventree/InvenTree/security/advisories/GHSA-wp3m-jhgv-rhqr"
},
{
"url": "https://github.com/inventree/InvenTree/commit/6e37f0cd8ba5fc527412f18f66cd6a37015fa690",
"refsource": "MISC",
"name": "https://github.com/inventree/InvenTree/commit/6e37f0cd8ba5fc527412f18f66cd6a37015fa690"
}
]
},
"source": {
"advisory": "GHSA-wp3m-jhgv-rhqr",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

85
2024/47xxx/CVE-2024-47772.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47772",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of Discourse. All users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum. Users who do upgrade should also consider enabling a CSP as well as a proactive measure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "stable: < 3.3.2"
},
{
"version_affected": "=",
"version_value": "tests-passed: < 3.4.0.beta2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-67mh-xhmf-c56h",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-67mh-xhmf-c56h"
},
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP",
"refsource": "MISC",
"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"
}
]
},
"source": {
"advisory": "GHSA-67mh-xhmf-c56h",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
]
}

235
2024/47xxx/CVE-2024-47973.json
View File

@ -1,17 +1,244 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "Security@Solidigm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In some Solidigm DC Products, a defect in device overprovisioning may provide information disclosure to an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Resource Management"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Solidigm",
"product": {
"product_data": [
{
"product_name": "D7-P5520",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV1AP18"
},
{
"version_affected": "=",
"version_value": "0.0.25-9CV10220"
},
{
"version_affected": "=",
"version_value": "9CV10410"
},
{
"version_affected": "=",
"version_value": "4IAAHPK5"
},
{
"version_affected": "=",
"version_value": "9CV1MA70"
},
{
"version_affected": "=",
"version_value": "9CV1R410"
}
]
}
},
{
"product_name": "D7-P5620",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV1AP18"
},
{
"version_affected": "=",
"version_value": "0.0.25-9CV10220"
},
{
"version_affected": "=",
"version_value": "9CV10410"
},
{
"version_affected": "=",
"version_value": "4IAAHPK5"
}
]
}
},
{
"product_name": "D3-S4510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "XCV10151"
},
{
"version_affected": "=",
"version_value": "XC311151"
}
]
}
},
{
"product_name": "D3-S4610",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "XC311151"
},
{
"version_affected": "=",
"version_value": "XCV10151"
}
]
}
},
{
"product_name": "D3-S4520",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7CV1MD73"
},
{
"version_affected": "=",
"version_value": "7CV1CS02"
},
{
"version_affected": "=",
"version_value": "7CV1DL73"
},
{
"version_affected": "=",
"version_value": "7CV10111"
},
{
"version_affected": "=",
"version_value": "4IYYHPG2"
},
{
"version_affected": "=",
"version_value": "7CV1LR14"
}
]
}
},
{
"product_name": "D3-S4620",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7CV1MD73"
},
{
"version_affected": "=",
"version_value": "7CV1CS02"
},
{
"version_affected": "=",
"version_value": "7CV1DL73"
},
{
"version_affected": "=",
"version_value": "7CV10111"
},
{
"version_affected": "=",
"version_value": "4IYYHPG2"
},
{
"version_affected": "=",
"version_value": "7CV1LR14"
}
]
}
},
{
"product_name": "D5-P5316",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.0-ACV10062"
},
{
"version_affected": "=",
"version_value": "ACV10340"
},
{
"version_affected": "=",
"version_value": "ACV1MA10"
},
{
"version_affected": "=",
"version_value": "ACV1R330"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.solidigm.com/support-page/support-security.htmlhttps://",
"refsource": "MISC",
"name": "https://www.solidigm.com/support-page/support-security.htmlhttps://"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

193
2024/47xxx/CVE-2024-47974.json
View File

@ -1,17 +1,202 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47974",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "Security@Solidigm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "General Race Condition"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Solidigm",
"product": {
"product_data": [
{
"product_name": "D7-P5510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "JCV1NX93"
},
{
"version_affected": "=",
"version_value": "JCV1NP93"
},
{
"version_affected": "=",
"version_value": "JCV1NQ93"
},
{
"version_affected": "=",
"version_value": "JCV10400"
}
]
}
},
{
"product_name": "D7-P5520",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV1AP18"
},
{
"version_affected": "=",
"version_value": "1.0.0-9CV10314"
},
{
"version_affected": "=",
"version_value": "9CV10410"
},
{
"version_affected": "=",
"version_value": "4IAAHPK5"
},
{
"version_affected": "=",
"version_value": "9CV1MA70"
}
]
}
},
{
"product_name": "D7-P5620",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV1AP18"
},
{
"version_affected": "=",
"version_value": "1.0.0-9CV10314"
},
{
"version_affected": "=",
"version_value": "9CV10410"
},
{
"version_affected": "=",
"version_value": "4IAAHPK5"
},
{
"version_affected": "=",
"version_value": "9CV1MA70"
}
]
}
},
{
"product_name": "D7-P5500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CV10C034"
},
{
"version_affected": "=",
"version_value": "1.3.0-2CV10300"
},
{
"version_affected": "=",
"version_value": "2CV1L031"
},
{
"version_affected": "=",
"version_value": "2CV1RC53"
},
{
"version_affected": "=",
"version_value": "2CV10300"
}
]
}
},
{
"product_name": "D7-P5600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CV10C034"
},
{
"version_affected": "=",
"version_value": "1.3.0-2CV10300"
},
{
"version_affected": "=",
"version_value": "2CV1L031"
},
{
"version_affected": "=",
"version_value": "2CV10300"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://https://www.solidigm.com/support-page/support-security.html",
"refsource": "MISC",
"name": "https://https://www.solidigm.com/support-page/support-security.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

141
2024/7xxx/CVE-2024-7885.json
View File

@ -61,6 +61,124 @@
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 7.1.0",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.2.33-2.SP2_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:7.4.18-1.GA_redhat_00003.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.2.33-2.SP2_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:7.4.18-1.GA_redhat_00003.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.2.33-2.SP2_redhat_00001.1.el7eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:7.4.18-1.GA_redhat_00003.1.el7eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 8",
"version": {
@ -291,19 +409,6 @@
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"version": {
@ -384,6 +489,16 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:7442"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:7735",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:7735"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:7736",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:7736"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-7885",
"refsource": "MISC",

2
2024/9xxx/CVE-2024-9513.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument username leads to information exposure through discrepancy. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
"value": "A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument username leads to information exposure through discrepancy. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure is planning to release a fix in mid-October 2024."
},
{
"lang": "deu",

18
2024/9xxx/CVE-2024-9604.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9604",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9605.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9605",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}