admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-16 22:00:30 +00:00
parent 823835f36e
commit ba3a0e6ee7
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 292 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2024/10xxx/CVE-2024-10054.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10054",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

15
2024/39xxx/CVE-2024-39516.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved\u00a0allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\n\n\nThis issue only affects systems with BGP traceoptions enabled. Systems without BGP traceoptions enabled are not affected by this issue.\n\n\n\n\n\nThis issue affects iBGP and eBGP with \n\nany address family\n\n configured.\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * All versions before 21.4R3-S8,\n * 22.2 before 22.2R3-S5,\u00a0\n * 22.3 before 22.3R3-S4,\u00a0\n * 22.4 before 22.4R3-S3,\u00a0\n * 23.2 before 23.2R2-S2,\u00a0\n * 23.4 before 23.4R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S8-EVO,\u00a0\n * 22.2-EVO before 22.2R3-S5-EVO,\u00a0\n * 22.3-EVO before 22.3R3-S4-EVO,\u00a0\n * 22.4-EVO before 22.4R3-S3-EVO,\u00a0\n * 23.2-EVO before 23.2R2-S2-EVO,\u00a0\n * 23.4-EVO before 23.4R2-EVO."
"value": "An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved\u00a0allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\n\nThis issue only affects systems configured in\n either of two ways:\n\n \n \n * systems with BGP traceoptions enabled\n\n * systems with BGP traffic engineering\n configured\n\n \n\n\nThis issue can affect iBGP and eBGP with \n\nany address family\n\n configured.\u00a0The specific attribute involved is non-transitive, and will not propagate across a network.\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * All versions before 21.4R3-S8,\n * 22.2 before 22.2R3-S5,\u00a0\n * 22.3 before 22.3R3-S4,\u00a0\n * 22.4 before 22.4R3-S3,\u00a0\n * 23.2 before 23.2R2-S2,\u00a0\n * 23.4 before 23.4R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S8-EVO,\u00a0\n * 22.2-EVO before 22.2R3-S5-EVO,\u00a0\n * 22.3-EVO before 22.3R3-S4-EVO,\u00a0\n * 22.4-EVO before 22.4R3-S3-EVO,\u00a0\n * 23.2-EVO before 23.2R2-S2-EVO,\u00a0\n * 23.4-EVO before 23.4R2-EVO."
}
]
},
@ -121,6 +121,11 @@
"url": "https://supportportal.juniper.net/JSA88100",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/JSA88100"
},
{
"url": "https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/traceoptions-edit-protocols-bgp.html",
"refsource": "MISC",
"name": "https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/traceoptions-edit-protocols-bgp.html"
}
]
},
@ -141,10 +146,10 @@
{
"base64": false,
"type": "text/html",
"value": "One of the following traceoptions configurations, either at the top level, under [logical-systems], or [routing-instances], is required to be potentially exposed to this issue:<br><br><tt>[protocols bgp traceoptions]<br>[protocols bgp group &lt;group-name&gt; traceoptions]<br>[protocols bgp group &lt;group-name&gt; neighbor &lt;address&gt; traceoptions]<br></tt>"
"value": "One of the following traceoptions configurations, either at the top level, under [logical-systems], or [routing-instances], is required to be potentially exposed to this issue:<br><br><tt>[protocols bgp traceoptions packets detail]<br>\n\n[protocols bgp traceoptions update detail]\n\n<br></tt>\n\n<tt>[protocols bgp group &lt;group-name&gt; traceoptions\n\n packets detail]<br></tt><tt>[protocols bgp group &lt;group-name&gt; traceoptions\n\n update detail]<br>\n\n<tt>[protocols bgp group &lt;group-name&gt; neighbor &lt;address&gt; traceoptions\n\n packets detail]</tt><br>\n\n[protocols bgp group &lt;group-name&gt; neighbor &lt;address&gt; traceoptions\n\n update detail]</tt><br>\n\n<br>Systems configured with BGP traffic engineering are also vulnerable to this issue:<br><br><tt>[protocols bgp group &lt;name&gt; family traffic-engineering unicast]</tt>"
}
],
"value": "One of the following traceoptions configurations, either at the top level, under [logical-systems], or [routing-instances], is required to be potentially exposed to this issue:\n\n[protocols bgp traceoptions]\n[protocols bgp group <group-name> traceoptions]\n[protocols bgp group <group-name> neighbor <address> traceoptions]"
"value": "One of the following traceoptions configurations, either at the top level, under [logical-systems], or [routing-instances], is required to be potentially exposed to this issue:\n\n[protocols bgp traceoptions packets detail]\n\n\n[protocols bgp traceoptions update detail]\n\n\n\n\n[protocols bgp group <group-name> traceoptions\n\n packets detail]\n[protocols bgp group <group-name> traceoptions\n\n update detail]\n\n\n[protocols bgp group <group-name> neighbor <address> traceoptions\n\n packets detail]\n\n\n[protocols bgp group <group-name> neighbor <address> traceoptions\n\n update detail]\n\n\n\nSystems configured with BGP traffic engineering are also vulnerable to this issue:\n\n[protocols bgp group <name> family traffic-engineering unicast]"
}
],
"work_around": [
@ -154,10 +159,10 @@
{
"base64": false,
"type": "text/html",
"value": "Disable BGP traceoptions if they are not being used for active troubleshooting."
"value": "If BGP traceoptions are enabled, and traffic engineering is not configured, disable BGP traceoptions if they are not being used for active troubleshooting."
}
],
"value": "Disable BGP traceoptions if they are not being used for active troubleshooting."
"value": "If BGP traceoptions are enabled, and traffic engineering is not configured, disable BGP traceoptions if they are not being used for active troubleshooting."
}
],
"exploit": [

72
2024/48xxx/CVE-2024-48918.json
View File

@ -1,18 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48918",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "RDS Light is a simplified version of the Reflective Dialogue System (RDS), a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user input handling code in the main module (`main.py`). This leaves the framework open to injection attacks and potential memory tampering. Any user or external actor providing input to the system could exploit this vulnerability to inject malicious commands, corrupt stored data, or affect API calls. This is particularly critical for users employing RDS AI in production environments where it interacts with sensitive systems, performs dynamic memory caching, or retrieves user-specific data for analysis. Impacted areas include developers using the RDS AI system as a backend for AI-driven applications and systems running RDS AI that may be exposed to untrusted environments or receive unverified user inputs. The vulnerability has been patched in version 1.1.0 of the RDS AI framework. All user inputs are now sanitized and validated against a set of rules designed to mitigate malicious content. Users should upgrade to version 1.1.0 or higher and ensure all dependencies are updated to their latest versions. For users unable to upgrade to the patched version, a workaround can be implemented. The user implementing the workaround should implement custom validation checks for user inputs to filter out unsafe characters and patterns (e.g., SQL injection attempts, script injections) and limit or remove features that allow user input until the system can be patched."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "RDSaiPlatforms",
"product": {
"product_data": [
{
"product_name": "RDSlight",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/RDSaiPlatforms/RDSlight/security/advisories/GHSA-5f6w-8mqh-hv2g",
"refsource": "MISC",
"name": "https://github.com/RDSaiPlatforms/RDSlight/security/advisories/GHSA-5f6w-8mqh-hv2g"
},
{
"url": "https://github.com/RDSaiPlatforms/RDSlight/commit/7dac0e214a344447a2a8ea7414188c38c6a61a6e",
"refsource": "MISC",
"name": "https://github.com/RDSaiPlatforms/RDSlight/commit/7dac0e214a344447a2a8ea7414188c38c6a61a6e"
}
]
},
"source": {
"advisory": "GHSA-5f6w-8mqh-hv2g",
"discovery": "UNKNOWN"
}
}

18
2024/49xxx/CVE-2024-49576.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49576",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

90
2024/7xxx/CVE-2024-7993.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7993",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Autodesk",
"product": {
"product_data": [
{
"product_name": "Revit",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0018",
"refsource": "MISC",
"name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0018"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

90
2024/7xxx/CVE-2024-7994.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7994",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@autodesk.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Autodesk",
"product": {
"product_data": [
{
"product_name": "Revit",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0017",
"refsource": "MISC",
"name": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0017"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

6
2024/9xxx/CVE-2024-9676.json
View File

@ -216,6 +216,12 @@
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Erik Sj\u00f6lund <erik.sjolund@gmail.com> for reporting this issue."
}
],
"impact": {
"cvss": [
{