admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-09 14:00:34 +00:00
parent 4acedb95d1
commit c0f939970f
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 445 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/38xxx/CVE-2023-38545.json
View File

@ -127,6 +127,11 @@
"url": "https://security.netapp.com/advisory/ntap-20240201-0005/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240201-0005/"
},
{
"url": "https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868",
"refsource": "MISC",
"name": "https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868"
}
]
}

5
2023/38xxx/CVE-2023-38546.json
View File

@ -112,6 +112,11 @@
"url": "http://seclists.org/fulldisclosure/2024/Jan/38",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Jan/38"
},
{
"url": "https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868",
"refsource": "MISC",
"name": "https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868"
}
]
}

142
2023/39xxx/CVE-2023-39328.json
View File

@ -1,17 +1,151 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39328",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-39328",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-39328"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219236",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2219236"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

2
2023/51xxx/CVE-2023-51104.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero."
"value": "A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero."
}
]
},

100
2024/2xxx/CVE-2024-2177.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2177",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
"cweId": "CWE-1021"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.3",
"version_value": "16.11.5"
},
{
"version_affected": "<",
"version_name": "17.0",
"version_value": "17.0.3"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/444467",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/444467"
},
{
"url": "https://hackerone.com/reports/2383443",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2383443"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 16.11.5, 17.0.3, 17.1.1 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
}
]
}

5
2024/3xxx/CVE-2024-3596.json
View File

@ -88,6 +88,11 @@
"url": "https://www.blastradius.fail/",
"refsource": "MISC",
"name": "https://www.blastradius.fail/"
},
{
"url": "https://www.kb.cert.org/vuls/id/456537",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/456537"
}
]
},

18
2024/40xxx/CVE-2024-40725.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40725",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

76
2024/6xxx/CVE-2024-6527.json
View File

@ -1,18 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6527",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in parameter \"w\" in file \"druk.php\" in MegaBIP software allows unauthorized attacker to\u00a0disclose the contents of the database and obtain administrator's token to modify the content of pages.\u00a0 This issue affects MegaBIP software versions through 5.13."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jan Syski",
"product": {
"product_data": [
{
"product_name": "MegaBIP",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "5.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.pl/en/posts/2024/07/CVE-2024-6527/",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2024/07/CVE-2024-6527/"
},
{
"url": "https://cert.pl/posts/2024/07/CVE-2024-6527/",
"refsource": "MISC",
"name": "https://cert.pl/posts/2024/07/CVE-2024-6527/"
},
{
"url": "https://megabip.pl/",
"refsource": "MISC",
"name": "https://megabip.pl/"
},
{
"url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej",
"refsource": "MISC",
"name": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

87
2024/6xxx/CVE-2024-6598.json Normal file
View File

@ -0,0 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-6598",
"ASSIGNER": "security@knime.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. It allows an authenticated attacker with job execution privileges to execute a job that causes internal messages to pile up until there are no more resources available for processing new messages. This leads to an outage of most functionality of KNIME Business Hub. Recovery from the situation is only possible by manual administrator interaction. Please contact our support for instructions in case you have run into this situation.\n\n\nUpdating to KNIME Business Hub 1.10.2 or later solves the problem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KNIME",
"product": {
"product_data": [
{
"product_name": "KNIME Business Hub",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.10.0",
"version_value": "1.10.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cms.knime.com/security/advisories#CVE-2024-6598",
"refsource": "MISC",
"name": "https://cms.knime.com/security/advisories#CVE-2024-6598"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"defect": [
"HUB-8149"
],
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to KNIME Business Hub 1.10.2<br>"
}
],
"value": "Update to KNIME Business Hub 1.10.2"
}
]
}

18
2024/6xxx/CVE-2024-6599.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}