admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-02 22:00:36 +00:00
parent c89f9ae5b2
commit c28af6386e
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 224 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2024/39xxx/CVE-2024-39549.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).\n\nConsumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).\n\nMemory utilization could be monitored by:\u00a0\nuser@host> show system memory or show system monitor memory status\n\nThis issue affects:\n\nJunos OS:\u00a0 * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S8,\n\n * from 22.2 before 22.2R3-S4,\u00a0\n * from 22.3 before 22.3R3-S3,\u00a0\n * from 22.4 before 22.4R3-S3,\n * from 23.2 before 23.2R2-S1,\u00a0\n * from 23.4 before 23.4R1-S2, 23.4R2,\n * from 24.2 before\u00a024.2R2-EVO.\n\n\nJunos OS Evolved:\n * All versions before 21.2R3-S8-EVO, \n * from 21.4 before 21.4R3-S8-EVO,\n * from 22.2 before 22.2R3-S4-EVO, \n * from 22.3 before 22.3R3-S3-EVO, \n * from 22.4 before 22.4R3-S3-EVO,\n\n * from 23.2 before 23.2R2-S1-EVO, \n * from 23.4 before 23.4R1-S2, 23.4R2,\n * from 24.2 before 24.2R2-EVO."
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).\n\nConsumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).\n\nMemory utilization could be monitored by:\u00a0\nuser@host> show system memory or show system monitor memory status\n\nThis issue affects:\n\nJunos OS:\u00a0 * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S8,\n\n * from 22.2 before 22.2R3-S4,\u00a0\n * from 22.3 before 22.3R3-S3,\u00a0\n * from 22.4 before 22.4R3-S3,\n * from 23.2 before 23.2R2-S1,\u00a0\n * from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nJunos OS Evolved:\n * All versions before 21.2R3-S8-EVO, \n * from 21.4 before 21.4R3-S8-EVO,\n * from 22.2 before 22.2R3-S4-EVO, \n * from 22.3 before 22.3R3-S3-EVO, \n * from 22.4 before 22.4R3-S3-EVO,\n\n * from 23.2 before 23.2R2-S1-EVO, \n * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO."
}
]
},
@ -73,11 +73,6 @@
"version_affected": "<",
"version_name": "23.4",
"version_value": "23.4R1-S2, 23.4R2"
},
{
"version_affected": "<",
"version_name": "24.2",
"version_value": "24.2R2"
}
]
}
@ -120,11 +115,6 @@
"version_affected": "<",
"version_name": "23.4",
"version_value": "23.4R1-S2-EVO, 23.4R2-EVO"
},
{
"version_affected": "<",
"version_name": "24.2",
"version_value": "24.2R2-EVO"
}
]
}

75
2024/45xxx/CVE-2024-45519.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45519",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-45519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.zimbra.com/wiki/Security_Center",
"refsource": "MISC",
"name": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy",
"refsource": "MISC",
"name": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
}

18
2024/45xxx/CVE-2024-45844.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45844",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/47xxx/CVE-2024-47139.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47139",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

86
2024/47xxx/CVE-2024-47616.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47616",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token (JWT) signed by a key known by all Pomerium services in the same deployment. However, incomplete validation of this JWT meant that some service account access tokens would incorrectly be treated as valid for the purpose of databroker API authorization. Improper access to the databroker API could allow exfiltration of user info, spoofing of user sessions, or tampering with Pomerium routes, policies, and other settings. A Pomerium deployment is susceptible to this issue if all of the following conditions are met, you have issued a service account access token using Pomerium Zero or Pomerium Enterprise, the access token has an explicit expiration date in the future, and the core Pomerium databroker gRPC API is not otherwise secured by network access controls. This vulnerability is fixed in 0.27.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pomerium",
"product": {
"product_data": [
{
"product_name": "pomerium",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.27.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-r7rh-jww5-5fjr",
"refsource": "MISC",
"name": "https://github.com/pomerium/pomerium/security/advisories/GHSA-r7rh-jww5-5fjr"
},
{
"url": "https://github.com/pomerium/pomerium/commit/e018cf0fc0979d2abe25ff705db019feb7523444",
"refsource": "MISC",
"name": "https://github.com/pomerium/pomerium/commit/e018cf0fc0979d2abe25ff705db019feb7523444"
},
{
"url": "https://github.com/pomerium/pomerium/releases/tag/v0.27.1",
"refsource": "MISC",
"name": "https://github.com/pomerium/pomerium/releases/tag/v0.27.1"
}
]
},
"source": {
"advisory": "GHSA-r7rh-jww5-5fjr",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

18
2024/9xxx/CVE-2024-9450.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9450",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/9xxx/CVE-2024-9451.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9451",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}