admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-02-27 16:00:37 +00:00
parent b249fd68b9
commit c33fa43c9b
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
20 changed files with 1106 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/51xxx/CVE-2023-51747.json
View File

@ -74,6 +74,11 @@
"url": "https://lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydko",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/rxkwbkh9vgbl9rzx1fkllyk3krhgydko"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/27/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/02/27/4"
}
]
},

105
2024/1xxx/CVE-2024-1403.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1403",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@progress.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.\u00a0 The\nvulnerability is a bypass to authentication based on a failure to properly\nhandle username and password. Certain unexpected\ncontent passed into the credentials can lead to unauthorized access without proper\nauthentication. \u00a0 \n\n\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305: Authentication Bypass by Primary Weakness",
"cweId": "CWE-305"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Progress",
"product": {
"product_data": [
{
"product_name": "OpenEdge",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "11.7.19",
"status": "affected",
"version": "11.7.0",
"versionType": "semver"
},
{
"lessThan": "12.2.14",
"status": "affected",
"version": "12.2.0",
"versionType": "semver"
},
{
"lessThan": "12.8.1",
"status": "affected",
"version": "12.8.0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.progress.com/openedge",
"refsource": "MISC",
"name": "https://www.progress.com/openedge"
},
{
"url": "https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer",
"refsource": "MISC",
"name": "https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

8
2024/1xxx/CVE-2024-1423.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1423",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** Accidental Request"
}
]
}

103
2024/1xxx/CVE-2024-1921.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Affected is an unknown function of the file /app/controller/Setup.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254856."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in osuuu LightPicture bis 1.2.2 gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /app/controller/Setup.php. Durch Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "osuuu",
"product": {
"product_data": [
{
"product_name": "LightPicture",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.2.0"
},
{
"version_affected": "=",
"version_value": "1.2.1"
},
{
"version_affected": "=",
"version_value": "1.2.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.254856",
"refsource": "MISC",
"name": "https://vuldb.com/?id.254856"
},
{
"url": "https://vuldb.com/?ctiid.254856",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.254856"
},
{
"url": "https://note.zhaoj.in/share/FeCRflSHPLbj",
"refsource": "MISC",
"name": "https://note.zhaoj.in/share/FeCRflSHPLbj"
}
]
},
"credits": [
{
"lang": "en",
"value": "glzjin (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.7,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
}
]
}

100
2024/1xxx/CVE-2024-1922.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1922",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254857 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In SourceCodester Online Job Portal 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /Employer/ManageJob.php der Komponente Manage Job Page. Durch das Beeinflussen des Arguments Qualification/Description mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Online Job Portal",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.254857",
"refsource": "MISC",
"name": "https://vuldb.com/?id.254857"
},
{
"url": "https://vuldb.com/?ctiid.254857",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.254857"
},
{
"url": "https://prnt.sc/zw3SnPnfpKGu",
"refsource": "MISC",
"name": "https://prnt.sc/zw3SnPnfpKGu"
},
{
"url": "https://prnt.sc/WD3nof5FsEBv",
"refsource": "MISC",
"name": "https://prnt.sc/WD3nof5FsEBv"
}
]
},
"credits": [
{
"lang": "en",
"value": "ahmed8199 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

95
2024/1xxx/CVE-2024-1923.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1923",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input 1337'+or+1=1;--+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254858 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in SourceCodester Simple Student Attendance System 1.0 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion delete_class der Datei /ajax-api.php der Komponente List of Classes Page. Durch Beeinflussen des Arguments id mit der Eingabe 1337'+or+1=1;--+ mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Simple Student Attendance System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.254858",
"refsource": "MISC",
"name": "https://vuldb.com/?id.254858"
},
{
"url": "https://vuldb.com/?ctiid.254858",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.254858"
},
{
"url": "https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BSimple%20Student%20Attendance%20System%20using%20PHP%20and%20MySQL%5D%20SQLi%20on%20ajax-api.php%3Faction=delete_class.md",
"refsource": "MISC",
"name": "https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BSimple%20Student%20Attendance%20System%20using%20PHP%20and%20MySQL%5D%20SQLi%20on%20ajax-api.php%3Faction=delete_class.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "reiginald (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2024/1xxx/CVE-2024-1935.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1935",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/1xxx/CVE-2024-1936.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1936",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2024/21xxx/CVE-2024-21484.json
View File

@ -120,6 +120,11 @@
"url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0",
"refsource": "MISC",
"name": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
},
{
"url": "https://people.redhat.com/~hkario/marvin/",
"refsource": "MISC",
"name": "https://people.redhat.com/~hkario/marvin/"
}
]
},

61
2024/25xxx/CVE-2024-25398.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25398",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-25398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://sourceforge.net/projects/socks-relay/",
"refsource": "MISC",
"name": "https://sourceforge.net/projects/socks-relay/"
},
{
"refsource": "MISC",
"name": "https://github.com/Nivedita-22/SRELAY-exploit-writeup/blob/main/Srelay.md",
"url": "https://github.com/Nivedita-22/SRELAY-exploit-writeup/blob/main/Srelay.md"
}
]
}

56
2024/25xxx/CVE-2024-25399.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25399",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-25399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cwe.mitre.org/data/definitions/79",
"refsource": "MISC",
"name": "https://cwe.mitre.org/data/definitions/79"
}
]
}

66
2024/25xxx/CVE-2024-25400.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25400",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-25400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://subrion.org/",
"refsource": "MISC",
"name": "https://subrion.org/"
},
{
"url": "https://cwe.mitre.org/data/definitions/89.html",
"refsource": "MISC",
"name": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"refsource": "MISC",
"name": "https://github.com/intelliants/subrion/issues/910",
"url": "https://github.com/intelliants/subrion/issues/910"
}
]
}

76
2024/25xxx/CVE-2024-25723.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25723",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-25723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/zenml-io/zenml",
"refsource": "MISC",
"name": "https://github.com/zenml-io/zenml"
},
{
"refsource": "CONFIRM",
"name": "https://www.zenml.io/blog/critical-security-update-for-zenml-users",
"url": "https://www.zenml.io/blog/critical-security-update-for-zenml-users"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4",
"url": "https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1",
"url": "https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2",
"url": "https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2"
}
]
}

91
2024/26xxx/CVE-2024-26142.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-26142",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333: Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rails",
"product": {
"product_data": [
{
"product_name": "rails",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 7.1.0, < 7.1.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq",
"refsource": "MISC",
"name": "https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq"
},
{
"url": "https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272",
"refsource": "MISC",
"name": "https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272"
},
{
"url": "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946",
"refsource": "MISC",
"name": "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml",
"refsource": "MISC",
"name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml"
}
]
},
"source": {
"advisory": "GHSA-jjhx-jhvp-74wq",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

100
2024/26xxx/CVE-2024-26143.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-26143",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in \"_html\", a :default key which contains untrusted user input, and the resulting string is used in a view, may be susceptible to an XSS vulnerability. The vulnerability is fixed in 7.1.3.1 and 7.0.8.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rails",
"product": {
"product_data": [
{
"product_name": "rails",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 7.0.0, < 7.0.8.1"
},
{
"version_affected": "=",
"version_value": ">= 7.1.0, < 7.1.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4",
"refsource": "MISC",
"name": "https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4"
},
{
"url": "https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc",
"refsource": "MISC",
"name": "https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc"
},
{
"url": "https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e",
"refsource": "MISC",
"name": "https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e"
},
{
"url": "https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947",
"refsource": "MISC",
"name": "https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml",
"refsource": "MISC",
"name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml"
}
]
},
"source": {
"advisory": "GHSA-9822-6m93-xqf4",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

100
2024/26xxx/CVE-2024-26144.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-26144",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rails",
"product": {
"product_data": [
{
"product_name": "rails",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 5.2.0, < 6.1.7.7"
},
{
"version_affected": "=",
"version_value": ">= 7.0.0, < 7.0.8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g",
"refsource": "MISC",
"name": "https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g"
},
{
"url": "https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433",
"refsource": "MISC",
"name": "https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433"
},
{
"url": "https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3",
"refsource": "MISC",
"name": "https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3"
},
{
"url": "https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945",
"refsource": "MISC",
"name": "https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml",
"refsource": "MISC",
"name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml"
}
]
},
"source": {
"advisory": "GHSA-8h22-8cf7-hq6g",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

56
2024/26xxx/CVE-2024-26464.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-26464",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-26464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "net-snmp 5.9.4 contains a memory leak vulnerability in /net-snmp/apps/snmpvacm.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LuMingYinDetect/net-snmp_defects/blob/main/net-snmp_detect_1.md",
"refsource": "MISC",
"name": "https://github.com/LuMingYinDetect/net-snmp_defects/blob/main/net-snmp_detect_1.md"
}
]
}

56
2024/27xxx/CVE-2024-27507.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27507",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-27507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LuMingYinDetect/libLAS_defects/blob/main/libLAS_detect_1.md",
"refsource": "MISC",
"name": "https://github.com/LuMingYinDetect/libLAS_defects/blob/main/libLAS_detect_1.md"
}
]
}

56
2024/27xxx/CVE-2024-27508.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-27508",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-27508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LuMingYinDetect/Atheme_defects/blob/main/Atheme_detect_1.md",
"refsource": "MISC",
"name": "https://github.com/LuMingYinDetect/Atheme_defects/blob/main/Atheme_detect_1.md"
}
]
}

5
2024/27xxx/CVE-2024-27905.json
View File

@ -59,6 +59,11 @@
"url": "https://lists.apache.org/thread/564kbv3wqdzkscmdn2bg4vlk48qymryp",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/564kbv3wqdzkscmdn2bg4vlk48qymryp"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/27/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/02/27/3"
}
]
},