admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-03 20:00:36 +00:00
parent c15fba405c
commit c8ddec2baf
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
15 changed files with 614 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/52xxx/CVE-2023-52168.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2024/07/03/10",
"url": "https://www.openwall.com/lists/oss-security/2024/07/03/10"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20240703 CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver",
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/10"
}
]
}

5
2023/52xxx/CVE-2023-52169.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2024/07/03/10",
"url": "https://www.openwall.com/lists/oss-security/2024/07/03/10"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20240703 CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver",
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/10"
}
]
}

2
2024/29xxx/CVE-2024-29508.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Artifex Ghostscript before 10.0.3.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc."
"value": "Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc."
}
]
},

88
2024/34xxx/CVE-2024-34750.json
View File

@ -1,18 +1,96 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34750",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.\n\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions",
"cweId": "CWE-755"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "11.0.0-M1",
"version_value": "11.0.0-M20"
},
{
"version_affected": "<=",
"version_name": "10.1.0-M1",
"version_value": "10.1.24"
},
{
"version_affected": "<=",
"version_name": "9.0.0-M1",
"version_value": "9.0.89"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "devme4f from VNPT-VCI"
}
]
}

94
2024/36xxx/CVE-2024-36113.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36113",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "stable < 3.2.3"
},
{
"version_affected": "=",
"version_value": "tests-passed < 3.3.0.beta4-dev"
},
{
"version_affected": "=",
"version_value": "beta < 3.3.0.beta3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-3w3f-76p7-3c4g",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-3w3f-76p7-3c4g"
},
{
"url": "https://github.com/discourse/discourse/commit/8470546f59b04bd82ce9b711406758fd5439936d",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/8470546f59b04bd82ce9b711406758fd5439936d"
},
{
"url": "https://github.com/discourse/discourse/commit/9c4a5f39d3ad351410a1453ff5e5f7ffce17cd7e",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/9c4a5f39d3ad351410a1453ff5e5f7ffce17cd7e"
}
]
},
"source": {
"advisory": "GHSA-3w3f-76p7-3c4g",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

94
2024/36xxx/CVE-2024-36122.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36122",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses setting is disabled. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. As possible workarounds, either prevent moderators from accessing the review queue or disable the approve suspect users site setting and the must approve users site setting to prevent users from being added to the review queue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "stable < 3.2.3"
},
{
"version_affected": "=",
"version_value": "beta < 3.3.0.beta4"
},
{
"version_affected": "=",
"version_value": "tests-passed < 3.3.0.beta4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rr93-hcw4-cv3f",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-rr93-hcw4-cv3f"
},
{
"url": "https://github.com/discourse/discourse/commit/8d5b21170efa4766e1a213ff07dc36d36cf3dfb4",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/8d5b21170efa4766e1a213ff07dc36d36cf3dfb4"
},
{
"url": "https://github.com/discourse/discourse/commit/e2a7265dba3d9e943338db21ca38c50276b22f47",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/e2a7265dba3d9e943338db21ca38c50276b22f47"
}
]
},
"source": {
"advisory": "GHSA-rr93-hcw4-cv3f",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

94
2024/37xxx/CVE-2024-37157.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37157",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "discourse",
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "stable < 3.2.3"
},
{
"version_affected": "=",
"version_value": "beta < 3.3.0.beta4"
},
{
"version_affected": "=",
"version_value": "tests-passed < 3.3.0.beta4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-46pq-7958-fc68",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-46pq-7958-fc68"
},
{
"url": "https://github.com/discourse/discourse/commit/5b8cf11b69e05d5c058c1148ec69ec309491fa6e",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/5b8cf11b69e05d5c058c1148ec69ec309491fa6e"
},
{
"url": "https://github.com/discourse/discourse/commit/67e78086035cec494b15ce79342a0cb9052c2d95",
"refsource": "MISC",
"name": "https://github.com/discourse/discourse/commit/67e78086035cec494b15ce79342a0cb9052c2d95"
}
]
},
"source": {
"advisory": "GHSA-46pq-7958-fc68",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
]
}

129
2024/39xxx/CVE-2024-39683.json
View File

@ -1,17 +1,138 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39683",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent (browser). Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information (e.g. when created though the session service) were incorrectly listed exposing potentially other user's sessions. Versions 2.55.1, 2.54.5, and 2.53.8 contain a fix for the issue. There is no workaround since a patch is already available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zitadel",
"product": {
"product_data": [
{
"product_name": "zitadel",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "= 2.55.0"
},
{
"version_affected": "=",
"version_value": ">= 2.54.0, < 2.54.5"
},
{
"version_affected": "=",
"version_value": ">= 2.53.0, < 2.53.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-cvw9-c57h-3397",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-cvw9-c57h-3397"
},
{
"url": "https://github.com/zitadel/zitadel/issues/8213",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/issues/8213"
},
{
"url": "https://github.com/zitadel/zitadel/pull/8231",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/pull/8231"
},
{
"url": "https://github.com/zitadel/zitadel/commit/4a262e42abac2208b02fefaf68ba1a5121649f04",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/4a262e42abac2208b02fefaf68ba1a5121649f04"
},
{
"url": "https://github.com/zitadel/zitadel/commit/c2093ce01507ca8fc811609ff5d391693360c3da",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/c2093ce01507ca8fc811609ff5d391693360c3da"
},
{
"url": "https://github.com/zitadel/zitadel/commit/d04f208486a418a45b884b9ca8433e5ad9790d73",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/d04f208486a418a45b884b9ca8433e5ad9790d73"
},
{
"url": "https://discord.com/channels/927474939156643850/1254096852937347153",
"refsource": "MISC",
"name": "https://discord.com/channels/927474939156643850/1254096852937347153"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.53.8",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.53.8"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.54.5",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.54.5"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.55.1",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.55.1"
}
]
},
"source": {
"advisory": "GHSA-cvw9-c57h-3397",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

5
2024/39xxx/CVE-2024-39844.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2024/07/03/9",
"url": "https://www.openwall.com/lists/oss-security/2024/07/03/9"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20240703 CVE-2024-39844: ZNC modtcl RCE",
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/9"
}
]
}

30
2024/6xxx/CVE-2024-6387.json
View File

@ -276,6 +276,36 @@
"url": "https://www.theregister.com/2024/07/01/regresshion_openssh/",
"refsource": "MISC",
"name": "https://www.theregister.com/2024/07/01/regresshion_openssh/"
},
{
"url": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/",
"refsource": "MISC",
"name": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/"
},
{
"url": "https://github.com/microsoft/azurelinux/issues/9555",
"refsource": "MISC",
"name": "https://github.com/microsoft/azurelinux/issues/9555"
},
{
"url": "https://github.com/Azure/AKS/issues/4379",
"refsource": "MISC",
"name": "https://github.com/Azure/AKS/issues/4379"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249",
"refsource": "MISC",
"name": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249"
},
{
"url": "https://github.com/AlmaLinux/updates/issues/629",
"refsource": "MISC",
"name": "https://github.com/AlmaLinux/updates/issues/629"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248",
"refsource": "MISC",
"name": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248"
}
]
},

18
2024/6xxx/CVE-2024-6492.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6492",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6493.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6493",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6494.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6495.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6495",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6496.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6496",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}