admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-19 16:00:58 +00:00
parent 9cd1e41da3
commit cb2ee5d0f8
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 994 additions and 261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
2024/12xxx/CVE-2024-12786.json
View File

@ -1,17 +1,122 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-12786", "ID": "CVE-2024-12786",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. This product is not affiliated with the company Adobe."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in X1a0He Adobe Downloader bis 1.3.1 f\u00fcr macOS gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion shouldAcceptNewConnection der Datei com.x1a0he.macOS.Adobe-Downloader.helper der Komponente XPC Service. Durch das Manipulieren mit unbekannten Daten kann eine improper privilege management-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Privilege Management",
"cweId": "CWE-269"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "X1a0He",
"product": {
"product_data": [
{
"product_name": "Adobe Downloader",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.0"
},
{
"version_affected": "=",
"version_value": "1.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.288966",
"refsource": "MISC",
"name": "https://vuldb.com/?id.288966"
},
{
"url": "https://vuldb.com/?ctiid.288966",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.288966"
},
{
"url": "https://vuldb.com/?submit.464685",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.464685"
},
{
"url": "https://winslow1984.com/books/cve-collection/page/adobe-downloader-131-local-privilege-escalation",
"refsource": "MISC",
"name": "https://winslow1984.com/books/cve-collection/page/adobe-downloader-131-local-privilege-escalation"
}
]
},
"credits": [
{
"lang": "en",
"value": "winslow1984 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.8,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.8,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 6.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C"
} }
] ]
} }

114
2024/12xxx/CVE-2024-12787.json
View File

@ -1,17 +1,123 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-12787", "ID": "CVE-2024-12787",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/check_student_login.php. The manipulation of the argument student_emailid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In 1000 Projects Attendance Tracking Management System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /student/check_student_login.php. Durch Manipulieren des Arguments student_emailid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "1000 Projects",
"product": {
"product_data": [
{
"product_name": "Attendance Tracking Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.288967",
"refsource": "MISC",
"name": "https://vuldb.com/?id.288967"
},
{
"url": "https://vuldb.com/?ctiid.288967",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.288967"
},
{
"url": "https://vuldb.com/?submit.465082",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.465082"
},
{
"url": "https://github.com/AFK-cmd/CVE/issues/1",
"refsource": "MISC",
"name": "https://github.com/AFK-cmd/CVE/issues/1"
},
{
"url": "https://1000projects.org/",
"refsource": "MISC",
"name": "https://1000projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "AFK-cmd (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
} }
] ]
} }

122
2024/12xxx/CVE-2024-12798.json
View File

@ -1,18 +1,130 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-12798", "ID": "CVE-2024-12798",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "vulnerability@ncsc.ch",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core\n upto and including version 1.5.12 in Java applications allows\n attacker to execute arbitrary code by compromising an existing\n logback configuration file or by injecting an environment variable\n before program execution.\n\n\n\n\n\nMalicious logback configuration files can allow the attacker to execute \narbitrary code using the JaninoEventEvaluator extension.\n\n\n\nA successful attack requires the user to have write access to a \nconfiguration file. Alternatively, the attacker could inject a malicious \nenvironment variable pointing to a malicious configuration file. In both \ncases, the attack requires existing privilege."
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')",
"cweId": "CWE-917"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QOS.CH Sarl",
"product": {
"product_data": [
{
"product_name": "Logback-core",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.5.12",
"status": "affected",
"version": "0.9",
"versionType": "maven"
},
{
"status": "unaffected",
"version": "1.5.13",
"versionType": "maven"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://logback.qos.ch/news.html#1.5.13",
"refsource": "MISC",
"name": "https://logback.qos.ch/news.html#1.5.13"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Remove Janino from the Java classpath or update to logack version 1.5.13 or later. <br>"
}
],
"value": "Remove Janino from the Java classpath or update to logack version 1.5.13 or later."
}
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known exploitation<br>"
}
],
"value": "No known exploitation"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Remove Janino from the Java classpath or update to logack version 1.5.13 or later. \n\n<br>"
}
],
"value": "Remove Janino from the Java classpath or update to logack version 1.5.13 or later."
}
],
"credits": [
{
"lang": "en",
"value": "7asecurity"
}
]
} }

18
2024/12xxx/CVE-2024-12799.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12799",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12800.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12800",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

244
2024/26xxx/CVE-2024-26848.json
View File

@ -5,254 +5,14 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-26848", "ID": "CVE-2024-26848",
"ASSIGNER": "cve@kernel.org", "ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix endless loop in directory parsing\n\nIf a directory has a block with only \".__afsXXXX\" files in it (from\nuncompleted silly-rename), these .__afsXXXX files are skipped but without\nadvancing the file position in the dir_context. This leads to\nafs_dir_iterate() repeating the block again and again.\n\nFix this by making the code that skips the .__afsXXXX file also manually\nadvance the file position.\n\nThe symptoms are a soft lookup:\n\n watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737]\n ...\n RIP: 0010:afs_dir_iterate_block+0x39/0x1fd\n ...\n ? watchdog_timer_fn+0x1a6/0x213\n ...\n ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n ? afs_dir_iterate_block+0x39/0x1fd\n afs_dir_iterate+0x10a/0x148\n afs_readdir+0x30/0x4a\n iterate_dir+0x93/0xd3\n __do_sys_getdents64+0x6b/0xd4\n\nThis is almost certainly the actual fix for:\n\n https://bugzilla.kernel.org/show_bug.cgi?id=218496" "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "01d15b68f041",
"version_value": "5c78be006ed9"
},
{
"version_affected": "<",
"version_name": "8499e2f1218e",
"version_value": "96370ba395c5"
},
{
"version_affected": "<",
"version_name": "21a2115e0ca0",
"version_value": "80b15346492b"
},
{
"version_affected": "<",
"version_name": "ab49164c6080",
"version_value": "058ed71e0f7a"
},
{
"version_affected": "<",
"version_name": "a53411e805e0",
"version_value": "f67898867b6b"
},
{
"version_affected": "<",
"version_name": "fa70c6954aab",
"version_value": "fe02316e4933"
},
{
"version_affected": "<",
"version_name": "57e9d49c5452",
"version_value": "5f7a07646655"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.271",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.273",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.212",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.214",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.151",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.153",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.81",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.83",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.21",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.23",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.7.9",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.7.11",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.8.2",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5c78be006ed9cb735ac2abf4fd64f3f4ea26da31",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5c78be006ed9cb735ac2abf4fd64f3f4ea26da31"
},
{
"url": "https://git.kernel.org/stable/c/854ebf45a4ddd4cadeffb6644e88d19020634e1a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/854ebf45a4ddd4cadeffb6644e88d19020634e1a"
},
{
"url": "https://git.kernel.org/stable/c/96370ba395c572ef496fd2c7afc4a1ab3dedd3f0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/96370ba395c572ef496fd2c7afc4a1ab3dedd3f0"
},
{
"url": "https://git.kernel.org/stable/c/b94f434fe977689da4291dc21717790b9bd1c064",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/b94f434fe977689da4291dc21717790b9bd1c064"
},
{
"url": "https://git.kernel.org/stable/c/80b15346492bdba677bbb0adefc611910e505f7b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/80b15346492bdba677bbb0adefc611910e505f7b"
},
{
"url": "https://git.kernel.org/stable/c/a6ffae61ad9ebf2fdcb943135b2f30c85f49cd27",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a6ffae61ad9ebf2fdcb943135b2f30c85f49cd27"
},
{
"url": "https://git.kernel.org/stable/c/058ed71e0f7aa3b6694ca357e23d084e5d3f2470",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/058ed71e0f7aa3b6694ca357e23d084e5d3f2470"
},
{
"url": "https://git.kernel.org/stable/c/76426abf9b980b46983f97de8e5b25047b4c9863",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/76426abf9b980b46983f97de8e5b25047b4c9863"
},
{
"url": "https://git.kernel.org/stable/c/f67898867b6b0f4542cddc7fe57997978b948a7a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f67898867b6b0f4542cddc7fe57997978b948a7a"
},
{
"url": "https://git.kernel.org/stable/c/106e14ca55a0acb3236ee98813a1d243f8aa2d05",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/106e14ca55a0acb3236ee98813a1d243f8aa2d05"
},
{
"url": "https://git.kernel.org/stable/c/fe02316e4933befc621fa125efb8f8b4d04cceec",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fe02316e4933befc621fa125efb8f8b4d04cceec"
},
{
"url": "https://git.kernel.org/stable/c/9c41f4935625218a2053a2dce1423c3054169809",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9c41f4935625218a2053a2dce1423c3054169809"
},
{
"url": "https://git.kernel.org/stable/c/5f7a07646655fb4108da527565dcdc80124b14c4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5f7a07646655fb4108da527565dcdc80124b14c4"
},
{
"url": "https://git.kernel.org/stable/c/2afdd0cb02329464d77f3ec59468395c791a51a4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2afdd0cb02329464d77f3ec59468395c791a51a4"
}
]
},
"generator": {
"engine": "bippy-9e1c9544281a"
} }
} }

12
2024/48xxx/CVE-2024-48514.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below." "value": "php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6). An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below."
} }
] ]
}, },
@ -61,6 +61,16 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/marcoris/CVEs/tree/master/CVE-2024-48514", "name": "https://github.com/marcoris/CVEs/tree/master/CVE-2024-48514",
"url": "https://github.com/marcoris/CVEs/tree/master/CVE-2024-48514" "url": "https://github.com/marcoris/CVEs/tree/master/CVE-2024-48514"
},
{
"refsource": "MISC",
"name": "https://advisories.gitlab.com/pkg/composer/maestroerror/php-heic-to-jpg/CVE-2024-48514/",
"url": "https://advisories.gitlab.com/pkg/composer/maestroerror/php-heic-to-jpg/CVE-2024-48514/"
},
{
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-g8v9-c8m3-942v",
"url": "https://github.com/advisories/GHSA-g8v9-c8m3-942v"
} }
] ]
} }

25
2024/49xxx/CVE-2024-49203.json
View File

@ -71,6 +71,31 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/OpenFeign/querydsl/", "name": "https://github.com/OpenFeign/querydsl/",
"url": "https://github.com/OpenFeign/querydsl/" "url": "https://github.com/OpenFeign/querydsl/"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/OpenFeign/querydsl/releases/tag/5.6.1",
"url": "https://github.com/OpenFeign/querydsl/releases/tag/5.6.1"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/OpenFeign/querydsl/pull/742",
"url": "https://github.com/OpenFeign/querydsl/pull/742"
},
{
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-6q3q-6v5j-h6vg",
"url": "https://github.com/advisories/GHSA-6q3q-6v5j-h6vg"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/OpenFeign/querydsl/releases/tag/6.10.1",
"url": "https://github.com/OpenFeign/querydsl/releases/tag/6.10.1"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/OpenFeign/querydsl/pull/743",
"url": "https://github.com/OpenFeign/querydsl/pull/743"
} }
] ]
} }

520
2024/4xxx/CVE-2024-4109.json
View File

@ -657,6 +657,19 @@
] ]
} }
}, },
{
"product_name": "Red Hat JBoss Enterprise Application Platform 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{ {
"product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
"version": { "version": {
@ -1154,6 +1167,503 @@
] ]
} }
}, },
{
"product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.33.0-2.redhat_00016.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.0.2-1.redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.14.0-3.redhat_00007.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.0.1-3.redhat_00006.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:8.6.6-4.redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.0.0-2.Final_redhat_1.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:800.5.0-1.GA_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1:3.31.0-2.redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:5.0.0-5.redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.6.20-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:6.2.32-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.4.10-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.1.3-1.redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.0.2-1.redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.18.0-2.redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.0.0-3.redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:5.0.8-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.1.6-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:5.0.30-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:5.0.0-4.SP3_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:7.3.0-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.0.5-1.redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.0.1-1.redhat_00002.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:6.0.4-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.1.114-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.1.114-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.1.7-1.redhat_00002.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:6.2.11-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.3.18-1.SP1_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.2.8-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.1.6-3.redhat_1.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:8.0.5-3.GA_redhat_00002.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:2.2.7-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.0.3-2.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.0.4-1.redhat_00002.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat build of Apache Camel for Spring Boot 3", "product_name": "Red Hat build of Apache Camel for Spring Boot 3",
"version": { "version": {
@ -1330,6 +1840,16 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:11559" "name": "https://access.redhat.com/errata/RHSA-2024:11559"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2024:11560",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:11560"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:11570",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:11570"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2024-4109", "url": "https://access.redhat.com/security/cve/CVE-2024-4109",
"refsource": "MISC", "refsource": "MISC",

69
2024/9xxx/CVE-2024-9154.json
View File

@ -1,18 +1,77 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-9154", "ID": "CVE-2024-9154",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "office@cyberdanube.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 (#2633)."
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HMS Networks",
"product": {
"product_data": [
{
"product_name": "Ewon Flexy 205",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "14.8s0 (#2633)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cyberdanube.com/security-research/authenticated-remote-code-execution-in-ewon-flexy-205/",
"refsource": "MISC",
"name": "https://cyberdanube.com/security-research/authenticated-remote-code-execution-in-ewon-flexy-205/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Thomas Fankhauser (CyberDanube)"
}
]
} }