admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-31 16:00:32 +00:00
parent 5c7a888c87
commit d3a263acde
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
30 changed files with 909 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/36xxx/CVE-2020-36129.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2912&q=&can=1", "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2912&q=&can=1",
"refsource": "MISC", "refsource": "MISC",
"name": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2912&q=&can=1" "name": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2912&q=&can=1"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-32",
"url": "https://security.gentoo.org/glsa/202401-32"
} }
] ]
} }

5
2020/36xxx/CVE-2020-36130.json
View File

@ -66,6 +66,11 @@
"refsource": "DEBIAN", "refsource": "DEBIAN",
"name": "DSA-5490", "name": "DSA-5490",
"url": "https://www.debian.org/security/2023/dsa-5490" "url": "https://www.debian.org/security/2023/dsa-5490"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-32",
"url": "https://security.gentoo.org/glsa/202401-32"
} }
] ]
} }

5
2020/36xxx/CVE-2020-36131.json
View File

@ -66,6 +66,11 @@
"refsource": "DEBIAN", "refsource": "DEBIAN",
"name": "DSA-5490", "name": "DSA-5490",
"url": "https://www.debian.org/security/2023/dsa-5490" "url": "https://www.debian.org/security/2023/dsa-5490"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-32",
"url": "https://security.gentoo.org/glsa/202401-32"
} }
] ]
} }

5
2020/36xxx/CVE-2020-36133.json
View File

@ -66,6 +66,11 @@
"refsource": "DEBIAN", "refsource": "DEBIAN",
"name": "DSA-5490", "name": "DSA-5490",
"url": "https://www.debian.org/security/2023/dsa-5490" "url": "https://www.debian.org/security/2023/dsa-5490"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-32",
"url": "https://security.gentoo.org/glsa/202401-32"
} }
] ]
} }

5
2020/36xxx/CVE-2020-36134.json
View File

@ -56,6 +56,11 @@
"url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2914", "url": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2914",
"refsource": "MISC", "refsource": "MISC",
"name": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2914" "name": "https://bugs.chromium.org/p/aomedia/issues/detail?id=2914"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-32",
"url": "https://security.gentoo.org/glsa/202401-32"
} }
] ]
} }

5
2020/36xxx/CVE-2020-36135.json
View File

@ -66,6 +66,11 @@
"refsource": "DEBIAN", "refsource": "DEBIAN",
"name": "DSA-5490", "name": "DSA-5490",
"url": "https://www.debian.org/security/2023/dsa-5490" "url": "https://www.debian.org/security/2023/dsa-5490"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-32",
"url": "https://security.gentoo.org/glsa/202401-32"
} }
] ]
} }

5
2021/30xxx/CVE-2021-30473.json
View File

@ -76,6 +76,11 @@
"refsource": "DEBIAN", "refsource": "DEBIAN",
"name": "DSA-5490", "name": "DSA-5490",
"url": "https://www.debian.org/security/2023/dsa-5490" "url": "https://www.debian.org/security/2023/dsa-5490"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-32",
"url": "https://security.gentoo.org/glsa/202401-32"
} }
] ]
} }

5
2021/30xxx/CVE-2021-30474.json
View File

@ -71,6 +71,11 @@
"refsource": "DEBIAN", "refsource": "DEBIAN",
"name": "DSA-5490", "name": "DSA-5490",
"url": "https://www.debian.org/security/2023/dsa-5490" "url": "https://www.debian.org/security/2023/dsa-5490"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-32",
"url": "https://security.gentoo.org/glsa/202401-32"
} }
] ]
} }

5
2021/30xxx/CVE-2021-30475.json
View File

@ -76,6 +76,11 @@
"refsource": "DEBIAN", "refsource": "DEBIAN",
"name": "DSA-5490", "name": "DSA-5490",
"url": "https://www.debian.org/security/2023/dsa-5490" "url": "https://www.debian.org/security/2023/dsa-5490"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-32",
"url": "https://security.gentoo.org/glsa/202401-32"
} }
] ]
} }

10
2021/33xxx/CVE-2021-33630.json
View File

@ -114,6 +114,16 @@
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/10", "url": "http://www.openwall.com/lists/oss-security/2024/01/30/10",
"refsource": "MISC", "refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/30/10" "name": "http://www.openwall.com/lists/oss-security/2024/01/30/10"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/31/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/31/2"
} }
] ]
}, },

10
2021/33xxx/CVE-2021-33631.json
View File

@ -151,6 +151,16 @@
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/10", "url": "http://www.openwall.com/lists/oss-security/2024/01/30/10",
"refsource": "MISC", "refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/30/10" "name": "http://www.openwall.com/lists/oss-security/2024/01/30/10"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/31/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/31/2"
} }
] ]
}, },

5
2023/32xxx/CVE-2023-32359.json
View File

@ -68,6 +68,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1", "url": "http://www.openwall.com/lists/oss-security/2023/11/15/1",
"refsource": "MISC", "refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/11/15/1" "name": "http://www.openwall.com/lists/oss-security/2023/11/15/1"
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-33"
} }
] ]
} }

5
2023/35xxx/CVE-2023-35074.json
View File

@ -161,6 +161,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/" "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/"
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-33"
} }
] ]
} }

5
2023/39xxx/CVE-2023-39434.json
View File

@ -112,6 +112,11 @@
"url": "http://seclists.org/fulldisclosure/2023/Oct/3", "url": "http://seclists.org/fulldisclosure/2023/Oct/3",
"refsource": "MISC", "refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/3" "name": "http://seclists.org/fulldisclosure/2023/Oct/3"
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-33"
} }
] ]
} }

5
2023/39xxx/CVE-2023-39928.json
View File

@ -73,6 +73,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/" "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/"
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-33"
} }
] ]
}, },

5
2023/40xxx/CVE-2023-40451.json
View File

@ -68,6 +68,11 @@
"url": "http://seclists.org/fulldisclosure/2023/Oct/2", "url": "http://seclists.org/fulldisclosure/2023/Oct/2",
"refsource": "MISC", "refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2023/Oct/2" "name": "http://seclists.org/fulldisclosure/2023/Oct/2"
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-33"
} }
] ]
} }

5
2023/41xxx/CVE-2023-41074.json
View File

@ -166,6 +166,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/" "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/"
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-33"
} }
] ]
} }

5
2023/41xxx/CVE-2023-41983.json
View File

@ -147,6 +147,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/" "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/"
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-33"
} }
] ]
} }

5
2023/41xxx/CVE-2023-41993.json
View File

@ -58,6 +58,11 @@
"url": "https://support.apple.com/en-us/HT213940", "url": "https://support.apple.com/en-us/HT213940",
"refsource": "MISC", "refsource": "MISC",
"name": "https://support.apple.com/en-us/HT213940" "name": "https://support.apple.com/en-us/HT213940"
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-33"
} }
] ]
} }

5
2023/42xxx/CVE-2023-42852.json
View File

@ -191,6 +191,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/" "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/"
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-33"
} }
] ]
} }

5
2023/42xxx/CVE-2023-42890.json
View File

@ -156,6 +156,11 @@
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/1", "url": "http://www.openwall.com/lists/oss-security/2023/12/18/1",
"refsource": "MISC", "refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/12/18/1" "name": "http://www.openwall.com/lists/oss-security/2023/12/18/1"
},
{
"url": "https://security.gentoo.org/glsa/202401-33",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-33"
} }
] ]
} }

107
2023/6xxx/CVE-2023-6816.json
View File

@ -99,6 +99,14 @@
{ {
"version_value": "not down converted", "version_value": "not down converted",
"x_cve_json_5_version_data": { "x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.8.0-31.el7_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected" "defaultStatus": "affected"
} }
} }
@ -138,6 +146,69 @@
] ]
} }
}, },
{
"product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.9.0-15.el8_2.9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.9.0-15.el8_2.9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.9.0-15.el8_2.9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"version": { "version": {
@ -297,6 +368,27 @@
] ]
} }
}, },
{
"product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.12.0-14.el9_2.5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat Enterprise Linux 6", "product_name": "Red Hat Enterprise Linux 6",
"version": { "version": {
@ -385,11 +477,26 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0614" "name": "https://access.redhat.com/errata/RHSA-2024:0614"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2024:0617",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0617"
},
{ {
"url": "https://access.redhat.com/errata/RHSA-2024:0621", "url": "https://access.redhat.com/errata/RHSA-2024:0621",
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0621" "name": "https://access.redhat.com/errata/RHSA-2024:0621"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2024:0626",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0626"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0629",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0629"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2023-6816", "url": "https://access.redhat.com/security/cve/CVE-2023-6816",
"refsource": "MISC", "refsource": "MISC",

99
2024/0xxx/CVE-2024-0219.json
View File

@ -1,17 +1,108 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-0219", "ID": "CVE-2024-0219",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@progress.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Progress Software",
"product": {
"product_data": [
{
"product_name": "Telerik JustDecompile",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "2024 R1",
"status": "affected",
"version": "RC2012.1",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.telerik.com/devcraft",
"refsource": "MISC",
"name": "https://www.telerik.com/devcraft"
},
{
"url": "https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability",
"refsource": "MISC",
"name": "https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "HackerOne - hackandpwn"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

53
2024/0xxx/CVE-2024-0553.json
View File

@ -60,6 +60,41 @@
"vendor_name": "Red Hat", "vendor_name": "Red Hat",
"product": { "product": {
"product_data": [ "product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.6.16-8.el8_9.1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:3.6.16-8.el8_9.1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{ {
"product_name": "Red Hat Enterprise Linux 9", "product_name": "Red Hat Enterprise Linux 9",
"version": { "version": {
@ -120,19 +155,6 @@
} }
] ]
} }
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
} }
] ]
} }
@ -172,6 +194,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0533" "name": "https://access.redhat.com/errata/RHSA-2024:0533"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2024:0627",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0627"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2024-0553", "url": "https://access.redhat.com/security/cve/CVE-2024-0553",
"refsource": "MISC", "refsource": "MISC",

99
2024/0xxx/CVE-2024-0832.json
View File

@ -1,17 +1,108 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-0832", "ID": "CVE-2024-0832",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@progress.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Progress Software",
"product": {
"product_data": [
{
"product_name": "Telerik Reporting",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "2024 R1",
"status": "affected",
"version": "1.0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.telerik.com/devcraft",
"refsource": "MISC",
"name": "https://www.telerik.com/devcraft"
},
{
"url": "https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability",
"refsource": "MISC",
"name": "https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "HackerOne - hackandpwn"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

99
2024/0xxx/CVE-2024-0833.json
View File

@ -1,17 +1,108 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-0833", "ID": "CVE-2024-0833",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@progress.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In Telerik Test Studio versions prior to \n\nv2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Progress Software",
"product": {
"product_data": [
{
"product_name": "Telerik Test Studio",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "v2023.3.1330",
"status": "affected",
"version": "2011.0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.telerik.com/devcraft",
"refsource": "MISC",
"name": "https://www.telerik.com/devcraft"
},
{
"url": "https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability",
"refsource": "MISC",
"name": "https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "HackerOne - hackandpwn"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

95
2024/1xxx/CVE-2024-1103.json
View File

@ -1,17 +1,104 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-1103", "ID": "CVE-2024-1103",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the component Feedback Form. The manipulation of the argument Your Feedback with the input <img src=x onerror=alert(document.cookie)> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252458 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in CodeAstro Real Estate Management System 1.0 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei profile.php der Komponente Feedback Form. Durch Manipulieren des Arguments Your Feedback mit der Eingabe <img src=x onerror=alert(document.cookie)> mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CodeAstro",
"product": {
"product_data": [
{
"product_name": "Real Estate Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.252458",
"refsource": "MISC",
"name": "https://vuldb.com/?id.252458"
},
{
"url": "https://vuldb.com/?ctiid.252458",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.252458"
},
{
"url": "https://docs.google.com/document/d/18M55HRrxHQ9Jhph6CwWF-d5epAKtOSHt/edit?usp=drive_link&ouid=105609487033659389545&rtpof=true&sd=true",
"refsource": "MISC",
"name": "https://docs.google.com/document/d/18M55HRrxHQ9Jhph6CwWF-d5epAKtOSHt/edit?usp=drive_link&ouid=105609487033659389545&rtpof=true&sd=true"
}
]
},
"credits": [
{
"lang": "en",
"value": "Thrill_comrade (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
} }
] ]
} }

85
2024/23xxx/CVE-2024-23502.json
View File

@ -1,17 +1,94 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-23502", "ID": "CVE-2024-23502",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "audit@patchstack.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in InfornWeb Posts List Designer by Category \u2013 List Category Posts Or Recent Posts allows Stored XSS.This issue affects Posts List Designer by Category \u2013 List Category Posts Or Recent Posts: from n/a through 3.3.2.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "InfornWeb",
"product": {
"product_data": [
{
"product_name": "Posts List Designer by Category \u2013 List Category Posts Or Recent Posts",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "3.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/post-list-designer/wordpress-posts-list-designer-by-category-plugin-3-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/post-list-designer/wordpress-posts-list-designer-by-category-plugin-3-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "NG\u00d4 THI\u00caN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
} }
] ]
} }

85
2024/23xxx/CVE-2024-23505.json
View File

@ -1,17 +1,94 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-23505", "ID": "CVE-2024-23505",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "audit@patchstack.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive PDF Viewer & 3D PDF Flipbook \u2013 DearPDF allows Stored XSS.This issue affects PDF Viewer & 3D PDF Flipbook \u2013 DearPDF: from n/a through 2.0.38.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "DearHive",
"product": {
"product_data": [
{
"product_name": "PDF Viewer & 3D PDF Flipbook \u2013 DearPDF",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "2.0.38"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/dearpdf-lite/wordpress-pdf-viewer-3d-pdf-flipbook-dearpdf-plugin-2-0-38-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/dearpdf-lite/wordpress-pdf-viewer-3d-pdf-flipbook-dearpdf-plugin-2-0-38-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "NG\u00d4 THI\u00caN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
} }
] ]
} }

113
2024/23xxx/CVE-2024-23508.json
View File

@ -1,17 +1,122 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-23508", "ID": "CVE-2024-23508",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "audit@patchstack.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster \u2013 PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster \u2013 PDF Embedder Plugin for WordPress: from n/a through 2.1.17.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "bPlugins",
"product": {
"product_data": [
{
"product_name": "PDF Poster \u2013 PDF Embedder Plugin for WordPress",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "2.1.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.17",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/pdf-poster/wordpress-pdf-poster-plugin-2-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/pdf-poster/wordpress-pdf-poster-plugin-2-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;2.1.18 or a higher version."
}
],
"value": "Update to\u00a02.1.18 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Le Ngoc Anh (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
} }
] ]
} }