admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-28 02:00:56 +00:00
parent 6776e96cc2
commit d9a6333ca0
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 497 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
2024/22xxx/CVE-2024-22315.json
View File

@ -1,17 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22315",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"cweId": "CWE-923"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.3.0",
"version_value": "2.8.2"
}
]
}
},
{
"product_name": "Fusion HCI",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.3.0",
"version_value": "2.8.2"
}
]
}
},
{
"product_name": "Fusion HCI for watsonx",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.8.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7179168",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7179168"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

92
2024/45xxx/CVE-2024-45336.json
View File

@ -1,18 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45336",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-116: Improper Encoding or Escaping of Output"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go standard library",
"product": {
"product_data": [
{
"product_name": "net/http",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.22.11"
},
{
"version_affected": "<",
"version_name": "1.23.0-0",
"version_value": "1.23.5"
},
{
"version_affected": "<",
"version_name": "1.24.0-0",
"version_value": "1.24.0-rc2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/cl/643100",
"refsource": "MISC",
"name": "https://go.dev/cl/643100"
},
{
"url": "https://go.dev/issue/70530",
"refsource": "MISC",
"name": "https://go.dev/issue/70530"
},
{
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"url": "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-3420",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2025-3420"
}
]
},
"credits": [
{
"lang": "en",
"value": "Kyle Seely"
}
]
}

86
2024/45xxx/CVE-2024-45339.json
View File

@ -1,18 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45339",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "github.com/golang/glog",
"product": {
"product_data": [
{
"product_name": "github.com/golang/glog",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.2.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2",
"refsource": "MISC",
"name": "https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2"
},
{
"url": "https://github.com/golang/glog/pull/74",
"refsource": "MISC",
"name": "https://github.com/golang/glog/pull/74"
},
{
"url": "https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs"
},
{
"url": "https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File",
"refsource": "MISC",
"name": "https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-3372",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2025-3372"
}
]
},
"credits": [
{
"lang": "en",
"value": "Josh McSavaney"
},
{
"lang": "en",
"value": "G\u00fcnther Noack"
}
]
}

77
2024/45xxx/CVE-2024-45340.json
View File

@ -1,18 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45340",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-201: Insertion of Sensitive Information Into Sent Data"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go toolchain",
"product": {
"product_data": [
{
"product_name": "cmd/go",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.24.0-0",
"version_value": "1.24.0-rc2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/cl/643097",
"refsource": "MISC",
"name": "https://go.dev/cl/643097"
},
{
"url": "https://go.dev/issue/71249",
"refsource": "MISC",
"name": "https://go.dev/issue/71249"
},
{
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-3383",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2025-3383"
}
]
},
"credits": [
{
"lang": "en",
"value": "Juho Fors\u00e9n of Mattermost"
}
]
}

92
2024/45xxx/CVE-2024-45341.json
View File

@ -1,18 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45341",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go standard library",
"product": {
"product_data": [
{
"product_name": "crypto/x509",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.22.11"
},
{
"version_affected": "<",
"version_name": "1.23.0-0",
"version_value": "1.23.5"
},
{
"version_affected": "<",
"version_name": "1.24.0-0",
"version_value": "1.24.0-rc2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/cl/643099",
"refsource": "MISC",
"name": "https://go.dev/cl/643099"
},
{
"url": "https://go.dev/issue/71156",
"refsource": "MISC",
"name": "https://go.dev/issue/71156"
},
{
"url": "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ"
},
{
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-3373",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2025-3373"
}
]
},
"credits": [
{
"lang": "en",
"value": "Juho Fors\u00e9n of Mattermost"
}
]
}

77
2025/22xxx/CVE-2025-22865.json
View File

@ -1,18 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22865",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@golang.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-228: Improper Handling of Syntactically Invalid Structure"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go standard library",
"product": {
"product_data": [
{
"product_name": "crypto/x509",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.24.0-0",
"version_value": "1.24.0-rc2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/cl/643098",
"refsource": "MISC",
"name": "https://go.dev/cl/643098"
},
{
"url": "https://go.dev/issue/71216",
"refsource": "MISC",
"name": "https://go.dev/issue/71216"
},
{
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-3421",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2025-3421"
}
]
},
"credits": [
{
"lang": "en",
"value": "Philippe Antoine (Catena cyber)"
}
]
}