admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-04 13:00:35 +00:00
parent 2cbbadd10e
commit dc81accd70
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
36 changed files with 2281 additions and 442 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
2023/51xxx/CVE-2023-51511.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-51511",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pluggabl LLC",
"product": {
"product_data": [
{
"product_name": "Booster Elite for WooCommerce",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "7.1.3",
"status": "unaffected"
}
],
"lessThan": "7.1.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-3-authenticated-production-creation-modification-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-3-authenticated-production-creation-modification-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 7.1.3 or a higher version."
}
],
"value": "Update to 7.1.3 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Dave Jong (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

113
2023/51xxx/CVE-2023-51542.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-51542",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through 3.4.14."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing",
"cweId": "CWE-290"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WPMU DEV",
"product": {
"product_data": [
{
"product_name": "Branda",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.4.15",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.4.14",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/branda-white-labeling/wordpress-branda-plugin-3-4-14-ip-restriction-bypass-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/branda-white-labeling/wordpress-branda-plugin-3-4-14-ip-restriction-bypass-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.4.15 or a higher version."
}
],
"value": "Update to 3.4.15 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Brandon Roldan (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

113
2023/51xxx/CVE-2023-51543.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-51543",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.2.5.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing",
"cweId": "CWE-290"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Metagauss",
"product": {
"product_data": [
{
"product_name": "RegistrationMagic",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "5.2.5.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.2.5.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-0-ip-limit-bypass-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-0-ip-limit-bypass-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 5.2.5.1 or a higher version."
}
],
"value": "Update to 5.2.5.1 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Brandon Roldan (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

113
2023/51xxx/CVE-2023-51544.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-51544",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-799 Improper Control of Interaction Frequency",
"cweId": "CWE-799"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Metagauss",
"product": {
"product_data": [
{
"product_name": "RegistrationMagic",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "5.2.5.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.2.5.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-0-form-submission-limit-bypass-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-0-form-submission-limit-bypass-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 5.2.5.1 or a higher version."
}
],
"value": "Update to 5.2.5.1 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Kyle Sanchez (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

113
2023/51xxx/CVE-2023-51667.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-51667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authentication Bypass by Spoofing vulnerability in FeedbackWP Rate my Post \u2013 WP Rating System allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Rate my Post \u2013 WP Rating System: from n/a through 3.4.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing",
"cweId": "CWE-290"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FeedbackWP",
"product": {
"product_data": [
{
"product_name": "Rate my Post \u2013 WP Rating System",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.4.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.4.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-2-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/rate-my-post/wordpress-rate-my-post-wp-rating-system-plugin-3-4-2-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.4.3 or a higher version."
}
],
"value": "Update to 3.4.3 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Brandon Roldan (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

113
2023/52xxx/CVE-2023-52147.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52147",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects All In One WP Security & Firewall: from n/a through 5.2.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "All In One WP Security & Firewall Team",
"product": {
"product_data": [
{
"product_name": "All In One WP Security & Firewall",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "5.2.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.2.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/all-in-one-wp-security-and-firewall/wordpress-all-in-one-security-aios-plugin-5-2-4-secret-login-page-location-disclosure-on-multisites-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/all-in-one-wp-security-and-firewall/wordpress-all-in-one-security-aios-plugin-5-2-4-secret-login-page-location-disclosure-on-multisites-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 5.2.5 or a higher version."
}
],
"value": "Update to 5.2.5 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Naveen Muthusamy (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

113
2023/52xxx/CVE-2023-52176.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52176",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing",
"cweId": "CWE-290"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "miniorange",
"product": {
"product_data": [
{
"product_name": "Malware Scanner",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "4.7.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.7.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/miniorange-malware-protection/wordpress-malware-scanner-plugin-4-7-1-ip-restriction-bypass-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/miniorange-malware-protection/wordpress-malware-scanner-plugin-4-7-1-ip-restriction-bypass-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.7.2 or a higher version."
}
],
"value": "Update to 4.7.2 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Brandon Roldan (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

133
2024/25xxx/CVE-2024-25600.json
View File

@ -1,17 +1,142 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Codeer Limited",
"product": {
"product_data": [
{
"product_name": "Bricks Builder",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "1.9.6.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.9.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/bricks/wordpress-bricks-theme-1-9-6-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/bricks/wordpress-bricks-theme-1-9-6-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve"
},
{
"url": "https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6",
"refsource": "MISC",
"name": "https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6"
},
{
"url": "https://patchstack.com/articles/critical-rce-patched-in-bricks-builder-theme?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/articles/critical-rce-patched-in-bricks-builder-theme?_s_id=cve"
},
{
"url": "https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT",
"refsource": "MISC",
"name": "https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT"
},
{
"url": "https://github.com/Chocapikk/CVE-2024-25600",
"refsource": "MISC",
"name": "https://github.com/Chocapikk/CVE-2024-25600"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.9.6.1 or a higher version."
}
],
"value": "Update to 1.9.6.1 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Snicco (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2024/29xxx/CVE-2024-29170.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29170",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@dell.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "PowerScale OneFS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "8.2.x",
"version_value": "9.8.0.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000225667/dsa-2024-210-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities",
"refsource": "MISC",
"name": "https://www.dell.com/support/kbdoc/en-us/000225667/dsa-2024-210-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
]
}

242
2024/35xxx/CVE-2024-35812.json
View File

@ -5,252 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-35812",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-wdm: close race between read and workqueue\n\nwdm_read() cannot race with itself. However, in\nservice_outstanding_interrupt() it can race with the\nworkqueue, which can be triggered by error handling.\n\nHence we need to make sure that the WDM_RESPONDING\nflag is not just only set but tested."
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "afba937e540c",
"version_value": "590441121960"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "2.6.26",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.26",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.312",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.313",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.274",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.275",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.215",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.216",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.154",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.157",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.84",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.88",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.24",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.29",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.12",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.3",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.8",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5904411219601127ffdbd2d622bb5d67f9d8d16c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5904411219601127ffdbd2d622bb5d67f9d8d16c"
},
{
"url": "https://git.kernel.org/stable/c/347cca11bb78b9f3c29b45a9c52e70258bd008bf",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/347cca11bb78b9f3c29b45a9c52e70258bd008bf"
},
{
"url": "https://git.kernel.org/stable/c/3afdcc4e1a00facad210f5c5891bb2fbc026067f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3afdcc4e1a00facad210f5c5891bb2fbc026067f"
},
{
"url": "https://git.kernel.org/stable/c/164be0a824387301312689bb29b2be92ab2cd39d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/164be0a824387301312689bb29b2be92ab2cd39d"
},
{
"url": "https://git.kernel.org/stable/c/9b319f4a88094b2e020e6db6e819c808d890098d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9b319f4a88094b2e020e6db6e819c808d890098d"
},
{
"url": "https://git.kernel.org/stable/c/ab92e11b73b48b79f144421430891f3aa6242656",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ab92e11b73b48b79f144421430891f3aa6242656"
},
{
"url": "https://git.kernel.org/stable/c/a86e54a345139f1a7668c9f83bdc7ac6f91b6f78",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a86e54a345139f1a7668c9f83bdc7ac6f91b6f78"
},
{
"url": "https://git.kernel.org/stable/c/7182175f565ffffa2ba1911726c5656bfc7a1bae",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/7182175f565ffffa2ba1911726c5656bfc7a1bae"
},
{
"url": "https://git.kernel.org/stable/c/916cd2fcbc1e344bcabf4b2a834cdf5a0417d30c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/916cd2fcbc1e344bcabf4b2a834cdf5a0417d30c"
},
{
"url": "https://git.kernel.org/stable/c/8672ad663a22d0e4a325bb7d817b36ec412b967c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8672ad663a22d0e4a325bb7d817b36ec412b967c"
},
{
"url": "https://git.kernel.org/stable/c/da3b75931bb737be74d6b4341e0080f233ed1409",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/da3b75931bb737be74d6b4341e0080f233ed1409"
},
{
"url": "https://git.kernel.org/stable/c/2ff436b6399859e06539a2b9c667897d3cc85ad5",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2ff436b6399859e06539a2b9c667897d3cc85ad5"
},
{
"url": "https://git.kernel.org/stable/c/9723602387217caa71d623ffcce314dc39e84a09",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9723602387217caa71d623ffcce314dc39e84a09"
},
{
"url": "https://git.kernel.org/stable/c/19f955ad9437a6859a529af34e2eafd903d5e7c1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/19f955ad9437a6859a529af34e2eafd903d5e7c1"
},
{
"url": "https://git.kernel.org/stable/c/e4e47e406d74cab601b2ab21ba5e3add811e05ae",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e4e47e406d74cab601b2ab21ba5e3add811e05ae"
},
{
"url": "https://git.kernel.org/stable/c/339f83612f3a569b194680768b22bf113c26a29d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/339f83612f3a569b194680768b22bf113c26a29d"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

100
2024/35xxx/CVE-2024-35941.json
View File

@ -5,110 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-35941",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: add overflow debug check to pull/push helpers\n\nsyzbot managed to trigger following splat:\nBUG: KASAN: use-after-free in __skb_flow_dissect+0x4a3b/0x5e50\nRead of size 1 at addr ffff888208a4000e by task a.out/2313\n[..]\n __skb_flow_dissect+0x4a3b/0x5e50\n __skb_get_hash+0xb4/0x400\n ip_tunnel_xmit+0x77e/0x26f0\n ipip_tunnel_xmit+0x298/0x410\n ..\n\nAnalysis shows that the skb has a valid ->head, but bogus ->data\npointer.\n\nskb->data gets its bogus value via the neigh layer, which does:\n\n1556 __skb_pull(skb, skb_network_offset(skb));\n\n... and the skb was already dodgy at this point:\n\nskb_network_offset(skb) returns a negative value due to an\nearlier overflow of skb->network_header (u16). __skb_pull thus\n\"adjusts\" skb->data by a huge offset, pointing outside skb->head\narea.\n\nAllow debug builds to splat when we try to pull/push more than\nINT_MAX bytes.\n\nAfter this, the syzkaller reproducer yields a more precise splat\nbefore the flow dissector attempts to read off skb->data memory:\n\nWARNING: CPU: 5 PID: 2313 at include/linux/skbuff.h:2653 neigh_connected_output+0x28e/0x400\n ip_finish_output2+0xb25/0xed0\n iptunnel_xmit+0x4ff/0x870\n ipgre_xmit+0x78e/0xbb0"
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "8af60bb2b215"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.86",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.27",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.6",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8af60bb2b215f478b886f1d6d302fefa7f0b917d",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8af60bb2b215f478b886f1d6d302fefa7f0b917d"
},
{
"url": "https://git.kernel.org/stable/c/1b2b26595bb09febf14c5444c873ac4ec90a5a77",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1b2b26595bb09febf14c5444c873ac4ec90a5a77"
},
{
"url": "https://git.kernel.org/stable/c/fff05b2b004d9a8a2416d08647f3dc9068e357c8",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fff05b2b004d9a8a2416d08647f3dc9068e357c8"
},
{
"url": "https://git.kernel.org/stable/c/219eee9c0d16f1b754a8b85275854ab17df0850a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/219eee9c0d16f1b754a8b85275854ab17df0850a"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

18
2024/36xxx/CVE-2024-36243.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36243",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/36xxx/CVE-2024-36260.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36260",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/36xxx/CVE-2024-36278.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36278",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

56
2024/36xxx/CVE-2024-36800.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36800",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/want1997/SEMCMS_VUL/blob/main/Download_sql_vul.md",
"refsource": "MISC",
"name": "https://github.com/want1997/SEMCMS_VUL/blob/main/Download_sql_vul.md"
}
]
}

56
2024/36xxx/CVE-2024-36801.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36801",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-36801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/want1997/SEMCMS_VUL/blob/main/Download_sql_vul_2.md",
"refsource": "MISC",
"name": "https://github.com/want1997/SEMCMS_VUL/blob/main/Download_sql_vul_2.md"
}
]
}

18
2024/37xxx/CVE-2024-37030.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37030",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

79
2024/37xxx/CVE-2024-37053.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37053",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@hiddenlayer.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user\u2019s system when interacted with."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MLflow",
"product": {
"product_data": [
{
"product_name": "MLflow",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.1.0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024",
"refsource": "MISC",
"name": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2024/37xxx/CVE-2024-37054.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37054",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@hiddenlayer.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user\u2019s system when interacted with."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MLflow",
"product": {
"product_data": [
{
"product_name": "MLflow",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.9.0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024",
"refsource": "MISC",
"name": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2024/37xxx/CVE-2024-37055.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37055",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@hiddenlayer.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user\u2019s system when interacted with."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MLflow",
"product": {
"product_data": [
{
"product_name": "MLflow",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.24.0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024",
"refsource": "MISC",
"name": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2024/37xxx/CVE-2024-37056.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37056",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@hiddenlayer.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user\u2019s system when interacted with."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MLflow",
"product": {
"product_data": [
{
"product_name": "MLflow",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.23.0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024",
"refsource": "MISC",
"name": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2024/37xxx/CVE-2024-37057.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37057",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@hiddenlayer.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user\u2019s system when interacted with."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MLflow",
"product": {
"product_data": [
{
"product_name": "MLflow",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.0.0rc0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024",
"refsource": "MISC",
"name": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2024/37xxx/CVE-2024-37058.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37058",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@hiddenlayer.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user\u2019s system when interacted with."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MLflow",
"product": {
"product_data": [
{
"product_name": "MLflow",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.5.0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024",
"refsource": "MISC",
"name": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2024/37xxx/CVE-2024-37059.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37059",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@hiddenlayer.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user\u2019s system when interacted with."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MLflow",
"product": {
"product_data": [
{
"product_name": "MLflow",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.5.0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024",
"refsource": "MISC",
"name": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2024/37xxx/CVE-2024-37060.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37060",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@hiddenlayer.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user\u2019s system when run."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MLflow",
"product": {
"product_data": [
{
"product_name": "MLflow",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.27.0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024",
"refsource": "MISC",
"name": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2024/37xxx/CVE-2024-37061.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37061",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@hiddenlayer.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user\u2019s system when run."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MLflow",
"product": {
"product_data": [
{
"product_name": "MLflow",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.11.0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024",
"refsource": "MISC",
"name": "https://hiddenlayer.com/sai-security-advisory/mlflow-june2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2024/37xxx/CVE-2024-37062.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37062",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@hiddenlayer.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "YdataAI",
"product": {
"product_data": [
{
"product_name": "ydata-profiling",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.7.0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/ydata-june2024",
"refsource": "MISC",
"name": "https://hiddenlayer.com/sai-security-advisory/ydata-june2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2024/37xxx/CVE-2024-37063.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37063",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@hiddenlayer.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "YdataAI",
"product": {
"product_data": [
{
"product_name": "ydata-profiling",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.7.0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/ydata-june2024",
"refsource": "MISC",
"name": "https://hiddenlayer.com/sai-security-advisory/ydata-june2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2024/37xxx/CVE-2024-37064.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37064",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@hiddenlayer.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "YdataAI",
"product": {
"product_data": [
{
"product_name": "ydata-profiling",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.7.0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/ydata-june2024",
"refsource": "MISC",
"name": "https://hiddenlayer.com/sai-security-advisory/ydata-june2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2024/37xxx/CVE-2024-37065.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37065",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@hiddenlayer.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Skops-dev",
"product": {
"product_data": [
{
"product_name": "Skops",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.6",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://hiddenlayer.com/sai-security-advisory/skops-june2024",
"refsource": "MISC",
"name": "https://hiddenlayer.com/sai-security-advisory/skops-june2024"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2024/37xxx/CVE-2024-37077.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37077",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/37xxx/CVE-2024-37185.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37185",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

77
2024/4xxx/CVE-2024-4254.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@huntr.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it allows the running of untrusted code in an environment with access to push to the base repository and access secrets. This flaw could lead to the exfiltration of sensitive secrets such as GITHUB_TOKEN, HF_TOKEN, VERCEL_ORG_ID, VERCEL_PROJECT_ID, COMMENT_TOKEN, AWSACCESSKEYID, AWSSECRETKEY, and VERCEL_TOKEN. The vulnerability is present in the workflow file located at https://github.com/gradio-app/gradio/blob/72f4ca88ab569aae47941b3fb0609e57f2e13a27/.github/workflows/deploy-website.yml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gradio-app",
"product": {
"product_data": [
{
"product_name": "gradio-app/gradio",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "latest"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/59873fbd-5698-4ec3-87f9-5d70c6055d01",
"refsource": "MISC",
"name": "https://huntr.com/bounties/59873fbd-5698-4ec3-87f9-5d70c6055d01"
}
]
},
"source": {
"advisory": "59873fbd-5698-4ec3-87f9-5d70c6055d01",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
]
}

18
2024/5xxx/CVE-2024-5626.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5626",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5627.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5627",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5628.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}