admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-17 12:00:38 +00:00
parent 5bd0c218e0
commit e9eb5a6512
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 44 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
2021/43xxx/CVE-2021-43072.json
View File

@ -52,7 +52,7 @@
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.11"
"version_value": "6.2.12"
},
{
"version_affected": "<=",
@ -84,7 +84,7 @@
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.11"
"version_value": "6.2.12"
},
{
"version_affected": "<=",
@ -117,7 +117,7 @@
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiManager version 7.0.3 or above Please upgrade to FortiManager version 6.4.8 or above Please upgrade to FortiAnalyzer version 7.0.3 or above Please upgrade to FortiAnalyzer version 6.4.8 or above Please upgrade to FortiOS version 7.2.0 or above Please upgrade to FortiOS version 7.0.6 or above Please upgrade to FortiOS version 6.4.9 or above Please upgrade to FortiOS version 6.2.11 or above Please upgrade to FortiProxy version 7.0.4 or above Please upgrade to FortiProxy version 2.0.9 or above "
"value": "Please upgrade to FortiAnalyzer version 7.0.3 or above \nPlease upgrade to FortiAnalyzer version 6.4.8 or above \nPlease upgrade to FortiManager version 7.0.3 or above \nPlease upgrade to FortiManager version 6.4.8 or above \nPlease upgrade to FortiOS version 7.2.0 or above \nPlease upgrade to FortiOS version 7.0.6 or above \nPlease upgrade to FortiProxy version 7.0.4 or above \nPlease upgrade to FortiProxy version 2.0.9 or above \n"
}
],
"impact": {
@ -128,7 +128,7 @@
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "HIGH",
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",

78
2024/4xxx/CVE-2024-4460.json
View File

@ -5,87 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2024-4460",
"ASSIGNER": "security@huntr.com",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (`\\n`) characters in component names. When a low-privileged user adds a component through the API endpoint `api/v1/workspaces/default/components` with a name containing a `\\n` character, it leads to uncontrolled resource consumption. This vulnerability results in the inability of users to add new components in certain categories (e.g., 'Image Builder') and to register new stacks through the UI, thereby degrading the user experience and potentially rendering the ZenML Dashboard unusable. The issue does not affect component addition through the Web UI, as `\\n` characters are properly escaped in that context. The vulnerability was tested on ZenML running in Docker, and it was observed in both Firefox and Chrome browsers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zenml-io",
"product": {
"product_data": [
{
"product_name": "zenml-io/zenml",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "0.57.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/a387c935-b970-44d7-bddc-71c1c90aa2de",
"refsource": "MISC",
"name": "https://huntr.com/bounties/a387c935-b970-44d7-bddc-71c1c90aa2de"
},
{
"url": "https://github.com/zenml-io/zenml/commit/164cc09032060bbfc17e9dbd62c13efd5ff5771b",
"refsource": "MISC",
"name": "https://github.com/zenml-io/zenml/commit/164cc09032060bbfc17e9dbd62c13efd5ff5771b"
}
]
},
"source": {
"advisory": "a387c935-b970-44d7-bddc-71c1c90aa2de",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}

73
2024/5xxx/CVE-2024-5887.json
View File

@ -5,82 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2024-5887",
"ASSIGNER": "security@huntr.com",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in stitionai/devika due to a loosely set CORS policy. This vulnerability allows an attacker to exploit any API endpoint if the user hosting the server visits an attacker-controlled website. The impact includes the ability to read and write files on the system, create or delete projects, and change settings. However, it does not allow sending messages or commands to the model via WebSocket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "stitionai",
"product": {
"product_data": [
{
"product_name": "stitionai/devika",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "latest"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/aa4f1c38-5b38-4cdc-91e1-68d3ec2350f2",
"refsource": "MISC",
"name": "https://huntr.com/bounties/aa4f1c38-5b38-4cdc-91e1-68d3ec2350f2"
}
]
},
"source": {
"advisory": "aa4f1c38-5b38-4cdc-91e1-68d3ec2350f2",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}

18
2024/6xxx/CVE-2024-6831.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6831",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6832.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6832",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}