admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-27 20:00:34 +00:00
parent f41585c130
commit ed7a7f69c5
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 293 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
2024/37xxx/CVE-2024-37694.json
View File

@ -1,61 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@esri.com",
"ID": "CVE-2024-37694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-37694",
"ASSIGNER": "psirt@esri.com",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sensitive information because /arcgis/rest/services does not require authentication. NOTE: the supplier disputes the vulnerability information, and also objects to the assignment process (unsupported when assigned from incorrect CNA)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/NSSCYCTFER/SRC-CVE",
"refsource": "MISC",
"name": "https://github.com/NSSCYCTFER/SRC-CVE"
"value": "** REJECT ** This submission has been rejected by the CNA of record. Authentication is user configurable as described in our documentation. \u00a0\n\n\u00a0\n\n https://enterprise.arcgis.com/en/server/latest/administer/windows/configuring-arcgis-server-security.htm"
}
]
}

81
2024/38xxx/CVE-2024-38523.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to change such settings without user interaction and credentials are required. This vulnerability has been patched in version 0.10.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "scidsg",
"product": {
"product_data": [
{
"product_name": "hushline",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/scidsg/hushline/security/advisories/GHSA-4c38-hhxx-9mhx",
"refsource": "MISC",
"name": "https://github.com/scidsg/hushline/security/advisories/GHSA-4c38-hhxx-9mhx"
},
{
"url": "https://github.com/scidsg/hushline/pull/376",
"refsource": "MISC",
"name": "https://github.com/scidsg/hushline/pull/376"
}
]
},
"source": {
"advisory": "GHSA-4c38-hhxx-9mhx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

56
2024/39xxx/CVE-2024-39129.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39129",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function PushTSBuf() at /src/PayloadBuf.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/wangf1978/DumpTS/issues/19",
"refsource": "MISC",
"name": "https://github.com/wangf1978/DumpTS/issues/19"
}
]
}

56
2024/39xxx/CVE-2024-39130.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39130",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-39130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function DumpOneStream() at /src/DumpStream.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/wangf1978/DumpTS/issues/20",
"refsource": "MISC",
"name": "https://github.com/wangf1978/DumpTS/issues/20"
}
]
}

94
2024/6xxx/CVE-2024-6127.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6127",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BC Security",
"product": {
"product_data": [
{
"product_name": "Empire",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.9.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://aceresponder.com/blog/exploiting-empire-c2-framework",
"refsource": "MISC",
"name": "https://aceresponder.com/blog/exploiting-empire-c2-framework"
},
{
"url": "https://github.com/ACE-Responder/Empire-C2-RCE-PoC",
"refsource": "MISC",
"name": "https://github.com/ACE-Responder/Empire-C2-RCE-PoC"
},
{
"url": "https://github.com/BC-SECURITY/Empire/blob/8283bbc77250232eb493bf1f9104fdd0d468962a/CHANGELOG.md?plain=1#L102",
"refsource": "MISC",
"name": "https://github.com/BC-SECURITY/Empire/blob/8283bbc77250232eb493bf1f9104fdd0d468962a/CHANGELOG.md?plain=1#L102"
},
{
"url": "https://vulncheck.com/advisories/empire-unauth-rce",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/empire-unauth-rce"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2024/6xxx/CVE-2024-6397.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6397",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}