admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-14 19:00:32 +00:00
parent eddd5f2a63
commit eefd522718
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 487 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
2024/12xxx/CVE-2024-12019.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@blackduck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with \u2018read\u2019 and \u2018download\u2019 privileges on at least one existing document in the application is required to exploit the vulnerability.\u00a0Exploitation of this vulnerability would allow an attacker to read the contents of any file available within the privileges of the system user running the application."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal",
"cweId": "CWE-23"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LogicalDOC",
"product": {
"product_data": [
{
"product_name": "LogicalDOC Community",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.1"
}
]
}
},
{
"product_name": "LogicalDOC Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html",
"refsource": "MISC",
"name": "https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability has been mitigated in LogicalDOC Community and Enterprise Editions version 9.1 by commit e7cd313.<br>"
}
],
"value": "This vulnerability has been mitigated in LogicalDOC Community and Enterprise Editions version 9.1 by commit e7cd313."
}
],
"credits": [
{
"lang": "en",
"value": "Matthew Hogg"
}
]
}

76
2024/12xxx/CVE-2024-12020.json
View File

@ -1,18 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12020",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@blackduck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability.\u00a0Stealing the session cookie is not possible due to cookie security flags, however the XSS may be used to induce a victim to perform on-site requests without their knowledge.\n\nThis vulnerability only affects LogicalDOC Enterprise."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LogicalDOC",
"product": {
"product_data": [
{
"product_name": "LogicalDOC Enterprise",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "0"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html",
"refsource": "MISC",
"name": "https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Scott Tolley"
}
]
}

95
2024/12xxx/CVE-2024-12245.json
View File

@ -1,18 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12245",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@blackduck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers.\u00a0Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LogicalDOC",
"product": {
"product_data": [
{
"product_name": "LogicalDOC Community",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "0"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "LogicalDOC Enterprise",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "0"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html",
"refsource": "MISC",
"name": "https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Scott Tolley"
}
]
}

94
2024/54xxx/CVE-2024-54448.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-54448",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@blackduck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is needed to carry out the attack.\u00a0Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LogicalDOC",
"product": {
"product_data": [
{
"product_name": "LogicalDOC Community",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.1"
}
]
}
},
{
"product_name": "LogicalDOC Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html",
"refsource": "MISC",
"name": "https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability has been mitigated in LogicalDOC Community and Enterprise Editions version 9.1 by this commit and commit e7cd313.<br>"
}
],
"value": "This vulnerability has been mitigated in LogicalDOC Community and Enterprise Editions version 9.1 by this commit and commit e7cd313."
}
],
"credits": [
{
"lang": "en",
"value": "Matthew Hogg"
}
]
}

94
2024/54xxx/CVE-2024-54449.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-54449",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@blackduck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An account with \u2018read\u2019 and \u2018write\u2019 privileges on at least one existing document in the application is required to exploit the vulnerability.\u00a0Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal",
"cweId": "CWE-23"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LogicalDOC",
"product": {
"product_data": [
{
"product_name": "LogicalDOC Community",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.1"
}
]
}
},
{
"product_name": "LogicalDOC Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html",
"refsource": "MISC",
"name": "https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability has been mitigated in LogicalDOC Community and Enterprise Editions version 9.1 by commit e7cd313.<br>"
}
],
"value": "This vulnerability has been mitigated in LogicalDOC Community and Enterprise Editions version 9.1 by commit e7cd313."
}
],
"credits": [
{
"lang": "en",
"value": "Matthew Hogg"
}
]
}

63
2025/29xxx/CVE-2025-29771.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-29771",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a `contentEditable` element to set the elements `innerHTML` to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. The issue is patched in version 2.0.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jitbit",
"product": {
"product_data": [
{
"product_name": "HtmlSanitizer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/jitbit/HtmlSanitizer/security/advisories/GHSA-vhv4-fh94-jm5x",
"refsource": "MISC",
"name": "https://github.com/jitbit/HtmlSanitizer/security/advisories/GHSA-vhv4-fh94-jm5x"
},
{
"url": "https://github.com/jitbit/HtmlSanitizer/commit/af6d2a78877e7277cd01c825b7fb50edb5956963",
"refsource": "MISC",
"name": "https://github.com/jitbit/HtmlSanitizer/commit/af6d2a78877e7277cd01c825b7fb50edb5956963"
}
]
},
"source": {
"advisory": "GHSA-vhv4-fh94-jm5x",
"discovery": "UNKNOWN"
}
}