admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-21 19:00:34 +00:00
parent 3a41b151e0
commit f1c7c69677
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
18 changed files with 403 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
2023/6xxx/CVE-2023-6240.json
View File

@ -207,12 +207,6 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "null"
}
],
"impact": {
"cvss": [
{

6
2023/6xxx/CVE-2023-6717.json
View File

@ -378,12 +378,6 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "null"
}
],
"impact": {
"cvss": [
{

6
2024/0xxx/CVE-2024-0340.json
View File

@ -130,12 +130,6 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "null"
}
],
"impact": {
"cvss": [
{

6
2024/1xxx/CVE-2024-1139.json
View File

@ -2939,12 +2939,6 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "null"
}
],
"credits": [
{
"lang": "en",

2
2024/1xxx/CVE-2024-1249.json
View File

@ -399,7 +399,7 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
"defaultStatus": "affected"
}
}
]

20
2024/22xxx/CVE-2024-22354.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nIBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.\n\n"
"value": "IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401."
}
]
},
@ -42,6 +42,14 @@
{
"version_affected": "=",
"version_value": "8.5, 9.0"
},
{
"version_affected": "=",
"version_value": "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*"
},
{
"version_affected": "=",
"version_value": "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*"
}
]
}
@ -53,7 +61,15 @@
{
"version_affected": "<=",
"version_name": "17.0.0.3",
"version_value": "24.0.0.3"
"version_value": "24.0.0.5"
},
{
"version_affected": "=",
"version_value": "cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*"
},
{
"version_affected": "=",
"version_value": "cpe:2.3:a:ibm:websphere_application_server:24.0.0.5:*:*:*:liberty:*:*:*"
}
]
}

70
2024/25xxx/CVE-2024-25724.json
View File

@ -1,18 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25724",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-25724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers to execute code with the affected service's privileges, compromise the service's integrity, leak sensitive information, or crash the service. These attacks could be done via a remote malicious RTPS message; a compromised call with malicious parameters to the RTI_RoutingService_new, rti::recording::Service, RTI_QueuingService_new, or RTI_CDS_Service_new public APIs; or a compromised local file system containing a malicious XML file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://community.rti.com/static/documentation/connext-dds/current/doc/vulnerabilities/index.html#cve-2024-25724",
"url": "https://community.rti.com/static/documentation/connext-dds/current/doc/vulnerabilities/index.html#cve-2024-25724"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:L/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
}

66
2024/33xxx/CVE-2024-33525.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33525",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-33525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Stored Cross-site Scripting (XSS) vulnerability in the \"Import of organizational units and title of organizational unit\" feature in ILIAS 7.20 to 7.30 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=170029",
"url": "https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=170029"
},
{
"refsource": "CONFIRM",
"name": "https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=170040",
"url": "https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=170040"
},
{
"refsource": "CONFIRM",
"name": "https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=159938",
"url": "https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=159938"
}
]
}

5
2024/34xxx/CVE-2024-34257.json
View File

@ -56,6 +56,11 @@
"url": "https://immense-mirror-b42.notion.site/TOTOLINK-EX1800T-has-an-unauthorized-arbitrary-command-execution-vulnerability-2f3e308f5e1d45a2b8a64f198cacc350",
"refsource": "MISC",
"name": "https://immense-mirror-b42.notion.site/TOTOLINK-EX1800T-has-an-unauthorized-arbitrary-command-execution-vulnerability-2f3e308f5e1d45a2b8a64f198cacc350"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/EX1800T/1.md",
"url": "https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/EX1800T/1.md"
}
]
}

56
2024/35xxx/CVE-2024-35058.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35058",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze",
"url": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze"
}
]
}

56
2024/35xxx/CVE-2024-35059.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35059",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze",
"url": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze"
}
]
}

56
2024/35xxx/CVE-2024-35060.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35060",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze",
"url": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze"
}
]
}

56
2024/35xxx/CVE-2024-35061.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35061",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-35061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze",
"url": "https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze"
}
]
}

8
2024/3xxx/CVE-2024-3154.json
View File

@ -65,7 +65,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.27.6-2.rhaos4.14.gitb3bd0bf.el8",
"version": "0:1.27.6-2.rhaos4.14.gitb3bd0bf.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -161,12 +161,6 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "null"
}
],
"credits": [
{
"lang": "en",

6
2024/5xxx/CVE-2024-5042.json
View File

@ -122,12 +122,6 @@
}
]
},
"work_around": [
{
"lang": "en",
"value": "null"
}
],
"impact": {
"cvss": [
{

18
2024/5xxx/CVE-2024-5181.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5181",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5182.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5182",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5183.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5183",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}