admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-28 16:00:38 +00:00
parent d4538ca2e2
commit f4e0f57d75
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
12 changed files with 226 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2019/19xxx/CVE-2019-19824.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0." "value": "On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, N100RE through 3.4.0, and N302RE 2.0.2."
} }
] ]
}, },
@ -71,6 +71,11 @@
"refsource": "FULLDISC", "refsource": "FULLDISC",
"name": "20200131 Re: Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", "name": "20200131 Re: Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers",
"url": "http://seclists.org/fulldisclosure/2020/Jan/38" "url": "http://seclists.org/fulldisclosure/2020/Jan/38"
},
{
"refsource": "MISC",
"name": "https://github.com/yckuo-sdc/totolink-boa-api-vulnerabilities",
"url": "https://github.com/yckuo-sdc/totolink-boa-api-vulnerabilities"
} }
] ]
} }

63
2024/35xxx/CVE-2024-35325.json
View File

@ -1,66 +1,17 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-35325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35325",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c",
"url": "https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c"
},
{
"refsource": "MISC",
"name": "https://github.com/idhyt/pocs/tree/main/libyaml",
"url": "https://github.com/idhyt/pocs/tree/main/libyaml"
} }
] ]
} }

73
2024/35xxx/CVE-2024-35326.json
View File

@ -1,76 +1,17 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-35326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35326",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** DISPUTED ** libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free. NOTE: this is disputed by the supplier because the discoverer's sample C code is incorrect: it does not call all of the required _initialize functions that are described in the LibYAML documentation." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35326.c",
"url": "https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35326.c"
},
{
"refsource": "MISC",
"name": "https://github.com/idhyt/pocs/tree/main/libyaml",
"url": "https://github.com/idhyt/pocs/tree/main/libyaml"
},
{
"refsource": "MISC",
"name": "https://github.com/yaml/libyaml/issues/298",
"url": "https://github.com/yaml/libyaml/issues/298"
},
{
"refsource": "MISC",
"name": "https://github.com/yaml/libyaml/issues/302",
"url": "https://github.com/yaml/libyaml/issues/302"
} }
] ]
} }

17
2024/35xxx/CVE-2024-35328.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** DISPUTED ** libyaml v0.2.5 is vulnerable to a denial of service. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c. NOTE: this is disputed by the supplier because the discoverer's sample C code is incorrect: it does not call required _initialize functions that are described in the LibYAML documentation." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
} }
] ]
}, },
@ -53,14 +53,19 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "url": "https://drive.google.com/file/d/1zW-n58nRoLwQbDt31keH6QcgmZ57SZLE/view?usp=sharing",
"name": "https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35328.c", "refsource": "MISC",
"url": "https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35328.c" "name": "https://drive.google.com/file/d/1zW-n58nRoLwQbDt31keH6QcgmZ57SZLE/view?usp=sharing"
}, },
{ {
"url": "https://github.com/yaml/libyaml",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/idhyt/pocs/tree/main/libyaml", "name": "https://github.com/yaml/libyaml"
"url": "https://github.com/idhyt/pocs/tree/main/libyaml" },
{
"url": "https://pyyaml.org/wiki/LibYAML",
"refsource": "MISC",
"name": "https://pyyaml.org/wiki/LibYAML"
} }
] ]
} }

63
2024/35xxx/CVE-2024-35329.json
View File

@ -1,66 +1,17 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-35329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35329",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** DISPUTED ** libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the yaml_document_initialize and yaml_document_delete functions." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://drive.google.com/file/d/1xgQ9hJ7Sn5RVEsdMGvIy0s3b_bg3Wyk-/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1xgQ9hJ7Sn5RVEsdMGvIy0s3b_bg3Wyk-/view?usp=sharing"
},
{
"refsource": "MISC",
"name": "https://github.com/yaml/libyaml/releases/tag/0.2.5",
"url": "https://github.com/yaml/libyaml/releases/tag/0.2.5"
} }
] ]
} }

5
2024/39xxx/CVE-2024-39930.json
View File

@ -61,6 +61,11 @@
"url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/", "url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/" "name": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/"
},
{
"refsource": "MISC",
"name": "https://www.vicarius.io/vsociety/posts/argument-injection-in-gogs-ssh-server-cve-2024-39930",
"url": "https://www.vicarius.io/vsociety/posts/argument-injection-in-gogs-ssh-server-cve-2024-39930"
} }
] ]
}, },

75
2024/42xxx/CVE-2024-42698.json
View File

@ -1,18 +1,81 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-42698",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-42698",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Roughly Enough Items (REI) v.16.0.729 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in the Roughly Enough Items (REI) mod for Minecraft, which allows in-game item duplication."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/apple502j/7b1af0082449c9bfbf910e9a25ef3595",
"refsource": "MISC",
"name": "https://gist.github.com/apple502j/7b1af0082449c9bfbf910e9a25ef3595"
},
{
"url": "https://github.com/shedaniel/RoughlyEnoughItems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad",
"refsource": "MISC",
"name": "https://github.com/shedaniel/RoughlyEnoughItems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:N",
"version": "3.1"
}
} }
} }

61
2024/42xxx/CVE-2024-42900.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-42900",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-42900",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitee.com/y_project/RuoYi",
"refsource": "MISC",
"name": "https://gitee.com/y_project/RuoYi"
},
{
"refsource": "MISC",
"name": "https://g03m0n.github.io/posts/cve-2024-42900/",
"url": "https://g03m0n.github.io/posts/cve-2024-42900/"
} }
] ]
} }

5
2024/44xxx/CVE-2024-44083.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/Azvanzed/IdaMeme", "url": "https://github.com/Azvanzed/IdaMeme",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/Azvanzed/IdaMeme" "name": "https://github.com/Azvanzed/IdaMeme"
},
{
"refsource": "MISC",
"name": "https://github.com/Azvanzed/CVE-2024-44083/",
"url": "https://github.com/Azvanzed/CVE-2024-44083/"
} }
] ]
} }

18
2024/45xxx/CVE-2024-45386.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45386",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8264.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8264",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8265.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8265",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}