admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-30 15:00:36 +00:00
parent e02c9df49b
commit f4efd3e9b1
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
37 changed files with 1532 additions and 320 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2023/37xxx/CVE-2023-37397.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation",
"cweId": "CWE-295"
"value": "CWE-326 Inadequate Encryption Strength",
"cweId": "CWE-326"
}
]
}

84
2023/38xxx/CVE-2023-38002.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-38002",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384 Session Fixation",
"cweId": "CWE-384"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Storage Scale",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "5.1.0.0",
"version_value": "5.1.9.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7149699",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7149699"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260208",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260208"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

39
2023/40xxx/CVE-2023-40745.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.4.0-12.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -91,19 +112,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -113,6 +121,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2289",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2289"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-40745",
"refsource": "MISC",

39
2023/41xxx/CVE-2023-41175.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.4.0-12.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -91,19 +112,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -113,6 +121,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2289",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2289"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-41175",
"refsource": "MISC",

4
2023/45xxx/CVE-2023-45185.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}

61
2023/45xxx/CVE-2023-45385.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45385",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-45385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://addons.prestashop.com/en/preparation-shipping/16885-print-shipping-labels-pro-address-direct-print.html#overview_description",
"refsource": "MISC",
"name": "https://addons.prestashop.com/en/preparation-shipping/16885-print-shipping-labels-pro-address-direct-print.html#overview_description"
},
{
"refsource": "CONFIRM",
"name": "https://security.friendsofpresta.org/modules/2024/04/29/pqprintshippinglabels.html",
"url": "https://security.friendsofpresta.org/modules/2024/04/29/pqprintshippinglabels.html"
}
]
}

39
2023/47xxx/CVE-2023-47038.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4:5.32.1-481.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -85,19 +106,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -107,6 +115,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2228",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2228"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-47038",
"refsource": "MISC",

49
2023/4xxx/CVE-2023-4692.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1:2.06-77.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
@ -60,19 +81,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -82,6 +90,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2456",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2456"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4692",
"refsource": "MISC",
@ -97,6 +110,11 @@
"refsource": "MISC",
"name": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRJ5UZRXX2KLR4IKBJEQUNGOCXMMDLY/",
"refsource": "MISC",
@ -121,11 +139,6 @@
"url": "https://security.netapp.com/advisory/ntap-20231208-0002/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20231208-0002/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/"
}
]
},

49
2023/4xxx/CVE-2023-4693.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1:2.06-77.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
@ -60,19 +81,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -82,6 +90,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2456",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2456"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4693",
"refsource": "MISC",
@ -97,6 +110,11 @@
"refsource": "MISC",
"name": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRJ5UZRXX2KLR4IKBJEQUNGOCXMMDLY/",
"refsource": "MISC",
@ -121,11 +139,6 @@
"url": "https://security.netapp.com/advisory/ntap-20231208-0002/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20231208-0002/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/"
}
]
},

39
2023/5xxx/CVE-2023-5215.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.18.1-3.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
@ -66,19 +87,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -88,6 +96,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2204",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2204"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5215",
"refsource": "MISC",

63
2023/5xxx/CVE-2023-5574.json
View File

@ -35,6 +35,39 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.13.1-8.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -97,31 +130,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
@ -131,6 +139,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2298",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2298"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5574",
"refsource": "MISC",

39
2023/5xxx/CVE-2023-5871.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.18.1-3.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -73,19 +94,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -95,6 +103,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2204",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2204"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5871",
"refsource": "MISC",

53
2023/6xxx/CVE-2023-6004.json
View File

@ -35,6 +35,41 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:0.10.4-13.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:0.10.4-13.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
@ -60,19 +95,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -82,6 +104,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2504",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2504"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6004",
"refsource": "MISC",

39
2023/6xxx/CVE-2023-6228.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.4.0-12.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -85,19 +106,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -107,6 +115,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2289",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2289"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6228",
"refsource": "MISC",

39
2023/6xxx/CVE-2023-6710.json
View File

@ -77,6 +77,27 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.3.20-1.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Core Services 1",
"version": {
@ -90,19 +111,6 @@
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat JBoss Core Services",
"version": {
@ -134,6 +142,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:1317"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2387",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2387"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6710",
"refsource": "MISC",

39
2023/6xxx/CVE-2023-6917.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:6.2.0-1.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -73,19 +94,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -95,6 +103,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2213",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2213"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6917",
"refsource": "MISC",

53
2023/6xxx/CVE-2023-6918.json
View File

@ -35,6 +35,41 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:0.10.4-13.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:0.10.4-13.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -79,19 +114,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -101,6 +123,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2504",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2504"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6918",
"refsource": "MISC",

53
2023/7xxx/CVE-2023-7008.json
View File

@ -35,6 +35,41 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:252-32.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:252-32.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Cryostat 2",
"version": {
@ -60,19 +95,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -82,6 +104,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2463",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2463"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-7008",
"refsource": "MISC",

17
2024/0xxx/CVE-2024-0690.json
View File

@ -78,12 +78,20 @@
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1:2.14.14-1.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
@ -91,7 +99,7 @@
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
@ -116,6 +124,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:0733"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2246",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2246"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0690",
"refsource": "MISC",

39
2024/1xxx/CVE-2024-1048.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1:2.06-77.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -73,19 +94,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -100,6 +108,11 @@
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/02/06/3"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2456",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2456"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1048",
"refsource": "MISC",

61
2024/23xxx/CVE-2024-23772.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23772",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-23772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\\SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.quest.com/kace/",
"refsource": "MISC",
"name": "https://www.quest.com/kace/"
},
{
"refsource": "CONFIRM",
"name": "https://support.quest.com/kb/4375402/quest-response-to-kace-sma-agent-vulnerabilities-cve-2024-23772-cve-2024-23773-cve-2024-23774",
"url": "https://support.quest.com/kb/4375402/quest-response-to-kace-sma-agent-vulnerabilities-cve-2024-23772-cve-2024-23773-cve-2024-23774"
}
]
}

61
2024/23xxx/CVE-2024-23773.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23773",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-23773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\\SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.quest.com/kace/",
"refsource": "MISC",
"name": "https://www.quest.com/kace/"
},
{
"refsource": "CONFIRM",
"name": "https://support.quest.com/kb/4375402/quest-response-to-kace-sma-agent-vulnerabilities-cve-2024-23772-cve-2024-23773-cve-2024-23774",
"url": "https://support.quest.com/kb/4375402/quest-response-to-kace-sma-agent-vulnerabilities-cve-2024-23772-cve-2024-23773-cve-2024-23774"
}
]
}

61
2024/23xxx/CVE-2024-23774.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23774",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-23774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\\SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.quest.com/kace/",
"refsource": "MISC",
"name": "https://www.quest.com/kace/"
},
{
"refsource": "CONFIRM",
"name": "https://support.quest.com/kb/4375402/quest-response-to-kace-sma-agent-vulnerabilities-cve-2024-23772-cve-2024-23773-cve-2024-23774",
"url": "https://support.quest.com/kb/4375402/quest-response-to-kace-sma-agent-vulnerabilities-cve-2024-23772-cve-2024-23773-cve-2024-23774"
}
]
}

78
2024/25xxx/CVE-2024-25575.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25575",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')",
"cweId": "CWE-843"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Foxit",
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2024.1.0.23997"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1963",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1963"
}
]
},
"credits": [
{
"lang": "en",
"value": "Discovered by KPC of Cisco Talos."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

78
2024/25xxx/CVE-2024-25648.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25648",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Foxit",
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2024.1.0.23997"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1959",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1959"
}
]
},
"credits": [
{
"lang": "en",
"value": "Discovered by KPC of Cisco Talos."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

78
2024/25xxx/CVE-2024-25938.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-25938",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Foxit",
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2024.1.0.23997"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1958",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1958"
}
]
},
"credits": [
{
"lang": "en",
"value": "Discovered by KPC of Cisco Talos."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

66
2024/28xxx/CVE-2024-28716.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28716",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-28716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugs.launchpad.net/solum/+bug/2047505",
"refsource": "MISC",
"name": "https://bugs.launchpad.net/solum/+bug/2047505"
},
{
"url": "https://drive.google.com/file/d/11x-6CjWCyap8_W1JpVzun56HQkPNLtWT/view?usp=drive_link",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/11x-6CjWCyap8_W1JpVzun56HQkPNLtWT/view?usp=drive_link"
},
{
"refsource": "CONFIRM",
"name": "https://gist.github.com/Fewword/f098d8d6375ac25e27b18c0e57be532f",
"url": "https://gist.github.com/Fewword/f098d8d6375ac25e27b18c0e57be532f"
}
]
}

39
2024/2xxx/CVE-2024-2496.json
View File

@ -35,6 +35,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:10.0.0-6.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
@ -86,19 +107,6 @@
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
@ -108,6 +116,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2236",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2236"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-2496",
"refsource": "MISC",

69
2024/2xxx/CVE-2024-2877.json
View File

@ -1,17 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2877",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@hashicorp.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.\n\nThis vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HashiCorp",
"product": {
"product_data": [
{
"product_name": "Vault Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.15.0",
"version_value": "1.15.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.hashicorp.com/t/hsec-2024-10-vault-enterprise-leaks-sensitive-http-request-headers-in-audit-log-when-deployed-with-a-performance-standby-node",
"refsource": "MISC",
"name": "https://discuss.hashicorp.com/t/hsec-2024-10-vault-enterprise-leaks-sensitive-http-request-headers-in-audit-log-when-deployed-with-a-performance-standby-node"
}
]
},
"source": {
"advisory": "HCSEC-2024-10",
"discovery": "INTERNAL"
},
"impact": {
"cvss": [
{
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

61
2024/33xxx/CVE-2024-33267.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33267",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-33267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.heropay.eu/",
"refsource": "MISC",
"name": "https://www.heropay.eu/"
},
{
"refsource": "CONFIRM",
"name": "https://security.friendsofpresta.org/modules/2024/04/29/hfheropayment.html",
"url": "https://security.friendsofpresta.org/modules/2024/04/29/hfheropayment.html"
}
]
}

61
2024/33xxx/CVE-2024-33274.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33274",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-33274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://addons.prestashop.com/en/registration-ordering-process/19008-custom-checkout-fields-add-custom-fields-to-checkout.html",
"refsource": "MISC",
"name": "https://addons.prestashop.com/en/registration-ordering-process/19008-custom-checkout-fields-add-custom-fields-to-checkout.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.friendsofpresta.org/modules/2024/04/29/customfields.html",
"url": "https://security.friendsofpresta.org/modules/2024/04/29/customfields.html"
}
]
}

61
2024/33xxx/CVE-2024-33308.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33308",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-33308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT/tree/main",
"refsource": "MISC",
"name": "https://github.com/aaravavi/TVS-Connect-Application-VAPT/tree/main"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/aaravavi/TVS-Connect-Application-VAPT",
"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT"
}
]
}

61
2024/33xxx/CVE-2024-33309.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33309",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-33309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT/tree/main",
"refsource": "MISC",
"name": "https://github.com/aaravavi/TVS-Connect-Application-VAPT/tree/main"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/aaravavi/TVS-Connect-Application-VAPT",
"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT"
}
]
}

56
2024/33xxx/CVE-2024-33465.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33465",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-33465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hbzms.github.io/",
"url": "https://hbzms.github.io/"
}
]
}

84
2024/4xxx/CVE-2024-4340.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4340",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@jfrog.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-674 Uncontrolled Recursion",
"cweId": "CWE-674"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292/",
"refsource": "MISC",
"name": "https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292/"
},
{
"url": "https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03",
"refsource": "MISC",
"name": "https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03"
},
{
"url": "https://github.com/advisories/GHSA-2m57-hf25-phgg",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-2m57-hf25-phgg"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

18
2024/4xxx/CVE-2024-4348.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4348",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/4xxx/CVE-2024-4349.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4349",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}