admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-12 15:00:35 +00:00
parent b1369e892f
commit f5f27096de
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
25 changed files with 971 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2024/36xxx/CVE-2024-36387.json
View File

@ -59,6 +59,11 @@
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240712-0001/"
}
]
},

5
2024/36xxx/CVE-2024-36522.json
View File

@ -69,6 +69,11 @@
"url": "https://lists.apache.org/thread/w613qh7yors840pbx00l1pq6wkl9jzkc",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/w613qh7yors840pbx00l1pq6wkl9jzkc"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/12/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/07/12/2"
}
]
},

85
2024/37xxx/CVE-2024-37928.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37928",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NooTheme Jobmonster allows File Manipulation.This issue affects Jobmonster: from n/a through 4.7.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NooTheme",
"product": {
"product_data": [
{
"product_name": "Jobmonster",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "4.7.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/noo-jobmonster/wordpress-jobmonster-theme-4-7-0-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/noo-jobmonster/wordpress-jobmonster-theme-4-7-0-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Dave Jong (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
]
}

85
2024/37xxx/CVE-2024-37932.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-37932",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "anhvnit",
"product": {
"product_data": [
{
"product_name": "Woocommerce OpenPos",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "6.4.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-openpos/wordpress-woocommerce-openpos-plugin-6-4-4-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/woocommerce-openpos/wordpress-woocommerce-openpos-plugin-6-4-4-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Dave Jong (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
]
}

5
2024/38xxx/CVE-2024-38472.json
View File

@ -59,6 +59,11 @@
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240712-0001/"
}
]
},

5
2024/38xxx/CVE-2024-38473.json
View File

@ -59,6 +59,11 @@
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240712-0001/"
}
]
},

5
2024/38xxx/CVE-2024-38474.json
View File

@ -59,6 +59,11 @@
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240712-0001/"
}
]
},

5
2024/38xxx/CVE-2024-38475.json
View File

@ -59,6 +59,11 @@
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240712-0001/"
}
]
},

5
2024/38xxx/CVE-2024-38476.json
View File

@ -59,6 +59,11 @@
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240712-0001/"
}
]
},

5
2024/38xxx/CVE-2024-38477.json
View File

@ -59,6 +59,11 @@
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240712-0001/"
}
]
},

85
2024/38xxx/CVE-2024-38700.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38700",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in realmag777 WPCS allows Code Injection.This issue affects WPCS: from n/a through 1.2.0.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "realmag777",
"product": {
"product_data": [
{
"product_name": "WPCS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.2.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/currency-switcher/wordpress-wpcs-wordpress-currency-switcher-professional-plugin-1-2-0-3-arbitrary-shortcode-execution-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/currency-switcher/wordpress-wpcs-wordpress-currency-switcher-professional-plugin-1-2-0-3-arbitrary-shortcode-execution-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "stealthcopter (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

113
2024/38xxx/CVE-2024-38704.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38704",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DynamicWebLab WordPress Team Manager allows PHP Local File Inclusion.This issue affects WordPress Team Manager: from n/a through 2.1.12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "DynamicWebLab",
"product": {
"product_data": [
{
"product_name": "WordPress Team Manager",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "2.1.13",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.12",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/wp-team-manager/wordpress-team-manager-plugin-2-1-12-local-file-inclusion-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/wp-team-manager/wordpress-team-manager-plugin-2-1-12-local-file-inclusion-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.1.13 or a higher version."
}
],
"value": "Update to 2.1.13 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "4rCanJ0x! (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

113
2024/38xxx/CVE-2024-38706.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38706",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HasThemes HT Mega allows Path Traversal.This issue affects HT Mega: from n/a through 2.5.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HasThemes",
"product": {
"product_data": [
{
"product_name": "HT Mega",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "2.5.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.5.7",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-plugin-2-5-7-json-path-traversal-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-plugin-2-5-7-json-path-traversal-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.5.8 or a higher version."
}
],
"value": "Update to 2.5.8 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

113
2024/38xxx/CVE-2024-38709.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38709",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Milan Petrovic GD Rating System allows PHP Local File Inclusion.This issue affects GD Rating System: from n/a through 3.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Milan Petrovic",
"product": {
"product_data": [
{
"product_name": "GD Rating System",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.6.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/gd-rating-system/wordpress-gd-rating-system-plugin-3-6-local-file-inclusion-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/gd-rating-system/wordpress-gd-rating-system-plugin-3-6-local-file-inclusion-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.6.1 or a higher version."
}
],
"value": "Update to 3.6.1 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Jo\u00e3o Pedro Soares de Alc\u00e2ntara - Kinorth (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

85
2024/38xxx/CVE-2024-38715.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38715",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.This issue affects ExS Widgets: from n/a through 0.3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ExS",
"product": {
"product_data": [
{
"product_name": "ExS Widgets",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "0.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/exs-widgets/wordpress-exs-widgets-plugin-0-3-1-local-file-inclusion-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/exs-widgets/wordpress-exs-widgets-plugin-0-3-1-local-file-inclusion-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Jo\u00e3o Pedro Soares de Alc\u00e2ntara - Kinorth (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

7
2024/39xxx/CVE-2024-39536.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\n\nWhen a\u00a0BFD session configured with authentication flaps,\u00a0ppmd memory can leak. Whether the leak happens depends on a\u00a0race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.\n\n\n\nWhether the leak occurs can be monitored with the following CLI command:\n\n> show ppm request-queue\n\n\nFPC \u00a0 \u00a0 Pending-request\nfpc0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a02\nrequest-total-pending: 2\n\n\nwhere a continuously increasing number of pending requests is indicative of the leak.\u00a0\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n * All versions before 21.2R3-S8,\n * 21.4 versions before 21.4R3-S7,\n * 22.1 versions before 22.1R3-S4,\n * 22.2 versions before 22.2R3-S4,\u00a0\n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R2-S2, 22.4R3,\n * 23.1 versions before 23.1R2.\n\n\n\nJunos OS Evolved:\n * All versions before 21.2R3-S8-EVO,\n * 21.4-EVO versions before 21.4R3-S7-EVO,\n * 22.2-EVO versions before 22.2R3-S4-EVO,\n * 22.3-EVO versions before 22.3R3-EVO,\n * 22.4-EVO versions before 22.4R3-EVO,\n * 23.2-EVO versions before 23.2R1-EVO."
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\n\nWhen a\u00a0BFD session configured with authentication flaps,\u00a0ppmd memory can leak. Whether the leak happens depends on a\u00a0race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.\n\n\n\nWhether the leak occurs can be monitored with the following CLI command:\n\n> show ppm request-queue\n\n\nFPC \u00a0 \u00a0 Pending-request\nfpc0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a02\nrequest-total-pending: 2\n\n\nwhere a continuously increasing number of pending requests is indicative of the leak.\u00a0\n\n\n\n\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n * All versions before 21.2R3-S8,\n * 21.4 versions before 21.4R3-S7,\n * 22.1 versions before 22.1R3-S4,\n * 22.2 versions before 22.2R3-S4, \n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R2-S2, 22.4R3.\n\n\n\nJunos OS Evolved:\n * All versions before 21.2R3-S8-EVO,\n * 21.4-EVO versions before 21.4R3-S7-EVO,\n * 22.2-EVO versions before 22.2R3-S4-EVO,\n * 22.3-EVO versions before 22.3R3-EVO,\n * 22.4-EVO versions before 22.4R3-EVO."
}
]
},
@ -76,11 +76,6 @@
"version_affected": "<",
"version_name": "22.4",
"version_value": "22.4R2-S2, 22.4R3"
},
{
"version_affected": "<",
"version_name": "23.1",
"version_value": "23.1R2"
}
]
}

5
2024/39xxx/CVE-2024-39573.json
View File

@ -59,6 +59,11 @@
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240712-0001/"
}
]
},

5
2024/39xxx/CVE-2024-39884.json
View File

@ -57,6 +57,11 @@
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0002/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240712-0002/"
}
]
},

5
2024/39xxx/CVE-2024-39894.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20240703 Re: Announce: OpenSSH 9.8 released",
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/6"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20240712-0004/",
"url": "https://security.netapp.com/advisory/ntap-20240712-0004/"
}
]
}

81
2024/39xxx/CVE-2024-39903.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39903",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "widgetti",
"product": {
"product_data": [
{
"product_name": "solara",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.35.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/widgetti/solara/security/advisories/GHSA-9794-pc4r-438w",
"refsource": "MISC",
"name": "https://github.com/widgetti/solara/security/advisories/GHSA-9794-pc4r-438w"
},
{
"url": "https://github.com/widgetti/solara/commit/df2fd66a7f4e8ffd36e8678697a8a4f76760dc54",
"refsource": "MISC",
"name": "https://github.com/widgetti/solara/commit/df2fd66a7f4e8ffd36e8678697a8a4f76760dc54"
}
]
},
"source": {
"advisory": "GHSA-9794-pc4r-438w",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
]
}

86
2024/39xxx/CVE-2024-39909.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39909",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource `/api/applicationResources` via the following parameter `packageID`. As it can be seen in backend/pkg/database/id_view.go, while building the SQL Query the `fmt.Sprintf` function is used to build the query string without the input having first been subjected to any validation. This vulnerability is fixed in 2.23.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openclarity",
"product": {
"product_data": [
{
"product_name": "kubeclarity",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.23.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/openclarity/kubeclarity/security/advisories/GHSA-5248-h45p-9pgw",
"refsource": "MISC",
"name": "https://github.com/openclarity/kubeclarity/security/advisories/GHSA-5248-h45p-9pgw"
},
{
"url": "https://github.com/openclarity/kubeclarity/commit/1d1178840703a72d9082b7fc4aea0a3326c5d294",
"refsource": "MISC",
"name": "https://github.com/openclarity/kubeclarity/commit/1d1178840703a72d9082b7fc4aea0a3326c5d294"
},
{
"url": "https://github.com/openclarity/kubeclarity/blob/main/backend/pkg/database/id_view.go#L79",
"refsource": "MISC",
"name": "https://github.com/openclarity/kubeclarity/blob/main/backend/pkg/database/id_view.go#L79"
}
]
},
"source": {
"advisory": "GHSA-5248-h45p-9pgw",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

81
2024/39xxx/CVE-2024-39914.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39914",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FOGProject",
"product": {
"product_data": [
{
"product_name": "fogproject",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.5.10.34"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8j",
"refsource": "MISC",
"name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8j"
},
{
"url": "https://github.com/FOGProject/fogproject/commit/2413bc034753c32799785e9bf08164ccd0a2759f",
"refsource": "MISC",
"name": "https://github.com/FOGProject/fogproject/commit/2413bc034753c32799785e9bf08164ccd0a2759f"
}
]
},
"source": {
"advisory": "GHSA-7h44-6vq6-cq8j",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

5
2024/5xxx/CVE-2024-5535.json
View File

@ -124,6 +124,11 @@
"url": "http://www.openwall.com/lists/oss-security/2024/06/28/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/06/28/4"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0005/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240712-0005/"
}
]
},

5
2024/6xxx/CVE-2024-6409.json
View File

@ -169,6 +169,11 @@
"url": "https://github.com/openela-main/openssh/commit/c00da7741d42029e49047dd89e266d91dcfbffa0",
"refsource": "MISC",
"name": "https://github.com/openela-main/openssh/commit/c00da7741d42029e49047dd89e266d91dcfbffa0"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20240712-0003/"
}
]
},

18
2024/6xxx/CVE-2024-6714.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6714",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}