admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-02-13 08:00:33 +00:00
parent 35e3642f7c
commit fcfcd837cc
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 170 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2023/0xxx/CVE-2023-0125.json
View File

@ -80,6 +80,10 @@
"lang": "en",
"value": "SQU4NCH"
},
{
"lang": "en",
"value": "Leonardo Teodoro (VulDB User)"
},
{
"lang": "en",
"value": "Leonardo Teodoro (VulDB User)"

4
2023/1xxx/CVE-2023-1040.json
View File

@ -76,6 +76,10 @@
]
},
"credits": [
{
"lang": "en",
"value": "kdyhuiji (VulDB User)"
},
{
"lang": "en",
"value": "kdyhuiji (VulDB User)"

4
2023/1xxx/CVE-2023-1164.json
View File

@ -76,6 +76,10 @@
]
},
"credits": [
{
"lang": "en",
"value": "Set3r.Pan (VulDB User)"
},
{
"lang": "en",
"value": "Set3r.Pan (VulDB User)"

4
2023/1xxx/CVE-2023-1572.json
View File

@ -90,6 +90,10 @@
]
},
"credits": [
{
"lang": "en",
"value": "yangyanglo (VulDB User)"
},
{
"lang": "en",
"value": "yangyanglo (VulDB User)"

4
2023/3xxx/CVE-2023-3801.json
View File

@ -81,6 +81,10 @@
]
},
"credits": [
{
"lang": "en",
"value": "funnn7 (VulDB User)"
},
{
"lang": "en",
"value": "funnn7 (VulDB User)"

79
2024/22xxx/CVE-2024-22445.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22445",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@dell.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nDell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "PowerProtect Data Manager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "19.15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222025/dsa-2024-061-dell-power-protect-data-manager-update-for-multiple-security-vulnerabilities",
"refsource": "MISC",
"name": "https://www.dell.com/support/kbdoc/en-us/000222025/dsa-2024-061-dell-power-protect-data-manager-update-for-multiple-security-vulnerabilities"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

79
2024/22xxx/CVE-2024-22454.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22454",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@dell.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nDell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
"cweId": "CWE-640"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "PowerProtect Data Manager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "19.15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222025/dsa-2024-061-dell-power-protect-data-manager-update-for-multiple-security-vulnerabilities",
"refsource": "MISC",
"name": "https://www.dell.com/support/kbdoc/en-us/000222025/dsa-2024-061-dell-power-protect-data-manager-update-for-multiple-security-vulnerabilities"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}