admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-19 22:00:35 +00:00
parent 4864b21f97
commit fd555afed5
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
16 changed files with 874 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/5xxx/CVE-2023-5981.json
View File

@ -200,6 +200,11 @@
"url": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23",
"refsource": "MISC",
"name": "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
}
]
},

5
2024/0xxx/CVE-2024-0553.json
View File

@ -159,6 +159,11 @@
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html",
"refsource": "MISC",
"name": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
}
]
},

5
2024/0xxx/CVE-2024-0567.json
View File

@ -196,6 +196,11 @@
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html",
"refsource": "MISC",
"name": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
}
]
},

95
2024/0xxx/CVE-2024-0736.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0736",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251559."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in EFS Easy File Sharing FTP 3.6 entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Login. Dank der Manipulation des Arguments password mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service",
"cweId": "CWE-404"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "EFS",
"product": {
"product_data": [
{
"product_name": "Easy File Sharing FTP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.251559",
"refsource": "MISC",
"name": "https://vuldb.com/?id.251559"
},
{
"url": "https://vuldb.com/?ctiid.251559",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.251559"
},
{
"url": "https://0day.today/exploit/39249",
"refsource": "MISC",
"name": "https://0day.today/exploit/39249"
}
]
},
"credits": [
{
"lang": "en",
"value": "fernando.mengali (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
}
]
}

95
2024/0xxx/CVE-2024-0737.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0737",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560."
},
{
"lang": "deu",
"value": "In Xlightftpd Xlight FTP Server 1.1 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente Login. Dank Manipulation des Arguments user mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service",
"cweId": "CWE-404"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xlightftpd",
"product": {
"product_data": [
{
"product_name": "Xlight FTP Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.251560",
"refsource": "MISC",
"name": "https://vuldb.com/?id.251560"
},
{
"url": "https://vuldb.com/?ctiid.251560",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.251560"
},
{
"url": "https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html"
}
]
},
"credits": [
{
"lang": "en",
"value": "fernando.mengali (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
}
]
}

95
2024/0xxx/CVE-2024-0738.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0738",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in \u4e2a\u4eba\u5f00\u6e90 mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251561 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in \u4e2a\u4eba\u5f00\u6e90 mldong 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion ExpressionEngine der Datei com/mldong/modules/wf/engine/model/DecisionModel.java. Mit der Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "\u4e2a\u4eba\u5f00\u6e90",
"product": {
"product_data": [
{
"product_name": "mldong",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.251561",
"refsource": "MISC",
"name": "https://vuldb.com/?id.251561"
},
{
"url": "https://vuldb.com/?ctiid.251561",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.251561"
},
{
"url": "https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md",
"refsource": "MISC",
"name": "https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "biantaibao (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

175
2024/0xxx/CVE-2024-0739.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0739",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Hecheng Leadshop bis 1.4.20 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /web/leadshop.php. Durch die Manipulation des Arguments install mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hecheng",
"product": {
"product_data": [
{
"product_name": "Leadshop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4.0"
},
{
"version_affected": "=",
"version_value": "1.4.1"
},
{
"version_affected": "=",
"version_value": "1.4.2"
},
{
"version_affected": "=",
"version_value": "1.4.3"
},
{
"version_affected": "=",
"version_value": "1.4.4"
},
{
"version_affected": "=",
"version_value": "1.4.5"
},
{
"version_affected": "=",
"version_value": "1.4.6"
},
{
"version_affected": "=",
"version_value": "1.4.7"
},
{
"version_affected": "=",
"version_value": "1.4.8"
},
{
"version_affected": "=",
"version_value": "1.4.9"
},
{
"version_affected": "=",
"version_value": "1.4.10"
},
{
"version_affected": "=",
"version_value": "1.4.11"
},
{
"version_affected": "=",
"version_value": "1.4.12"
},
{
"version_affected": "=",
"version_value": "1.4.13"
},
{
"version_affected": "=",
"version_value": "1.4.14"
},
{
"version_affected": "=",
"version_value": "1.4.15"
},
{
"version_affected": "=",
"version_value": "1.4.16"
},
{
"version_affected": "=",
"version_value": "1.4.17"
},
{
"version_affected": "=",
"version_value": "1.4.18"
},
{
"version_affected": "=",
"version_value": "1.4.19"
},
{
"version_affected": "=",
"version_value": "1.4.20"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.251562",
"refsource": "MISC",
"name": "https://vuldb.com/?id.251562"
},
{
"url": "https://vuldb.com/?ctiid.251562",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.251562"
},
{
"url": "https://note.zhaoj.in/share/vLswXhWxUrs8",
"refsource": "MISC",
"name": "https://note.zhaoj.in/share/vLswXhWxUrs8"
}
]
},
"credits": [
{
"lang": "en",
"value": "glzjin (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

18
2024/0xxx/CVE-2024-0765.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0765",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/0xxx/CVE-2024-0766.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0766",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/0xxx/CVE-2024-0767.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0767",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/0xxx/CVE-2024-0768.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0768",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

75
2024/23xxx/CVE-2024-23685.json
View File

@ -1,18 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23685",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/folio-org/mod-remote-storage/security/advisories/GHSA-m8v7-469p-5x89",
"refsource": "MISC",
"name": "https://github.com/folio-org/mod-remote-storage/security/advisories/GHSA-m8v7-469p-5x89"
},
{
"url": "https://github.com/folio-org/mod-remote-storage/commit/57df495f76e9aa5be9ce7ce3a65f89b6dbcbc13b",
"refsource": "MISC",
"name": "https://github.com/folio-org/mod-remote-storage/commit/57df495f76e9aa5be9ce7ce3a65f89b6dbcbc13b"
},
{
"url": "https://wiki.folio.org/x/hbMMBw",
"refsource": "MISC",
"name": "https://wiki.folio.org/x/hbMMBw"
},
{
"url": "https://github.com/advisories/GHSA-m8v7-469p-5x89",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-m8v7-469p-5x89"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-m8v7-469p-5x89",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-m8v7-469p-5x89"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

66
2024/23xxx/CVE-2024-23686.json
View File

@ -1,18 +1,76 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23686",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5",
"refsource": "MISC",
"name": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5"
},
{
"url": "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

75
2024/23xxx/CVE-2024-23687.json
View File

@ -1,18 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23687",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/folio-org/mod-data-export-spring/security/advisories/GHSA-vf78-3q9f-92g3",
"refsource": "MISC",
"name": "https://github.com/folio-org/mod-data-export-spring/security/advisories/GHSA-vf78-3q9f-92g3"
},
{
"url": "https://github.com/folio-org/mod-data-export-spring/commit/93aff4566bff59e30f4121b5a2bda5b0b508a446",
"refsource": "MISC",
"name": "https://github.com/folio-org/mod-data-export-spring/commit/93aff4566bff59e30f4121b5a2bda5b0b508a446"
},
{
"url": "https://wiki.folio.org/x/hbMMBw",
"refsource": "MISC",
"name": "https://wiki.folio.org/x/hbMMBw"
},
{
"url": "https://github.com/advisories/GHSA-vf78-3q9f-92g3",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-vf78-3q9f-92g3"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-vf78-3q9f-92g3",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-vf78-3q9f-92g3"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

66
2024/23xxx/CVE-2024-23688.json
View File

@ -1,18 +1,76 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23688",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-323 Reusing a Nonce, Key Pair in Encryption",
"cweId": "CWE-323"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g",
"refsource": "MISC",
"name": "https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g"
},
{
"url": "https://github.com/advisories/GHSA-w3hj-wr2q-x83g",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-w3hj-wr2q-x83g"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

81
2024/23xxx/CVE-2024-23689.json
View File

@ -1,18 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23689",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@vulncheck.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Generation of Error Message Containing Sensitive Information",
"cweId": "CWE-209"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ClickHouse/clickhouse-java/security/advisories/GHSA-g8ph-74m6-8m7r",
"refsource": "MISC",
"name": "https://github.com/ClickHouse/clickhouse-java/security/advisories/GHSA-g8ph-74m6-8m7r"
},
{
"url": "https://github.com/ClickHouse/clickhouse-java/issues/1331",
"refsource": "MISC",
"name": "https://github.com/ClickHouse/clickhouse-java/issues/1331"
},
{
"url": "https://github.com/ClickHouse/clickhouse-java/pull/1334",
"refsource": "MISC",
"name": "https://github.com/ClickHouse/clickhouse-java/pull/1334"
},
{
"url": "https://github.com/ClickHouse/clickhouse-java/releases/tag/v0.4.6",
"refsource": "MISC",
"name": "https://github.com/ClickHouse/clickhouse-java/releases/tag/v0.4.6"
},
{
"url": "https://github.com/advisories/GHSA-g8ph-74m6-8m7r",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-g8ph-74m6-8m7r"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-g8ph-74m6-8m7r",
"refsource": "MISC",
"name": "https://vulncheck.com/advisories/vc-advisory-GHSA-g8ph-74m6-8m7r"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}