admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-06-06T20:00:18.742470+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-06-06 20:03:12 +00:00
parent 3eb6bc7815
commit 43692eb691
120 changed files with 6611 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
CVE-2014/CVE-2014-31xx/CVE-2014-3186.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-3186",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2014-09-28T10:55:10.347",
"lastModified": "2023-11-07T02:19:57.983",
"vulnStatus": "Modified",
"lastModified": "2024-06-06T19:46:07.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -55,7 +55,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -64,34 +63,64 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.16.3",
"matchCriteriaId": "8C427357-33C1-4CA4-826A-F3CDB451B4A6"
"versionStartIncluding": "2.6.35",
"versionEndExcluding": "3.2.63",
"matchCriteriaId": "6341E348-8E24-4DE8-8FB0-35C8D3B4A351"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CFFCDFC-AE4F-47EE-B1DA-05A6865D1745"
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3",
"versionEndExcluding": "3.4.104",
"matchCriteriaId": "95E0847B-5988-4925-98FF-29EEE803ECC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C610146-2E9B-43D3-A78F-26EDE1E918A3"
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5",
"versionEndExcluding": "3.10.56",
"matchCriteriaId": "E2191FD4-0CB4-4F8A-8726-76D49FEA4D47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5EC457D-AE94-4AD1-921E-6761BDA7465D"
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11",
"versionEndExcluding": "3.12.31",
"matchCriteriaId": "67AF3C65-8392-4F2B-9177-BFE7217D2A9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.13",
"versionEndExcluding": "3.14.20",
"matchCriteriaId": "77E5DE5F-B918-4793-8BD2-75145FAC7A19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.15",
"versionEndExcluding": "3.16.4",
"matchCriteriaId": "A0038C65-82B1-4326-9FA6-3468B58A40B5"
}
]
},
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:google:nexus_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12357E84-6FAE-4C6B-8FD3-BD5457DBBBCE"
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
}
]
}
@ -101,51 +130,91 @@
"references": [
{
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=844817e47eef14141cf59b8d5ac08dd11c0a9189",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2014/09/11/22",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.securityfocus.com/bid/69763",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2376-1",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2377-1",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2378-1",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2379-1",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141407",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://code.google.com/p/google-security-research/issues/detail?id=101",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/844817e47eef14141cf59b8d5ac08dd11c0a9189",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

248
CVE-2014/CVE-2014-81xx/CVE-2014-8159.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-8159",
"sourceIdentifier": "secalert@redhat.com",
"published": "2015-03-16T10:59:01.880",
"lastModified": "2023-02-13T00:43:57.493",
"vulnStatus": "Modified",
"lastModified": "2024-06-06T19:46:16.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -55,7 +55,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -64,19 +63,108 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.6.32",
"matchCriteriaId": "4367A8B9-ABB9-4E4E-9A2A-85719CBE8DAC"
"versionStartIncluding": "2.6.12",
"versionEndExcluding": "3.2.69",
"matchCriteriaId": "59AD75AB-CEEF-4174-9C29-F42B34885442"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3",
"versionEndExcluding": "3.4.108",
"matchCriteriaId": "365756B3-CAF4-4951-AA98-1E19EFD0F7FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5",
"versionEndExcluding": "3.10.75",
"matchCriteriaId": "69127211-1B30-46AE-8FC9-DFCF5C6F1F8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11",
"versionEndExcluding": "3.12.41",
"matchCriteriaId": "4FADE54E-049E-47F0-8D19-E0012B2A8624"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.13",
"versionEndExcluding": "3.14.39",
"matchCriteriaId": "4AF88328-A424-4404-B3C7-C2DDA7024B01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.15",
"versionEndExcluding": "3.16.35",
"matchCriteriaId": "7DC4BA70-B111-4D2E-BC78-6601CED68F08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17",
"versionEndExcluding": "3.18.13",
"matchCriteriaId": "0B68A785-5CD3-472A-B502-D4FE956407C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.19",
"versionEndExcluding": "3.19.5",
"matchCriteriaId": "83F620AF-F869-4A19-AFC7-D63849BED07A"
}
]
},
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
}
]
}
@ -86,111 +174,201 @@
"references": [
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-0674.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-0695.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-0726.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-0751.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-0782.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-0783.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-0803.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-0870.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-0919.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.debian.org/security/2015/dsa-3237",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/73060",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1032224",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2525-1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2526-1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2527-1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2528-1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2529-1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2530-1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-2561-1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181166",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

49
CVE-2019/CVE-2019-186xx/CVE-2019-18683.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-18683",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-11-04T16:15:11.327",
"lastModified": "2023-11-07T03:06:54.083",
"vulnStatus": "Modified",
"lastModified": "2024-06-06T19:13:34.997",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -89,8 +89,44 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.3.8",
"matchCriteriaId": "92BD7B3D-EB49-4A73-8E3D-321AE7F6C9AD"
"versionStartIncluding": "3.18",
"versionEndExcluding": "4.4.204",
"matchCriteriaId": "2342E0A5-8C6E-4EC6-8BC5-418E3F975B9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.9.204",
"matchCriteriaId": "ED947B00-B3CA-41BF-95D0-122D37F5B7BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.157",
"matchCriteriaId": "E4469430-6F48-41B8-AEDF-8B4E6E8AC03B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.87",
"matchCriteriaId": "67C4C528-B25B-4D52-8A88-5052932CEEDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.3.14",
"matchCriteriaId": "A13B4BB5-9419-4DE5-AA55-3BEBC16095D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4",
"versionEndExcluding": "5.4.1",
"matchCriteriaId": "C2217A93-CE4C-44EE-B62F-3697614E9F5E"
}
]
}
@ -395,7 +431,10 @@
},
{
"url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://seclists.org/bugtraq/2020/Jan/10",

2
CVE-2022/CVE-2022-408xx/CVE-2022-40827.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-40827",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-10-07T11:15:11.173",
"lastModified": "2024-05-17T21:15:07.163",
"lastModified": "2024-06-06T18:15:12.513",
"vulnStatus": "Modified",
"descriptions": [
{

2
CVE-2022/CVE-2022-408xx/CVE-2022-40828.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-40828",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-10-07T11:15:11.273",
"lastModified": "2024-05-17T21:15:07.247",
"lastModified": "2024-06-06T18:15:12.643",
"vulnStatus": "Modified",
"descriptions": [
{

82
CVE-2022/CVE-2022-470xx/CVE-2022-47015.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47015",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-20T19:15:17.443",
"lastModified": "2023-11-07T03:56:06.233",
"vulnStatus": "Modified",
"lastModified": "2024-06-06T19:45:52.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -60,9 +60,58 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.34",
"versionEndIncluding": "10.9.3",
"matchCriteriaId": "83460EC5-5B4F-4397-833E-E0BFF7A7D8AC"
"versionStartIncluding": "10.3.0",
"versionEndExcluding": "10.3.39",
"matchCriteriaId": "73B9E2B1-8409-466F-BB25-E170B8575FE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.4.0",
"versionEndExcluding": "10.4.29",
"matchCriteriaId": "74BDE25F-E554-4044-92A9-9754344BD1E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5.0",
"versionEndExcluding": "10.5.20",
"matchCriteriaId": "241EBBC7-DA8C-4AAF-9FA1-CEA109CBC302"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.6.0",
"versionEndExcluding": "10.6.13",
"matchCriteriaId": "C8DA6B06-28C2-4FD2-B17A-2082105E62B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.8.0",
"versionEndExcluding": "10.8.8",
"matchCriteriaId": "0452672D-238A-427F-8B97-DE1A422112AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.9.0",
"versionEndExcluding": "10.9.6",
"matchCriteriaId": "06CF2204-324A-48FE-B4C3-D8CE3F9D1B9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.10.0",
"versionEndExcluding": "10.10.4",
"matchCriteriaId": "658EEEF9-02F9-44A8-98C7-AE886697268D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.11.0",
"versionEndExcluding": "10.11.3",
"matchCriteriaId": "786AA9E0-3E06-42AD-A963-A5C0DA90F9C2"
}
]
}
@ -80,19 +129,34 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00005.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O22PO3Q6TRSNJI2A2WTJH3VVCHEKBF6C/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUQ33SPQCZQD63TWAM3XKFNVNFRGPFYU/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230309-0009/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-451xx/CVE-2023-45192.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45192",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-06T19:15:50.730",
"lastModified": "2024-06-06T19:15:50.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268758",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7156492",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2024/CVE-2024-05xx/CVE-2024-0520.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0520",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:51.187",
"lastModified": "2024-06-06T19:15:51.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://github.com/mlflow/mlflow/commit/400c226953b4568f4361bc0a0c223511652c2b9d",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/93e470d7-b6f0-409b-af63-49d3e2a26dbc",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-18xx/CVE-2024-1873.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1873",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:51.460",
"lastModified": "2024-06-06T19:15:51.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the `DiscussionsDB` instance. This flaw enables attackers to create directories anywhere on the system where the application has permissions, potentially leading to denial of service by creating directories with names of critical files, such as HTTPS certificate files, causing server startup failures. Additionally, attackers can manipulate the database path, resulting in the loss of client data by constantly changing the file location to an attacker-controlled location, scattering the data across the filesystem and making recovery difficult."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-749"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/c1cfc0d9-517a-4d0e-bf1c-6444c1fd195d",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-18xx/CVE-2024-1879.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1879",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:12.827",
"lastModified": "2024-06-06T18:15:12.827",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a user running AutoGPT in their local network to a malicious website. This site can then send crafted requests to the AutoGPT server, leading to command execution. The issue is exacerbated by CORS being enabled for arbitrary origins by default, allowing the attacker to read the response of all cross-site queries. This vulnerability was addressed in version 5.1."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/125c2d0c-0481-4e5c-ae90-fec263acdf32",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-18xx/CVE-2024-1880.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1880",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:51.703",
"lastModified": "2024-06-06T19:15:51.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the `_speech` method of the MacOSTTS class. Specifically, the use of `os.system` to execute the `say` command with user-supplied text allows for arbitrary code execution if an attacker can inject shell commands. This issue is triggered when the AutoGPT instance is run with the `--speak` option enabled and configured with `TEXT_TO_SPEECH_PROVIDER=macos`, reflecting back a shell injection snippet. The impact of this vulnerability is the potential execution of arbitrary code on the instance running AutoGPT. The issue was addressed in version 5.1.0."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/4e742624-8771-4f3c-9634-3eaf33d6d58e",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-18xx/CVE-2024-1881.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1881",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:51.920",
"lastModified": "2024-06-06T19:15:51.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the intended restrictions by crafting commands that are executed despite not being on the allowlist or by including malicious commands not present in the denylist. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/significant-gravitas/autogpt/commit/26324f29849967fa72c207da929af612f1740669",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-20xx/CVE-2024-2032.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2032",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:53.060",
"lastModified": "2024-06-06T19:15:53.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.5,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-366"
}
]
}
],
"references": [
{
"url": "https://github.com/zenml-io/zenml/commit/afcaf741ef9114c9b32f722f101b97de3d8d147b",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/6199cd5d-611f-4ea9-96c5-52a952ba5a56",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-20xx/CVE-2024-2035.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2035",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:53.313",
"lastModified": "2024-06-06T19:15:53.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user accounts to false, effectively deactivating them. This issue affects version 0.55.3 and was fixed in version 0.56.2. The impact of this vulnerability is significant as it allows for the deactivation of admin accounts, potentially disrupting the functionality and security of the application."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1220"
}
]
}
],
"references": [
{
"url": "https://github.com/zenml-io/zenml/commit/b95f083efffa56831cd41d8ed536aeb0b6038fa3",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/1cfc6493-082e-4229-9f2f-496801a6557c",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-21xx/CVE-2024-2171.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2171",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:53.647",
"lastModified": "2024-06-06T19:15:53.647",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.7,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-223xx/CVE-2024-22326.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-22326",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-06-06T19:15:52.137",
"lastModified": "2024-06-06T19:15:52.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. \u00a0 IBM X-Force ID: 279518."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279518",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7156621",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2024/CVE-2024-22xx/CVE-2024-2213.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2213",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:53.890",
"lastModified": "2024-06-06T19:15:53.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-22xx/CVE-2024-2288.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2288",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:54.137",
"lastModified": "2024-06-06T19:15:54.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without their consent, potentially leading to a denial of service by overloading the filesystem with files. Additionally, this flaw can be exploited to perform a stored cross-site scripting (XSS) attack, enabling attackers to execute arbitrary JavaScript in the context of the victim's browser session. The issue is resolved in version 9.3."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/parisneo/lollms-webui/commit/ed085e6effab2b1e25ba2b00366a16ff67d8551b",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/2a37ae0c-890a-401a-8f3c-a261f3006290",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-237xx/CVE-2024-23793.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23793",
"sourceIdentifier": "security@otrs.com",
"published": "2024-06-06T19:15:52.373",
"lastModified": "2024-06-06T19:15:52.373",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl scripts.\nThis issue affects OTRS: from 7.0.X through 7.0.49, 8.0.X, 2023.X, from 2024.X through 2024.3.2; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@otrs.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@otrs.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-05/",
"source": "security@otrs.com"
}
]
}

55
CVE-2024/CVE-2024-23xx/CVE-2024-2359.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-2359",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:54.353",
"lastModified": "2024-06-06T19:15:54.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the `/execute_code` endpoint, which is intended to be blocked from external access by default. However, attackers can exploit the `/update_setting` endpoint, which lacks proper access control, to modify the `host` configuration at runtime. By changing the `host` setting to an attacker-controlled value, the restriction on the `/execute_code` endpoint can be bypassed, leading to remote code execution. This vulnerability is due to improper neutralization of special elements used in an OS command (`Improper Neutralization of Special Elements used in an OS Command`)."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/62144831-8d4b-4cf2-9737-5e559f7bc67e",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-23xx/CVE-2024-2360.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-2360",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:54.570",
"lastModified": "2024-06-06T19:15:54.570",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute arbitrary code on the targeted server. The issue affects the latest version of the software. The vulnerability stems from the application's handling of the 'discussion_db_name' and 'pdf_latex_path' parameters, which do not properly validate file paths, allowing for directory traversal. This vulnerability can also lead to further file exposure and other attack vectors by manipulating the 'discussion_db_name' parameter."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-29"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/65d0ef59-a761-4bbd-86fa-dd8e8621082e",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-23xx/CVE-2024-2362.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-2362",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:54.767",
"lastModified": "2024-06-06T19:15:54.767",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of adequate sanitization of user-supplied input in the 'del_preset' endpoint, where the application fails to prevent the use of absolute paths or directory traversal sequences ('..'). As a result, an attacker can send a specially crafted request to the 'del_preset' endpoint to delete files outside of the intended directory."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-36"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/2433d0a4-9ba0-474b-be1a-6fd5019770ba",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-23xx/CVE-2024-2383.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2383",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:54.970",
"lastModified": "2024-06-06T19:15:54.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"references": [
{
"url": "https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-25xx/CVE-2024-2548.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2548",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:55.217",
"lastModified": "2024-06-06T19:15:55.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/security.py` files. Due to inadequate validation of file paths between Windows and Linux environments using `Path(path).is_absolute()`, attackers can exploit this flaw to read any file on the system. This issue affects the latest version of LoLLMs running on the Windows platform. The vulnerability is triggered when an attacker sends a specially crafted request to the `/user_infos/{path:path}` endpoint, allowing the reading of arbitrary files, as demonstrated with the `win.ini` file. The issue has been addressed in version 9.5 of the software."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-36"
}
]
}
],
"references": [
{
"url": "https://github.com/parisneo/lollms-webui/commit/49b0332e98d42dd5204dda53dee410b160106265",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/65979513-db0d-46fd-9977-fcd73bcd8a41",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-26xx/CVE-2024-2624.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2624",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:55.437",
"lastModified": "2024-06-06T19:15:55.437",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get(\"/switch_personal_path\")` endpoint in `./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py`. The vulnerability arises due to insufficient sanitization of user-supplied input for the `path` parameter, allowing an attacker to specify arbitrary file system paths. This flaw enables direct arbitrary file uploads, leakage of `personal_data`, and overwriting of configurations in `lollms-webui`->`configs` by exploiting the same named directory in `personal_data`. The issue affects the latest version of the application and is fixed in version 9.4. Successful exploitation could lead to sensitive information disclosure, unauthorized file uploads, and potentially remote code execution by overwriting critical configuration files."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-29"
}
]
}
],
"references": [
{
"url": "https://github.com/parisneo/lollms-webui/commit/aeba79f3ea934331b8ecd625a58bae6e4f7e7d3f",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/39e17897-0e92-4473-91c7-f728322191aa",
"source": "security@huntr.dev"
}
]
}

136
CVE-2024/CVE-2024-273xx/CVE-2024-27316.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27316",
"sourceIdentifier": "security@apache.org",
"published": "2024-04-04T20:15:08.720",
"lastModified": "2024-05-01T18:15:16.023",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-06T19:29:53.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,44 @@
"value": "Los encabezados entrantes HTTP/2 que exceden el l\u00edmite se almacenan temporalmente en nghttp2 para generar una respuesta HTTP 413 informativa. Si un cliente no deja de enviar encabezados, esto provoca que se agote la memoria."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -27,34 +60,115 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.4.17",
"versionEndExcluding": "2.4.59",
"matchCriteriaId": "8379D2C9-34C1-40CC-A470-2436ED70EEBC"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*",
"matchCriteriaId": "A20333EE-4C13-426E-8B54-D78679D5DDB8"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/04/4",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Product",
"Release Notes"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QKKDVFWBKIHCC3WXNH3W75WWY4NW42OB/",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240415-0013/",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-289xx/CVE-2024-28999.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2024-28999",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-06-04T15:15:45.247",
"lastModified": "2024-06-04T16:57:41.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-06T19:06:50.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console. "
},
{
"lang": "es",
"value": "Se determin\u00f3 que la plataforma SolarWinds estaba afectada por una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n que afectaba a la consola web."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@solarwinds.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.2",
"matchCriteriaId": "5C90C89E-063A-4538-B56D-CDDA6146CEA1"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28999",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-290xx/CVE-2024-29004.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2024-29004",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-06-04T15:15:45.527",
"lastModified": "2024-06-04T16:57:41.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-06T19:05:52.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. "
},
{
"lang": "es",
"value": "Se determin\u00f3 que la plataforma SolarWinds estaba afectada por una vulnerabilidad de cross-site scripting almacenado que afectaba a la consola web. Se requiere un usuario con altos privilegios y la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@solarwinds.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024.2",
"matchCriteriaId": "5C90C89E-063A-4538-B56D-CDDA6146CEA1"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-2_release_notes.htm",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29004",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-29xx/CVE-2024-2914.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2914",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:13.227",
"lastModified": "2024-06-06T18:15:13.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to remote code execution, privilege escalation, data theft or manipulation, and denial of service. The vulnerability is due to improper validation of file paths during the extraction of tar files, as demonstrated in multiple occurrences within the library's codebase, including but not limited to the files_util.py and extract_imagenet.py scripts."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-29"
}
]
}
],
"references": [
{
"url": "https://github.com/deepjavalibrary/djl/commit/5235be508cec9e8cb6f496a4ed2fa40e4f62c370",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/b064bd2f-bf6e-4fc0-898e-7d02a9b97e24",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-29xx/CVE-2024-2928.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2928",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:55.680",
"lastModified": "2024-06-06T19:15:55.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-29"
}
]
}
],
"references": [
{
"url": "https://github.com/mlflow/mlflow/commit/96f0b573a73d8eedd6735a2ce26e08859527be07",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/19bf02d7-6393-4a95-b9d0-d6d4d2d8c298",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-29xx/CVE-2024-2965.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-2965",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:55.897",
"lastModified": "2024-06-06T19:15:55.897",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-303xx/CVE-2024-30368.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-30368",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:13.443",
"lastModified": "2024-06-06T18:15:13.443",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the CsrRequestView class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of a10user. Was ZDI-CAN-22517."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369",
"source": "zdi-disclosures@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-524/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

59
CVE-2024/CVE-2024-303xx/CVE-2024-30369.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-30369",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:13.720",
"lastModified": "2024-06-06T18:15:13.720",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://support.a10networks.com/support/security_advisory/cve-2024-30368-cve-2024-30369",
"source": "zdi-disclosures@trendmicro.com"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-525/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-303xx/CVE-2024-30373.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-30373",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T19:15:56.167",
"lastModified": "2024-06-06T19:15:56.167",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kofax Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JPF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22092."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-557/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-303xx/CVE-2024-30374.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-30374",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:13.953",
"lastModified": "2024-06-06T18:15:13.953",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22449."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-566/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-303xx/CVE-2024-30375.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-30375",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:14.153",
"lastModified": "2024-06-06T18:15:14.153",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22515."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-565/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

65
CVE-2024/CVE-2024-308xx/CVE-2024-30889.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30889",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-04T22:15:10.243",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-06T19:09:09.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Vulnerabilidad de cross-site scripting en audimex audimexEE v.15.1.2 y corregida en 15.1.3.9 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de los par\u00e1metros servicio, m\u00e9todo, widget_type, request_id y payload."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:web-audimex:audimexee:15.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93E73FB1-3601-4EED-81F6-3BBBC6BB23C5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/robymontyz/pocs/blob/main/AudimexEE/ReflectedXSS.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-30xx/CVE-2024-3033.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3033",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:17.040",
"lastModified": "2024-06-06T18:15:17.040",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specific namespaces, without requiring any authorization or permissions. The issue affects all versions up to and including the latest version, with a fix introduced in version 1.0.0. Exploitation of this vulnerability can lead to complete data loss of document embeddings across all workspaces, rendering workspace chats and embeddable chat widgets non-functional. Additionally, attackers can list all namespaces, potentially exposing private workspace names."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/bf8df60c02b9ddc7ba682809ca12c5637606393a",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/8a98a0b4-7886-41c5-8624-fc5c21972e5a",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-30xx/CVE-2024-3095.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-3095",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:59.160",
"lastModified": "2024-06-06T19:15:59.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This flaw enables attackers to execute port scans, access local services, and in some scenarios, read instance metadata from cloud environments. The vulnerability is particularly concerning as it can be exploited to abuse the Web Explorer server as a proxy for web attacks on third parties and interact with servers in the local network, including reading their response data. This could potentially lead to arbitrary code execution, depending on the nature of the local services. The vulnerability is limited to GET requests, as POST requests are not possible, but the impact on confidentiality, integrity, and availability is significant due to the potential for stolen credentials and state-changing interactions with internal APIs."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.4,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-30xx/CVE-2024-3099.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-3099",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:59.393",
"lastModified": "2024-06-06T19:15:59.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-475"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/8d96374a-ce8d-480e-9cb0-0a7e5165c24a",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-31xx/CVE-2024-3102.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3102",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:59.667",
"lastModified": "2024-06-06T19:15:59.667",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks without prior knowledge of the username. Once the password is known, attackers can conduct blind attacks to ascertain the full username, significantly compromising system security."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-229"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/2374939ffb551ab2929d7f9d5827fe6597fa8caa",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/8af4650d-5955-44a4-86b4-d08e1c862b49",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-31xx/CVE-2024-3104.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3104",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:17.260",
"lastModified": "2024-06-06T18:15:17.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the `POST /api/system/update-env` endpoint, which allows for the execution of arbitrary code on the host running anything-llm. The vulnerability is present in the latest version of anything-llm, with the latest commit identified as fde905aac1812b84066ff72e5f2f90b56d4c3a59. This issue has been fixed in version 1.0.0. Successful exploitation could lead to code execution on the host, enabling attackers to read and modify data accessible to the user running the service, potentially leading to a denial of service. "
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/bfedfebfab032e6f4d5a369c8a2f947c5d0c5286",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/4f2fcb45-5828-4bec-985a-9d3a0ee00462",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-31xx/CVE-2024-3110.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3110",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:59.900",
"lastModified": "2024-06-06T19:15:59.900",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them into the application UI as external links with custom icons. Specifically, the application does not prevent the inclusion of 'javascript:' protocol payloads in URLs, which can be exploited by a user with manager role to execute arbitrary JavaScript code in the context of another user's session. This flaw can be leveraged to steal the admin's authorization token by crafting malicious URLs that, when clicked by the admin, send the token to an attacker-controlled server. The attacker can then use this token to perform unauthorized actions, escalate privileges to admin, or directly take over the admin account. The vulnerability is triggered when the malicious link is opened in a new tab using either the CTRL + left mouse button click or the mouse scroll wheel click, or in some non-updated versions of modern browsers, by directly clicking on the link."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/49f30e051c9f6e28977d57d0e5f49c1294094e41",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/c2895978-364d-412d-8825-c806606bcb85",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-31xx/CVE-2024-3149.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3149",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:00.130",
"lastModified": "2024-06-06T19:16:00.130",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by hosting a malicious website and using it to perform actions such as internal port scanning, accessing internal web applications not exposed externally, and interacting with the Collector API. This interaction can lead to unauthorized actions such as arbitrary file deletion and limited Local File Inclusion (LFI), including accessing NGINX access logs which may contain sensitive information."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/f4088d9348fa86dcebe9f97a18d39c0a6e92f15e",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/b230d76b-ae2d-440e-a25b-94ffaa7c4ff1",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-31xx/CVE-2024-3150.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3150",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:00.350",
"lastModified": "2024-06-06T19:16:00.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint `/workspace/:slug/thread/:threadSlug/update`. Specifically, the application fails to validate or check user input before passing it to the `workspace_thread` Prisma model for execution. This oversight allows attackers to craft a Prisma relation query operation that manipulates the `users` model to change a user's role to admin. Successful exploitation grants attackers the highest level of user privileges, enabling them to see and perform all actions within the system."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/200bd7f0615347ed2efc07903d510e5a208b0afc",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/745f5c80-14ea-4055-9f15-a066ae93e5a3",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-31xx/CVE-2024-3152.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3152",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:17.490",
"lastModified": "2024-06-06T18:15:17.490",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform Server-Side Request Forgery (SSRF) attacks. The vulnerabilities are present in the `/request-token`, `/workspace/:slug/thread/:threadSlug/update`, `/system/remove-logo`, `/system/logo`, and collector's `/process` endpoints. These issues are due to the application's failure to properly validate user input before passing it to `prisma` functions and other critical operations. Affected versions include the latest version prior to 1.0.0."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/200bd7f0615347ed2efc07903d510e5a208b0afc",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/46034fa0-d623-49f8-8ee8-390390181373",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-31xx/CVE-2024-3153.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3153",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:00.600",
"lastModified": "2024-06-06T19:16:00.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/b8d37d9f43af2facab4c51146a46229a58cb53d9",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/7bb08e7b-fd99-411e-99bc-07f81f474635",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-31xx/CVE-2024-3166.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3166",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:00.817",
"lastModified": "2024-06-06T19:16:00.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces, which can be exploited to execute arbitrary JavaScript code. In the desktop application, this flaw can be escalated to Remote Code Execution (RCE) due to insecure application settings, specifically the enabling of 'nodeIntegration' and the disabling of 'contextIsolation' in Electron's webPreferences. The issue has been addressed in version 1.4.2 of the desktop application."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/fa27103d032c58904c49b92ee13fabc19a20a5ce",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/af288bd3-8824-4216-a294-ae9fb444e5db",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-328xx/CVE-2024-32873.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-32873",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-06T19:15:56.390",
"lastModified": "2024-06-06T19:15:56.390",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to anticipate the release of unvested tokens. This vulnerability is fixed in 18.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-682"
}
]
}
],
"references": [
{
"url": "https://github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-32xx/CVE-2024-3234.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3234",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.040",
"lastModified": "2024-06-06T19:16:01.040",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/6b8f7db347b390f6f8bd07ea2a4ef01a47382f00",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/277e3ff0-5878-4809-a4b9-73cdbb70dc9f",
"source": "security@huntr.dev"
}
]
}

2
CVE-2024/CVE-2024-339xx/CVE-2024-33900.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33900",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-20T21:15:09.177",
"lastModified": "2024-05-21T17:15:08.997",
"lastModified": "2024-06-06T18:15:16.170",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

59
CVE-2024/CVE-2024-33xx/CVE-2024-3322.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3322",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.247",
"lastModified": "2024-06-06T19:16:01.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'process_folder' function within 'lollms-webui/zoos/personalities_zoo/cyber_security/codeguard/scripts/processor.py'. Specifically, the function fails to properly sanitize user-supplied input for the 'code_folder_path', allowing an attacker to specify arbitrary paths using '../' or absolute paths. This flaw leads to arbitrary file read and overwrite capabilities in specified directories without limitations, posing a significant risk of sensitive information disclosure and unauthorized file manipulation."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/parisneo/lollms-webui/commit/1e17df01e01d4d33599db2afaafe91d90b6f0189",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/e0822362-033a-4a71-b1dc-d803f03bd427",
"source": "security@huntr.dev"
}
]
}

63
CVE-2024/CVE-2024-33xx/CVE-2024-3378.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3378",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-06T13:15:12.473",
"lastModified": "2024-05-17T02:39:53.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-06-06T19:43:40.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,22 +95,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iboss:secure_web_gateway:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.0.160",
"matchCriteriaId": "FF170813-35CE-4628-A0F0-2D23AA2CF568"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/modrnProph3t/CVE/blob/main/CVE-2024-3378.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.259501",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.259501",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.310642",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-34xx/CVE-2024-3402.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-3402",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.450",
"lastModified": "2024-06-06T19:16:01.450",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, allowing for the injection and execution of malicious JavaScript code within the context of a user's browser. This vulnerability can lead to the execution of arbitrary JavaScript code in the context of other users' browsers, potentially resulting in the hijacking of victims' browsers."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/389570c4-0bf2-4bc3-84f5-2e7afdba8ed1",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-34xx/CVE-2024-3404.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-3404",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.673",
"lastModified": "2024-06-06T19:16:01.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the `history` path, where no adequate mechanism is in place to prevent an authenticated user from accessing another user's chat history files. This issue poses a significant risk as it could allow attackers to obtain sensitive information from the chat history of other users."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-34xx/CVE-2024-3408.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-3408",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:01.890",
"lastModified": "2024-06-06T19:16:01.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/57a06666-ff85-4577-af19-f3dfb7b02f91",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-34xx/CVE-2024-3429.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3429",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:02.103",
"lastModified": "2024-06-06T19:16:02.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\\lollms\\security.py`. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises due to insufficient sanitization of user-supplied input, enabling attackers to bypass the path traversal protection mechanisms by crafting malicious input. Successful exploitation could lead to unauthorized access to sensitive files, information disclosure, and potentially a denial of service (DoS) condition by including numerous large or resource-intensive files. This vulnerability affects the latest version prior to 9.6."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-29"
}
]
}
],
"references": [
{
"url": "https://github.com/parisneo/lollms/commit/f4424cfc3d6dfb3ad5ac17dd46801efe784933e9",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/fd8f50c8-17f0-40be-a2c6-bb8d80f7c409",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-35xx/CVE-2024-3504.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3504",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:17.980",
"lastModified": "2024-06-06T18:15:17.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, where an admin can update any organization user to the organization owner. This vulnerability allows the elevated user to delete projects within the organization. The issue is resolved in version 1.2.7."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/f7507f0949f6634f725ebb8da37c44f76542901f",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/97958fe4-be21-4b63-966f-8337c72c8e28",
"source": "security@huntr.dev"
}
]
}

20
CVE-2024/CVE-2024-367xx/CVE-2024-36730.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36730",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T19:15:57.840",
"lastModified": "2024-06-06T19:15:57.840",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Redmept1on/1c530e191fb3c76f034c2ea1d11eb821",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-367xx/CVE-2024-36732.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36732",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T19:15:57.937",
"lastModified": "2024-06-06T19:15:57.937",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Redmept1on/3feef7639b2bc7891d0cfda6d932adfd",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-367xx/CVE-2024-36734.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36734",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T19:15:58.030",
"lastModified": "2024-06-06T19:15:58.030",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Redmept1on/7420cd59f30defda07cf7bb4bf4a92cd",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-367xx/CVE-2024-36735.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36735",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T19:15:58.117",
"lastModified": "2024-06-06T19:15:58.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is floating."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Redmept1on/4998e9b6435448cea07a8b2dbf96eedc",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-367xx/CVE-2024-36736.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36736",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T18:15:16.560",
"lastModified": "2024-06-06T18:15:16.560",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Redmept1on/6de04fb6c7af6956973fe2765c4d4576",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-367xx/CVE-2024-36737.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36737",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T18:15:16.643",
"lastModified": "2024-06-06T18:15:16.643",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Redmept1on/3a77cc722f82b57f99ccbe835aacf27d",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-367xx/CVE-2024-36740.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36740",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T19:15:58.217",
"lastModified": "2024-06-06T19:15:58.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Redmept1on/070f5b8b752079c6b761f00f3cab7103",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-367xx/CVE-2024-36743.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36743",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T18:15:16.723",
"lastModified": "2024-06-06T18:15:16.723",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Redmept1on/64aa53d37e99975725a7d3e2dc9d9761",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-367xx/CVE-2024-36745.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36745",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T18:15:16.807",
"lastModified": "2024-06-06T18:15:16.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Redmept1on/42caad5576101cdd93deb6470d979952",
"source": "cve@mitre.org"
}
]
}

59
CVE-2024/CVE-2024-371xx/CVE-2024-37153.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-37153",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-06T19:15:58.403",
"lastModified": "2024-06-06T19:15:58.403",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that is using the contract address as the sender parameter in an ICS20 transfer using the ICS20 precompile. This is in essence the \"infinite money glitch\" allowing contracts to double the supply of Evmos after each transaction.The issue has been patched in versions >=V18.1.0. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-670"
}
]
}
],
"references": [
{
"url": "https://github.com/evmos/evmos/commit/478b7a62e7af57a70cf3a01126c7f5a89bee69d7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/evmos/evmos/security/advisories/GHSA-xgr7-jgq3-mhmc",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-371xx/CVE-2024-37154.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-37154",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-06T19:15:58.683",
"lastModified": "2024-06-06T19:15:58.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via `ClawbackVestingAccount`. This affects 18.1.0 and earlier."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://github.com/evmos/evmos/security/advisories/GHSA-7hrh-v6wp-53vw",
"source": "security-advisories@github.com"
}
]
}

47
CVE-2024/CVE-2024-373xx/CVE-2024-37364.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-37364",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T19:15:58.900",
"lastModified": "2024-06-06T19:15:58.900",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Ariane Allegro Scenario Player through 2024-03-05, when Ariane Duo kiosk mode is used, allows physically proximate attackers to obtain sensitive information (such as hotel invoice content with PII), and potentially create unauthorized room keys, by entering a guest-search quote character and then accessing the underlying Windows OS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://news.ycombinator.com/item?id=40582475",
"source": "cve@mitre.org"
},
{
"url": "https://www.pentagrid.ch/en/blog/ariane-allegro-hotel-check-in-terminal-kios-escape/",
"source": "cve@mitre.org"
}
]
}

55
CVE-2024/CVE-2024-43xx/CVE-2024-4320.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-4320",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:02.453",
"lastModified": "2024-06-06T19:16:02.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post(\"/install_extension\")` route handler. The vulnerability arises due to improper handling of the `name` parameter in the `ExtensionBuilder().build_extension()` method, which allows for local file inclusion (LFI) leading to arbitrary code execution. An attacker can exploit this vulnerability by crafting a malicious `name` parameter that causes the server to load and execute a `__init__.py` file from an arbitrary location, such as the upload directory for discussions. This vulnerability affects the latest version of parisneo/lollms-webui and can lead to remote code execution without requiring user interaction, especially when the application is exposed to an external endpoint or operated in headless mode."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-29"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/d6564f04-0f59-4686-beb2-11659342279b",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-43xx/CVE-2024-4325.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-4325",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:18.300",
"lastModified": "2024-06-06T18:15:18.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join` endpoint and the `save_url_to_cache` function. The vulnerability arises when the `path` value, obtained from the user and expected to be a URL, is used to make an HTTP request without sufficient validation checks. This flaw allows an attacker to send crafted requests that could lead to unauthorized access to the local network or the AWS metadata endpoint, thereby compromising the security of internal servers."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/b34f084b-7d14-4f00-bc10-048a3a5aaf88",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-48xx/CVE-2024-4851.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-4851",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:02.800",
"lastModified": "2024-06-06T19:16:02.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs, thereby facilitating SSRF attacks. The affected code is located in the backend/routes/crawl_routes.py file, specifically within the crawl_endpoint function. This issue could allow attackers to interact with internal services that are accessible from the server hosting the application."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/b6011986-954a-47da-a60c-fc7aebc8005d",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-48xx/CVE-2024-4881.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-4881",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:03.063",
"lastModified": "2024-06-06T19:16:03.063",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system. Specifically, the application fails to adequately sanitize file paths containing backslashes (`\\`), which can be exploited to access the root directory and read, or even delete, sensitive files. This issue was discovered in the context of the `/user_infos` endpoint, where a crafted request using backslashes to reference a file (e.g., `\\windows\\win.ini`) could result in unauthorized file access. The impact of this vulnerability includes the potential for attackers to access sensitive information such as environment variables, database files, and configuration files, which could lead to further compromise of the system."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-36"
}
]
}
],
"references": [
{
"url": "https://github.com/parisneo/lollms/commit/95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/94f7f901-80b0-4cf5-b545-ac5c1e7635e9",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-48xx/CVE-2024-4888.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-4888",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:03.397",
"lastModified": "2024-06-06T19:16:03.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes the specified file without proper authorization or validation. This vulnerability is present in the code where `os.remove(file.filename)` is used to delete a file, allowing any user to delete critical files on the server such as SSH keys, SQLite databases, or configuration files. "
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/48461d89-cf13-4ad3-a43e-0d37da08fc6c",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-48xx/CVE-2024-4889.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-4889",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:18.577",
"lastModified": "2024-06-06T18:15:18.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-48xx/CVE-2024-4890.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-4890",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:03.630",
"lastModified": "2024-06-06T19:16:03.630",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability by injecting malicious SQL commands through the 'user_id' parameter, leading to potential unauthorized access to sensitive information such as API keys, user information, and tokens stored in the database. The affected version is 1.27.14."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-49xx/CVE-2024-4941.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-4941",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:18.783",
"lastModified": "2024-06-06T18:15:18.783",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the `postprocess()` function within `gradio/components/json_component.py`, where a user-controlled string is parsed as JSON. If the parsed JSON object contains a `path` key, the specified file is moved to a temporary directory, making it possible to retrieve it later via the `/file=..` endpoint. This issue is due to the `processing_utils.move_files_to_cache()` function traversing any object passed to it, looking for a dictionary with a `path` key, and then copying the specified file to a temporary directory. The vulnerability can be exploited by an attacker to read files on the remote system, posing a significant security risk."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/gradio-app/gradio/commit/ee1e2942e0a1ae84a08a05464e41c8108a03fa9c",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/39889ce1-298d-4568-aecd-7ae40c2ca58e",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-51xx/CVE-2024-5124.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5124",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:03.863",
"lastModified": "2024-06-06T19:16:03.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character's comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive information to an unauthorized actor. An attacker exploiting this vulnerability could potentially guess user passwords, compromising the security of the system."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/e85ec077-930a-4597-975f-9341d2805641",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-51xx/CVE-2024-5126.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-5126",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:04.090",
"lastModified": "2024-06-06T19:16:04.090",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability exists in the lunary-ai/lunary repository, specifically within the versions.patch functionality for updating prompts. Affected versions include 1.2.2 up to but not including 1.2.25. The vulnerability allows unauthorized users to update prompt details due to insufficient access control checks. This issue was addressed and fixed in version 1.2.25."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/b7bd3a830a0f47ba07d0fd57bf78c4dd8a216297",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/8e7e1267-ea6c-4789-b9dc-3410dfac6ec6",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-51xx/CVE-2024-5127.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-5127",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:19.000",
"lastModified": "2024-06-06T18:15:19.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of roles and permissions, enabling unauthorized users to join a project and potentially exploit roles and permissions not intended for their use. The vulnerability specifically affects the Team feature, where the backend fails to validate whether a user has paid for a plan before allowing them to send invite links with any role assigned. This could lead to unauthorized access and manipulation of project settings or data."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/b7bd3a830a0f47ba07d0fd57bf78c4dd8a216297",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/719a5db3-f943-4100-a660-011cadf1bb32",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-51xx/CVE-2024-5128.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-5128",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:04.323",
"lastModified": "2024-06-06T19:16:04.323",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variation within any dataset or project. The issue stems from improper access control checks in the dataset management endpoints, where direct references to object IDs are not adequately secured against unauthorized access. This vulnerability was fixed in version 1.2.25."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/0755dde1afc2a74ec23b55eee03e4416916cf48f",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/11248071-11b2-42d9-991a-504bf2044332",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-51xx/CVE-2024-5129.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-5129",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:04.583",
"lastModified": "2024-06-06T19:16:04.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset deletion functionality, where the application fails to verify if the user requesting the deletion has the appropriate permissions. This allows unauthorized users to send a DELETE request to the server and delete any dataset by specifying its ID. The issue is located in the datasets.delete function within the datasets index file."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/14078c1d2b8766075bf655f187ece24c7a787776",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/a6c0deb3-6a4c-4188-8aaa-9e6207f82f44",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-51xx/CVE-2024-5130.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-5130",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:04.813",
"lastModified": "2024-06-06T19:16:04.813",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, which allows unauthenticated users to delete any dataset. The vulnerability is due to the lack of proper authorization checks in the dataset deletion endpoint. Specifically, the endpoint does not verify if the provided project ID belongs to the current user, thereby allowing any dataset to be deleted without proper authentication. This issue was fixed in version 1.2.8."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/14078c1d2b8766075bf655f187ece24c7a787776",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/e81a9871-308d-4628-9726-af66643a16fe",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-51xx/CVE-2024-5131.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-5131",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:05.060",
"lastModified": "2024-06-06T19:16:05.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in any projects by supplying a specific prompt ID to an endpoint that does not adequately verify the ownership of the prompt ID. This issue was fixed in version 1.2.25."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/ddfd497afd017a6946c582a1a806687fdac888bf",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/52c129f2-114e-492f-aee8-32c78f75ac4f",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-51xx/CVE-2024-5132.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5132",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:05.300",
"lastModified": "2024-06-06T19:16:05.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In lunary-ai/lunary version 1.2.2, a business logic error allows users to bypass the intended limitations on team member invitations and additions, regardless of their subscription plan. The vulnerability arises due to the lack of validation against the predefined member limits in the SEAT_ALLOWANCE constants during the invitation and joining processes. This issue enables users on any plan, including the free plan, to invite and add more members to a team than allowed, effectively circumventing the system's subscription model. The flaw is located in the backend's handling of user invitations and additions, specifically in the /api/v1/auth/index.ts and /api/v1/users.ts endpoints, where the system fails to check the current number of team members against the allowed limits before proceeding with the invitation and addition operations."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-840"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/1a2d462f-ce25-410c-80f1-10546f963d7c",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-51xx/CVE-2024-5133.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5133",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:05.557",
"lastModified": "2024-06-06T19:16:05.557",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure of password recovery tokens in API responses. Specifically, when a user initiates the password reset process, the recovery token is included in the response of the `GET /v1/users/me/org` endpoint, which lists all users in a team. This allows any authenticated user to capture the recovery token of another user and subsequently change that user's password without consent, effectively taking over the account. The issue lies in the inclusion of the `recovery_token` attribute in the users object returned by the API."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/6057598d-93c4-4a94-bb80-5bd508013c5b",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-51xx/CVE-2024-5186.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5186",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:05.860",
"lastModified": "2024-06-06T19:16:05.860",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically, by manipulating the 'path' parameter in a file upload request, an attacker can cause the application to make arbitrary requests to internal services, including the AWS metadata endpoint. This issue could lead to the exposure of internal servers and sensitive data."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/5f421645-3546-4a67-a421-ee1bc4b6e3a3",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-51xx/CVE-2024-5187.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5187",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:06.100",
"lastModified": "2024-06-06T19:16:06.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system, potentially leading to remote code execution, deletion of system, personal, or application files, thus impacting the integrity and availability of the system. The issue arises from the function's handling of tar file extraction without performing security checks on the paths within the tar file, as demonstrated by the ability to overwrite the `/home/kali/.ssh/authorized_keys` file by specifying an absolute path in the malicious tar file."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/50235ebd-3410-4ada-b064-1a648e11237e",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-52xx/CVE-2024-5206.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-5206",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:06.363",
"lastModified": "2024-06-06T19:16:06.363",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the `stop_words_` attribute, rather than only storing the subset of tokens required for the TF-IDF technique to function. This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. The impact of this vulnerability varies based on the nature of the data being processed by the vectorizer."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-921"
}
]
}
],
"references": [
{
"url": "https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/14bc0917-a85b-4106-a170-d09d5191517c",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-52xx/CVE-2024-5225.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5225",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:06.673",
"lastModified": "2024-06-06T19:16:06.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidated `api_key` parameter directly into the query, making it susceptible to SQL Injection if the `api_key` contains malicious data. This issue affects the latest version of the repository. Successful exploitation of this vulnerability could lead to unauthorized access, data manipulation, exposure of confidential information, and denial of service (DoS)."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-52xx/CVE-2024-5248.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5248",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:06.917",
"lastModified": "2024-06-06T19:16:06.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the `GET /v1/users/me/org` endpoint. The platform's role definitions restrict the `Prompt Editor` role to prompt management and project viewing/listing capabilities, explicitly excluding access to user information. However, the endpoint fails to enforce this restriction, allowing users with the `Prompt Editor` role to access the full list of users in the organization. This vulnerability allows unauthorized access to sensitive user information, violating the intended access controls."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/4ec75087-5630-4813-952b-88ccabe6d117",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-52xx/CVE-2024-5256.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5256",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:19.220",
"lastModified": "2024-06-06T18:15:19.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of SMB2 messages. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22336."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-542/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-52xx/CVE-2024-5267.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5267",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:19.477",
"lastModified": "2024-06-06T18:15:19.477",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of SMB2 messages. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22384."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-543/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-52xx/CVE-2024-5268.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5268",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:19.680",
"lastModified": "2024-06-06T18:15:19.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of SMB2 messages. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22428."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-544/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-52xx/CVE-2024-5269.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5269",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:19.880",
"lastModified": "2024-06-06T18:15:19.880",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of SMB2 messages. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22459."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-545/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-52xx/CVE-2024-5277.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5277",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T18:15:20.087",
"lastModified": "2024-06-06T18:15:20.087",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the recovery token to repeatedly change the password of a victim's account. The issue lies in the backend's handling of the reset password process, where the token, once used, is not discarded or invalidated, enabling its reuse. This vulnerability could lead to unauthorized account access if an attacker obtains the recovery token."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-640"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/6aaba769-d99c-48cf-90d2-7abad984213d",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-52xx/CVE-2024-5278.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5278",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:07.310",
"lastModified": "2024-06-06T19:16:07.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary extensions, including HTML files containing XSS payloads and Python files. This vulnerability, present in the latest version as of 20240310, could lead to stored XSS attacks and potentially result in remote code execution (RCE) on the server hosting the application."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-53xx/CVE-2024-5301.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5301",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:20.307",
"lastModified": "2024-06-06T18:15:20.307",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22917."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-546/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-53xx/CVE-2024-5302.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5302",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-06-06T18:15:20.530",
"lastModified": "2024-06-06T18:15:20.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22918."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-547/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More