-
Notifications
You must be signed in to change notification settings - Fork 201
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- 3 new CVEs: CVE-2024-42934, CVE-2024-45160, CVE-2024-47191 - 0 updated CVEs:
- Loading branch information
cvelistV5 Github Action
committed
Oct 9, 2024
1 parent
a57fa51
commit 291a39a
Showing
5 changed files
with
251 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
{ | ||
"dataType": "CVE_RECORD", | ||
"cveMetadata": { | ||
"state": "PUBLISHED", | ||
"cveId": "CVE-2024-42934", | ||
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", | ||
"assignerShortName": "mitre", | ||
"dateUpdated": "2024-10-09T04:59:44.475053", | ||
"dateReserved": "2024-08-05T00:00:00", | ||
"datePublished": "2024-10-09T00:00:00" | ||
}, | ||
"containers": { | ||
"cna": { | ||
"providerMetadata": { | ||
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", | ||
"shortName": "mitre", | ||
"dateUpdated": "2024-10-09T04:59:44.475053" | ||
}, | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution." | ||
} | ||
], | ||
"affected": [ | ||
{ | ||
"vendor": "n/a", | ||
"product": "n/a", | ||
"versions": [ | ||
{ | ||
"version": "n/a", | ||
"status": "affected" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://sourceforge.net/p/openipmi/code/ci/b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1/" | ||
}, | ||
{ | ||
"url": "https://sourceforge.net/p/openipmi/code/ci/4c129d0540f3578ecc078d8612bbf84b6cd24c87" | ||
}, | ||
{ | ||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308375" | ||
} | ||
], | ||
"problemTypes": [ | ||
{ | ||
"descriptions": [ | ||
{ | ||
"type": "text", | ||
"lang": "en", | ||
"description": "n/a" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
}, | ||
"dataVersion": "5.1" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
{ | ||
"dataType": "CVE_RECORD", | ||
"cveMetadata": { | ||
"state": "PUBLISHED", | ||
"cveId": "CVE-2024-45160", | ||
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", | ||
"assignerShortName": "mitre", | ||
"dateUpdated": "2024-10-09T05:03:02.715700", | ||
"dateReserved": "2024-08-22T00:00:00", | ||
"datePublished": "2024-10-09T00:00:00" | ||
}, | ||
"containers": { | ||
"cna": { | ||
"providerMetadata": { | ||
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", | ||
"shortName": "mitre", | ||
"dateUpdated": "2024-10-09T05:03:02.715700" | ||
}, | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret)." | ||
} | ||
], | ||
"affected": [ | ||
{ | ||
"vendor": "n/a", | ||
"product": "n/a", | ||
"versions": [ | ||
{ | ||
"version": "n/a", | ||
"status": "affected" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags" | ||
}, | ||
{ | ||
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3223" | ||
}, | ||
{ | ||
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/06d771cbc2d5c752354c50f83e4912e5879f9aa2" | ||
}, | ||
{ | ||
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7" | ||
}, | ||
{ | ||
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d" | ||
} | ||
], | ||
"problemTypes": [ | ||
{ | ||
"descriptions": [ | ||
{ | ||
"type": "text", | ||
"lang": "en", | ||
"description": "n/a" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
}, | ||
"dataVersion": "5.1" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
{ | ||
"dataType": "CVE_RECORD", | ||
"cveMetadata": { | ||
"state": "PUBLISHED", | ||
"cveId": "CVE-2024-47191", | ||
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", | ||
"assignerShortName": "mitre", | ||
"dateUpdated": "2024-10-09T05:08:49.223530", | ||
"dateReserved": "2024-09-20T00:00:00", | ||
"datePublished": "2024-10-09T00:00:00" | ||
}, | ||
"containers": { | ||
"cna": { | ||
"providerMetadata": { | ||
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", | ||
"shortName": "mitre", | ||
"dateUpdated": "2024-10-09T05:08:49.223530" | ||
}, | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink." | ||
} | ||
], | ||
"affected": [ | ||
{ | ||
"vendor": "n/a", | ||
"product": "n/a", | ||
"versions": [ | ||
{ | ||
"version": "n/a", | ||
"status": "affected" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/43" | ||
}, | ||
{ | ||
"url": "https://www.openwall.com/lists/oss-security/2024/10/04/2" | ||
}, | ||
{ | ||
"url": "https://security.opensuse.org/2024/10/04/oath-toolkit-vulnerability.html" | ||
}, | ||
{ | ||
"url": "https://www.nongnu.org/oath-toolkit/security/CVE-2024-47191" | ||
}, | ||
{ | ||
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/60d9902b5c20f27e70f8e9c816bfdc0467567e1a" | ||
}, | ||
{ | ||
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3235a52f6b87cd1c5da6508f421ac261f5e33a70" | ||
}, | ||
{ | ||
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3271139989fde35ab0163b558fc29e80c3a280e5" | ||
}, | ||
{ | ||
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/95ef255e6a401949ce3f67609bf8aac2029db418" | ||
} | ||
], | ||
"problemTypes": [ | ||
{ | ||
"descriptions": [ | ||
{ | ||
"type": "text", | ||
"lang": "en", | ||
"description": "n/a" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
}, | ||
"dataVersion": "5.1" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters