Skip to content

Commit

Permalink
3 changes (3 new | 0 updated):
Browse files Browse the repository at this point in the history
      - 3 new CVEs:  CVE-2024-42934, CVE-2024-45160, CVE-2024-47191
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Oct 9, 2024
1 parent a57fa51 commit 291a39a
Show file tree
Hide file tree
Showing 5 changed files with 251 additions and 6 deletions.
62 changes: 62 additions & 0 deletions cves/2024/42xxx/CVE-2024-42934.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{
"dataType": "CVE_RECORD",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-42934",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2024-10-09T04:59:44.475053",
"dateReserved": "2024-08-05T00:00:00",
"datePublished": "2024-10-09T00:00:00"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2024-10-09T04:59:44.475053"
},
"descriptions": [
{
"lang": "en",
"value": "OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://sourceforge.net/p/openipmi/code/ci/b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1/"
},
{
"url": "https://sourceforge.net/p/openipmi/code/ci/4c129d0540f3578ecc078d8612bbf84b6cd24c87"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308375"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
},
"dataVersion": "5.1"
}
68 changes: 68 additions & 0 deletions cves/2024/45xxx/CVE-2024-45160.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
{
"dataType": "CVE_RECORD",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-45160",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2024-10-09T05:03:02.715700",
"dateReserved": "2024-08-22T00:00:00",
"datePublished": "2024-10-09T00:00:00"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2024-10-09T05:03:02.715700"
},
"descriptions": [
{
"lang": "en",
"value": "Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret)."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags"
},
{
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3223"
},
{
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/06d771cbc2d5c752354c50f83e4912e5879f9aa2"
},
{
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7"
},
{
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
},
"dataVersion": "5.1"
}
77 changes: 77 additions & 0 deletions cves/2024/47xxx/CVE-2024-47191.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
{
"dataType": "CVE_RECORD",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-47191",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2024-10-09T05:08:49.223530",
"dateReserved": "2024-09-20T00:00:00",
"datePublished": "2024-10-09T00:00:00"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2024-10-09T05:08:49.223530"
},
"descriptions": [
{
"lang": "en",
"value": "pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/43"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/10/04/2"
},
{
"url": "https://security.opensuse.org/2024/10/04/oath-toolkit-vulnerability.html"
},
{
"url": "https://www.nongnu.org/oath-toolkit/security/CVE-2024-47191"
},
{
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/60d9902b5c20f27e70f8e9c816bfdc0467567e1a"
},
{
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3235a52f6b87cd1c5da6508f421ac261f5e33a70"
},
{
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/3271139989fde35ab0163b558fc29e80c3a280e5"
},
{
"url": "https://gitlab.com/oath-toolkit/oath-toolkit/-/commit/95ef255e6a401949ce3f67609bf8aac2029db418"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
},
"dataVersion": "5.1"
}
24 changes: 18 additions & 6 deletions cves/delta.json
Original file line number Diff line number Diff line change
@@ -1,12 +1,24 @@
{
"fetchTime": "2024-10-09T04:59:39.724Z",
"numberOfChanges": 1,
"fetchTime": "2024-10-09T05:10:00.645Z",
"numberOfChanges": 3,
"new": [
{
"cveId": "CVE-2024-32608",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-32608",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/32xxx/CVE-2024-32608.json",
"dateUpdated": "2024-10-09T04:54:16.002757"
"cveId": "CVE-2024-42934",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-42934",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/42xxx/CVE-2024-42934.json",
"dateUpdated": "2024-10-09T04:59:44.475053"
},
{
"cveId": "CVE-2024-45160",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-45160",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/45xxx/CVE-2024-45160.json",
"dateUpdated": "2024-10-09T05:03:02.715700"
},
{
"cveId": "CVE-2024-47191",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-47191",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/47xxx/CVE-2024-47191.json",
"dateUpdated": "2024-10-09T05:08:49.223530"
}
],
"updated": [],
Expand Down
26 changes: 26 additions & 0 deletions cves/deltaLog.json
Original file line number Diff line number Diff line change
@@ -1,4 +1,30 @@
[
{
"fetchTime": "2024-10-09T05:10:00.645Z",
"numberOfChanges": 3,
"new": [
{
"cveId": "CVE-2024-42934",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-42934",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/42xxx/CVE-2024-42934.json",
"dateUpdated": "2024-10-09T04:59:44.475053"
},
{
"cveId": "CVE-2024-45160",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-45160",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/45xxx/CVE-2024-45160.json",
"dateUpdated": "2024-10-09T05:03:02.715700"
},
{
"cveId": "CVE-2024-47191",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-47191",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/47xxx/CVE-2024-47191.json",
"dateUpdated": "2024-10-09T05:08:49.223530"
}
],
"updated": [],
"error": []
},
{
"fetchTime": "2024-10-09T04:59:39.724Z",
"numberOfChanges": 1,
Expand Down

0 comments on commit 291a39a

Please sign in to comment.