Skip to content

Commit

Permalink
5 changes (5 new | 0 updated):
Browse files Browse the repository at this point in the history 
      - 5 new CVEs:  CVE-2024-46923, CVE-2024-56938, CVE-2024-56939, CVE-2024-56940, CVE-2025-1228
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Feb 12, 2025
1 parent 404c95d commit 7605c06
Show file tree
Hide file tree
Showing 5 changed files with 366 additions and 0 deletions.
56 changes: 56 additions & 0 deletions cves/2024/46xxx/CVE-2024-46923.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"dataType": "CVE_RECORD",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-46923",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2025-02-12T21:32:04.836Z",
"dateReserved": "2024-09-15T00:00:00.000Z",
"datePublished": "2025-02-12T00:00:00.000Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2025-02-12T21:32:04.836Z"
},
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_ib_fill in the Xclipse Driver."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
},
"dataVersion": "5.1"
}
56 changes: 56 additions & 0 deletions cves/2024/56xxx/CVE-2024-56938.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"dataType": "CVE_RECORD",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-56938",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2025-02-12T21:39:01.026Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"datePublished": "2025-02-12T00:00:00.000Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2025-02-12T21:39:01.026Z"
},
"descriptions": [
{
"lang": "en",
"value": "LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the materials-content class."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://github.com/nikolas-ch/CVEs/tree/main/LearnDash_v6.7.1"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
},
"dataVersion": "5.1"
}
56 changes: 56 additions & 0 deletions cves/2024/56xxx/CVE-2024-56939.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"dataType": "CVE_RECORD",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-56939",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2025-02-12T21:36:43.412Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"datePublished": "2025-02-12T00:00:00.000Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2025-02-12T21:36:43.412Z"
},
"descriptions": [
{
"lang": "en",
"value": "LearnDash v6.7.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the ld-comment-body class."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://github.com/nikolas-ch/CVEs/tree/main/LearnDash_v6.7.1"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
},
"dataVersion": "5.1"
}
56 changes: 56 additions & 0 deletions cves/2024/56xxx/CVE-2024-56940.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"dataType": "CVE_RECORD",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-56940",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2025-02-12T21:37:51.012Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"datePublished": "2025-02-12T00:00:00.000Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2025-02-12T21:37:51.012Z"
},
"descriptions": [
{
"lang": "en",
"value": "An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial of Service (DoS) via excessive file uploads."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://github.com/nikolas-ch/CVEs/tree/main/LearnDash_v6.7.1"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
},
"dataVersion": "5.1"
}
142 changes: 142 additions & 0 deletions cves/2025/1xxx/CVE-2025-1228.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-1228",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"state": "PUBLISHED",
"assignerShortName": "VulDB",
"dateReserved": "2025-02-11T10:01:41.373Z",
"datePublished": "2025-02-12T21:31:09.612Z",
"dateUpdated": "2025-02-12T21:31:09.612Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2025-02-12T21:31:09.612Z"
},
"title": "olajowon Loggrove Logfile Update page path traversal",
"problemTypes": [
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-22",
"lang": "en",
"description": "Path Traversal"
}
]
}
],
"affected": [
{
"vendor": "olajowon",
"product": "Loggrove",
"versions": [
{
"version": "e428fac38cc480f011afcb1d8ce6c2bad378ddd6",
"status": "affected"
}
],
"modules": [
"Logfile Update Handler"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOG_Monitor of the component Logfile Update Handler. The manipulation of the argument path leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in olajowon Loggrove bis e428fac38cc480f011afcb1d8ce6c2bad378ddd6 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /read/?page=1&logfile=LOG_Monitor der Komponente Logfile Update Handler. Dank der Manipulation des Arguments path mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
}
],
"metrics": [
{
"cvssV4_0": {
"version": "4.0",
"baseScore": 5.3,
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_1": {
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"
}
}
],
"timeline": [
{
"time": "2025-02-11T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2025-02-11T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2025-02-11T11:06:48.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "VulDB Gitee Analyzer",
"type": "tool"
}
],
"references": [
{
"url": "https://vuldb.com/?id.295218",
"name": "VDB-295218 | olajowon Loggrove Logfile Update page path traversal",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.295218",
"name": "VDB-295218 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://gitee.com/olajowon/loggrove/issues/IBJSXS",
"tags": [
"exploit",
"issue-tracking"
]
}
]
}
}
}

0 comments on commit 7605c06

Please sign in to comment.