Skip to content

Commit

Permalink
4 changes (3 new | 1 updated):
Browse files Browse the repository at this point in the history 
      - 3 new CVEs:  CVE-2024-34520, CVE-2024-34521, CVE-2024-51376
      - 1 updated CVEs: CVE-2024-55488
  • Loading branch information
cvelistV5 Github Action committed Feb 12, 2025
1 parent 7d8d339 commit f553ff3
Show file tree
Hide file tree
Showing 4 changed files with 177 additions and 3 deletions.
56 changes: 56 additions & 0 deletions cves/2024/34xxx/CVE-2024-34520.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"dataType": "CVE_RECORD",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-34520",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2025-02-12T22:30:32.223Z",
"dateReserved": "2024-05-05T00:00:00.000Z",
"datePublished": "2025-02-12T00:00:00.000Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2025-02-12T22:30:32.223Z"
},
"descriptions": [
{
"lang": "en",
"value": "An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' feature, by bypassing client-side access controls."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://github.com/whitewhale-dmb/Vulnerability-Research/tree/main/CVE-2024-34520"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
},
"dataVersion": "5.1"
}
56 changes: 56 additions & 0 deletions cves/2024/34xxx/CVE-2024-34521.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"dataType": "CVE_RECORD",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-34521",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2025-02-12T22:32:14.628Z",
"dateReserved": "2024-05-05T00:00:00.000Z",
"datePublished": "2025-02-12T00:00:00.000Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2025-02-12T22:32:14.628Z"
},
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an administrative user to access system files with the file permissions of the privileged system user running the application."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://github.com/whitewhale-dmb/Vulnerability-Research/tree/main/CVE-2024-34521"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
},
"dataVersion": "5.1"
}
59 changes: 59 additions & 0 deletions cves/2024/51xxx/CVE-2024-51376.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"dataType": "CVE_RECORD",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-51376",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2025-02-12T22:21:26.505Z",
"dateReserved": "2024-10-28T00:00:00.000Z",
"datePublished": "2025-02-12T00:00:00.000Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2025-02-12T22:21:26.505Z"
},
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a remote attacker to obtain sensitive information via the file/downloadFile.action?path= component."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://github.com/yeqifu/carRental/issues/43"
},
{
"url": "https://github.com/echo0d/vulnerability/blob/main/yeqifu_carRental/DirectoryTraversal.md"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
},
"dataVersion": "5.1"
}
9 changes: 6 additions & 3 deletions cves/2024/55xxx/CVE-2024-55488.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"cveId": "CVE-2024-55488",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2025-02-06T21:28:06.519Z",
"dateUpdated": "2025-02-12T22:28:19.105Z",
"dateReserved": "2024-12-06T00:00:00.000Z",
"datePublished": "2025-01-22T00:00:00.000Z"
},
Expand All @@ -14,12 +14,12 @@
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2025-01-22T15:55:37.823Z"
"dateUpdated": "2025-02-12T22:28:19.105Z"
},
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
"value": "A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed access to the CMS. There was a deliberate decision made not to apply HTML sanitization at the product level."
}
],
"affected": [
Expand Down Expand Up @@ -52,6 +52,9 @@
}
]
}
],
"tags": [
"disputed"
]
},
"adp": [
Expand Down

0 comments on commit f553ff3

Please sign in to comment.