daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-11
ghost 2024-09-17 03:28:43 +00:00
parent 048ce66735
commit 28ef42238f
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -2520,6 +2520,7 @@
{"ID":"CVE-2024-36401","Info":{"Name":"GeoServer RCE in Evaluating Property Name Expressions","Severity":"critical","Description":"In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36401.yaml"}
{"ID":"CVE-2024-36412","Info":{"Name":"SuiteCRM - SQL Injection","Severity":"critical","Description":"SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-36412.yaml"}
{"ID":"CVE-2024-36527","Info":{"Name":"Puppeteer Renderer - Directory Traversal","Severity":"medium","Description":"puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36527.yaml"}
{"ID":"CVE-2024-3673","Info":{"Name":"Web Directory Free \u003c 1.7.3 - Local File Inclusion","Severity":"critical","Description":"The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-3673.yaml"}
{"ID":"CVE-2024-36837","Info":{"Name":"CRMEB v.5.2.2 - SQL Injection","Severity":"high","Description":"SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36837.yaml"}
{"ID":"CVE-2024-36991","Info":{"Name":"Splunk Enterprise - Local File Inclusion","Severity":"high","Description":"In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36991.yaml"}
{"ID":"CVE-2024-37032","Info":{"Name":"Ollama - Remote Code Execution","Severity":"critical","Description":"Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-37032.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
90427929cb359b21e3bca872422d0cef
7fce703a6502c5532d459e4f53543572