daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-12
ghost 2024-10-22 09:11:05 +00:00
parent db04c7c606
commit 439b5c4478
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -2484,6 +2484,7 @@
{"ID":"CVE-2024-22207","Info":{"Name":"Fastify Swagger-UI - Information Disclosure","Severity":"medium","Description":"fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-22207.yaml"}
{"ID":"CVE-2024-22319","Info":{"Name":"IBM Operational Decision Manager - JNDI Injection","Severity":"critical","Description":"IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-22319.yaml"}
{"ID":"CVE-2024-22320","Info":{"Name":"IBM Operational Decision Manager - Java Deserialization","Severity":"high","Description":"IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-22320.yaml"}
{"ID":"CVE-2024-22476","Info":{"Name":"Intel Neural Compressor \u003c2.5.0 - SQL Injection","Severity":"critical","Description":"Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-22476.yaml"}
{"ID":"CVE-2024-22927","Info":{"Name":"eyoucms v.1.6.5 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-22927.yaml"}
{"ID":"CVE-2024-23163","Info":{"Name":"GestSup - Account Takeover","Severity":"critical","Description":"","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-23163.yaml"}
{"ID":"CVE-2024-23167","Info":{"Name":"GestSup - Cross-Site Scripting","Severity":"high","Description":"GestSup allows its users to add events to the calendar of all users. This is the HTTP request sent when a user adds an event to their calendar.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-23167.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
42a9d305ba88abc49ff10e033fbbe9e8
f66047f104b3eddc4dfac69f43f3720b