chore: generate CVEs metadata 🤖
parent
5f67d7f7c1
commit
7740f587c6
|
@ -2524,6 +2524,8 @@
|
|||
{"ID":"CVE-2024-5217","Info":{"Name":"ServiceNow - Incomplete Input Validation","Severity":"critical","Description":"ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-5217.yaml"}
|
||||
{"ID":"CVE-2024-5230","Info":{"Name":"FleetCart 4.1.1 - Information Disclosure","Severity":"medium","Description":"Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the \"Razorpay\" \"razorpayKeyId\".\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-5230.yaml"}
|
||||
{"ID":"CVE-2024-5315","Info":{"Name":"Dolibarr ERP CMS `list.php` - SQL Injection","Severity":"critical","Description":"Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-5315.yaml"}
|
||||
{"ID":"CVE-2024-5420","Info":{"Name":"SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting","Severity":"high","Description":"A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. This flaw allows stored cross-site scripting (XSS), enabling attackers to inject JavaScript code. The attack can be executed remotely by tricking victims into visiting a malicious website, potentially leading to session hijacking. This vulnerability is publicly disclosed and identified as CVE-2024-5420.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2024/CVE-2024-5420.yaml"}
|
||||
{"ID":"CVE-2024-5421","Info":{"Name":"SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure","Severity":"high","Description":"A vulnerability was identified in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, impacting the file handling functions. This flaw results in authenticated file disclosure, granting unauthorized access to sensitive files and directories. Although authentication is required, the vulnerability poses a significant risk of data exposure. This vulnerability is publicly disclosed and identified as CVE-2024-5421.\n","Classification":{"CVSSScore":"8.7"}},"file_path":"http/cves/2024/CVE-2024-5421.yaml"}
|
||||
{"ID":"CVE-2024-5522","Info":{"Name":"WordPress HTML5 Video Player \u003c 2.5.27 - SQL Injection","Severity":"critical","Description":"The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5522.yaml"}
|
||||
{"ID":"CVE-2024-5936","Info":{"Name":"PrivateGPT \u003c 0.5.0 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-5936.yaml"}
|
||||
{"ID":"CVE-2024-5947","Info":{"Name":"Deep Sea Electronics DSE855 - Authentication Bypass","Severity":"medium","Description":"Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-5947.yaml"}
|
||||
|
|
|
@ -1 +1 @@
|
|||
b27448b04cbe6b65725d797a3f4a254c
|
||||
10eac992c8574872a8dcc59eca1caf89
|
||||
|
|
Loading…
Reference in New Issue