chore: generate CVEs metadata 🤖

patch-12
ghost 2024-09-26 20:45:40 +00:00
parent cb60d90597
commit 799c66537c
2 changed files with 2 additions and 1 deletions

View File

@ -2552,6 +2552,7 @@
{"ID":"CVE-2024-38288","Info":{"Name":"TurboMeeting - Post-Authentication Command Injection","Severity":"high","Description":"The Certificate Signing Request (CSR) feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to execute arbitrary commands on the underlying server by injecting malicious input into the CSR generation process. The application failed to properly sanitize user-supplied input before using it in a command executed privileges.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38288.yaml"} {"ID":"CVE-2024-38288","Info":{"Name":"TurboMeeting - Post-Authentication Command Injection","Severity":"high","Description":"The Certificate Signing Request (CSR) feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to execute arbitrary commands on the underlying server by injecting malicious input into the CSR generation process. The application failed to properly sanitize user-supplied input before using it in a command executed privileges.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38288.yaml"}
{"ID":"CVE-2024-38289","Info":{"Name":"TurboMeeting - Boolean-based SQL Injection","Severity":"critical","Description":"A Boolean-based SQL injection vulnerability in the \"RHUB TurboMeeting\" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38289.yaml"} {"ID":"CVE-2024-38289","Info":{"Name":"TurboMeeting - Boolean-based SQL Injection","Severity":"critical","Description":"A Boolean-based SQL injection vulnerability in the \"RHUB TurboMeeting\" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38289.yaml"}
{"ID":"CVE-2024-38472","Info":{"Name":"Apache HTTPd Windows UNC - Server-Side Request Forgery","Severity":"high","Description":"SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note- Existing configurations that access UNC paths will have to configure new directive \"UNCList\" to allow access during request processing.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-38472.yaml"} {"ID":"CVE-2024-38472","Info":{"Name":"Apache HTTPd Windows UNC - Server-Side Request Forgery","Severity":"high","Description":"SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note- Existing configurations that access UNC paths will have to configure new directive \"UNCList\" to allow access during request processing.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-38472.yaml"}
{"ID":"CVE-2024-38473","Info":{"Name":"Apache HTTP Server - ACL Bypass","Severity":"high","Description":"Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2024/CVE-2024-38473.yaml"}
{"ID":"CVE-2024-3850","Info":{"Name":"Uniview NVR301-04S2-P4 - Cross-Site Scripting","Severity":"medium","Description":"Uniview NVR301-04S2-P4 contains a reflected cross-site scripting vulnerability via the PATH of LAPI. CISA and Uniview state that this vulnerability needs to be authenticated. This is incorrect. Any PATH payload can cause XSS. A submission to Mitre has been sent to update the verbiage in the finding as well as the CVSS score.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2024/CVE-2024-3850.yaml"} {"ID":"CVE-2024-3850","Info":{"Name":"Uniview NVR301-04S2-P4 - Cross-Site Scripting","Severity":"medium","Description":"Uniview NVR301-04S2-P4 contains a reflected cross-site scripting vulnerability via the PATH of LAPI. CISA and Uniview state that this vulnerability needs to be authenticated. This is incorrect. Any PATH payload can cause XSS. A submission to Mitre has been sent to update the verbiage in the finding as well as the CVSS score.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2024/CVE-2024-3850.yaml"}
{"ID":"CVE-2024-38514","Info":{"Name":"NextChat - Server-Side Request Forgery","Severity":"high","Description":"NextChat v2.12.3 suffers from a Server-Side Request Forgery (SSRF) and Cross-Site Scripting vulnerability due to a lack of validation of the GET parameter on the WebDav API endpoint.\n","Classification":{"CVSSScore":"7.4"}},"file_path":"http/cves/2024/CVE-2024-38514.yaml"} {"ID":"CVE-2024-38514","Info":{"Name":"NextChat - Server-Side Request Forgery","Severity":"high","Description":"NextChat v2.12.3 suffers from a Server-Side Request Forgery (SSRF) and Cross-Site Scripting vulnerability due to a lack of validation of the GET parameter on the WebDav API endpoint.\n","Classification":{"CVSSScore":"7.4"}},"file_path":"http/cves/2024/CVE-2024-38514.yaml"}
{"ID":"CVE-2024-38856","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"critical","Description":"Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38856.yaml"} {"ID":"CVE-2024-38856","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"critical","Description":"Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38856.yaml"}

View File

@ -1 +1 @@
d55d36df4a9465c80b56408badbffb4c 33095e5248f98f9c3d2680fa409ae97a