daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-12
ghost 2024-09-26 20:45:00 +00:00
parent 7a478ee137
commit eb2107f5fd
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -2566,6 +2566,7 @@
{"ID":"CVE-2024-41107","Info":{"Name":"Apache CloudStack - SAML Signature Exclusion","Severity":"critical","Description":"The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-41107.yaml"}
{"ID":"CVE-2024-41628","Info":{"Name":"Cluster Control CMON API - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-41628.yaml"}
{"ID":"CVE-2024-41667","Info":{"Name":"OpenAM\u003c=15.0.3 FreeMarker - Template Injection","Severity":"high","Description":"OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-41667.yaml"}
{"ID":"CVE-2024-41810","Info":{"Name":"Twisted - Open Redirect \u0026 XSS","Severity":"medium","Description":"Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter. This vulnerability is fixed in 24.7.0rc1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-41810.yaml"}
{"ID":"CVE-2024-41955","Info":{"Name":"Open Redirect in Login Redirect - MobSF","Severity":"medium","Description":"Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view.\n","Classification":{"CVSSScore":"5.2"}},"file_path":"http/cves/2024/CVE-2024-41955.yaml"}
{"ID":"CVE-2024-4257","Info":{"Name":"BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection","Severity":"medium","Description":"A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-4257.yaml"}
{"ID":"CVE-2024-4295","Info":{"Name":"Email Subscribers by Icegram Express \u003c= 5.7.20 - Unauthenticated SQL Injection via Hash","Severity":"critical","Description":"Email Subscribers by Icegram Express \u003c= 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4295.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
ce17096e8f0c7970aa6a16c0c6f4ffa0
d55d36df4a9465c80b56408badbffb4c