-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
cbff815
commit 4f3ffee
Showing
8 changed files
with
8 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"matchString": {"matchCriteriaId": "58523FB7-51C6-47A6-ACDF-057008EE7F2A", "criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.1.0", "versionEndIncluding": "9.1.11", "lastModified": "2024-07-26T11:56:45.063", "cpeLastModified": "2024-07-26T11:56:45.063", "created": "2024-07-26T11:56:45.063", "status": "Active"}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"matchString": {"matchCriteriaId": "673B3C88-A3F3-4027-A4BA-53FAF47A45BD", "criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.0.0:*:*:*:*:*:*:*", "lastModified": "2024-07-26T11:56:45.063", "cpeLastModified": "2024-07-26T11:56:45.063", "created": "2024-07-26T11:56:45.063", "status": "Active"}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"matchString": {"matchCriteriaId": "B192B735-604E-49DB-910A-93912220AB2E", "criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:8.0.0:*:*:*:*:*:*:*", "lastModified": "2024-07-26T11:56:45.063", "cpeLastModified": "2024-07-26T11:56:45.063", "created": "2024-07-26T11:56:45.063", "status": "Active"}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"cve": {"id": "CVE-2023-38522", "sourceIdentifier": "[email protected]", "published": "2024-07-26T10:15:01.923", "lastModified": "2024-07-26T10:15:01.923", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\n\nUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue."}, {"lang": "es", "value": "Apache Traffic Server acepta caracteres que no est\u00e1n permitidos para los nombres de campos HTTP y reenv\u00eda las solicitudes malformadas a los servidores de origen. Esto se puede utilizar para el contrabando de solicitudes y tambi\u00e9n puede provocar un envenenamiento de la cach\u00e9 si los servidores de origen son vulnerables. Este problema afecta a Apache Traffic Server: desde la versi\u00f3n 8.0.0 hasta la 8.1.10, desde la 9.0.0 hasta la 9.2.4. Se recomienda a los usuarios que actualicen a la versi\u00f3n 8.1.11 o 9.2.5, que soluciona el problema."}], "metrics": {}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-20"}]}], "references": [{"url": "https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0", "source": "[email protected]"}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"cve": {"id": "CVE-2024-35161", "sourceIdentifier": "[email protected]", "published": "2024-07-26T10:15:02.567", "lastModified": "2024-07-26T10:15:02.567", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\n\nUsers can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.\nUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue."}, {"lang": "es", "value": "Apache Traffic Server reenv\u00eda la secci\u00f3n fragmentada HTTP mal formada a los servidores de origen. Esto se puede utilizar para el contrabando de solicitudes y tambi\u00e9n puede provocar un envenenamiento de la cach\u00e9 si los servidores de origen son vulnerables. Este problema afecta a Apache Traffic Server: desde la versi\u00f3n 8.0.0 hasta la 8.1.10, desde la versi\u00f3n 9.0.0 hasta la 9.2.4. Los usuarios pueden establecer una nueva configuraci\u00f3n (proxy.config.http.drop_chunked_trailers) para no reenviar la secci\u00f3n fragmentada del tr\u00e1iler. Se recomienda a los usuarios que actualicen a la versi\u00f3n 8.1.11 o 9.2.5, que soluciona el problema."}], "metrics": {}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-20"}]}], "references": [{"url": "https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0", "source": "[email protected]"}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"cve": {"id": "CVE-2024-35296", "sourceIdentifier": "[email protected]", "published": "2024-07-26T10:15:02.713", "lastModified": "2024-07-26T10:15:02.713", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\n\nUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue."}, {"lang": "es", "value": "Un encabezado Invalid Accept-Encoding puede provocar que Apache Traffic Server no pueda realizar una b\u00fasqueda en cach\u00e9 y fuerce el reenv\u00edo de solicitudes. Este problema afecta a Apache Traffic Server: de la versi\u00f3n 8.0.0 a la 8.1.10 y de la versi\u00f3n 9.0.0 a la 9.2.4. Se recomienda a los usuarios que actualicen a la versi\u00f3n 8.1.11 o 9.2.5, que soluciona el problema."}], "metrics": {}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-20"}]}], "references": [{"url": "https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0", "source": "[email protected]"}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2024-7079", "sourceIdentifier": "[email protected]", "published": "2024-07-24T16:15:07.613", "lastModified": "2024-07-25T17:31:23.670", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE"}]}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-7079", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299678", "source": "[email protected]", "tags": ["Issue Tracking"]}]}} | ||
| {"cve": {"id": "CVE-2024-7079", "sourceIdentifier": "[email protected]", "published": "2024-07-24T16:15:07.613", "lastModified": "2024-07-26T10:15:02.840", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la consola Openshift. El endpoint /API/helm/verify tiene la tarea de buscar y verificar la instalaci\u00f3n de un gr\u00e1fico Helm desde un URI que sea HTTP/HTTPS remoto o local. El acceso a este endpoint est\u00e1 controlado por la funci\u00f3n de middleware authHandlerWithUser(). Al contrario de lo que sugiere su nombre, esta funci\u00f3n de middleware no verifica la validez de las credenciales del usuario. Como resultado, los usuarios no autenticados pueden acceder a este endpoint."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE"}]}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-7079", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299678", "source": "[email protected]", "tags": ["Issue Tracking"]}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"lastModStartDate": "2024-07-26T08:02:32.020371+00:00", "lastModEndDate": "2024-07-26T10:02:26.734760+00:00"} | ||
| {"lastModStartDate": "2024-07-26T10:02:26.734760+00:00", "lastModEndDate": "2024-07-26T12:02:34.121079+00:00"} |