From 0491284d3ba013f2201ed184839503124728cf11 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 15 Oct 2024 21:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/31xxx/CVE-2024-31955.json | 70 +++++++++++++++-- 2024/41xxx/CVE-2024-41311.json | 71 +++++++++++++++-- 2024/44xxx/CVE-2024-44775.json | 56 ++++++++++++-- 2024/48xxx/CVE-2024-48411.json | 56 ++++++++++++-- 2024/48xxx/CVE-2024-48710.json | 56 ++++++++++++-- 2024/48xxx/CVE-2024-48712.json | 56 ++++++++++++-- 2024/48xxx/CVE-2024-48713.json | 56 ++++++++++++-- 2024/48xxx/CVE-2024-48714.json | 56 ++++++++++++-- 2024/48xxx/CVE-2024-48779.json | 56 ++++++++++++-- 2024/48xxx/CVE-2024-48781.json | 56 ++++++++++++-- 2024/48xxx/CVE-2024-48782.json | 56 ++++++++++++-- 2024/48xxx/CVE-2024-48783.json | 56 ++++++++++++-- 2024/9xxx/CVE-2024-9486.json | 134 ++++++++++++++++++++++++++++++++- 2024/9xxx/CVE-2024-9594.json | 121 ++++++++++++++++++++++++++++- 2024/9xxx/CVE-2024-9676.json | 4 +- 2024/9xxx/CVE-2024-9954.json | 60 ++++++++++++++- 2024/9xxx/CVE-2024-9955.json | 60 ++++++++++++++- 2024/9xxx/CVE-2024-9956.json | 59 ++++++++++++++- 2024/9xxx/CVE-2024-9957.json | 60 ++++++++++++++- 2024/9xxx/CVE-2024-9958.json | 59 ++++++++++++++- 2024/9xxx/CVE-2024-9959.json | 60 ++++++++++++++- 2024/9xxx/CVE-2024-9960.json | 60 ++++++++++++++- 2024/9xxx/CVE-2024-9961.json | 60 ++++++++++++++- 2024/9xxx/CVE-2024-9962.json | 59 ++++++++++++++- 2024/9xxx/CVE-2024-9963.json | 59 ++++++++++++++- 2024/9xxx/CVE-2024-9964.json | 59 ++++++++++++++- 2024/9xxx/CVE-2024-9965.json | 59 ++++++++++++++- 2024/9xxx/CVE-2024-9966.json | 59 ++++++++++++++- 28 files changed, 1599 insertions(+), 134 deletions(-) diff --git a/2024/31xxx/CVE-2024-31955.json b/2024/31xxx/CVE-2024-31955.json index d86662062f6..6788688a70c 100644 --- a/2024/31xxx/CVE-2024-31955.json +++ b/2024/31xxx/CVE-2024-31955.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-31955", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-31955", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through Electromagnetic Fault Injection allows an attacker to successfully authenticate and write to the RPMB (Replay Protected Memory Block) area without possessing secret information." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", + "refsource": "MISC", + "name": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:H/AV:P/A:N/C:N/I:H/PR:N/S:C/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2024/41xxx/CVE-2024-41311.json b/2024/41xxx/CVE-2024-41311.json index d12893a38ca..cdb6a9c99c0 100644 --- a/2024/41xxx/CVE-2024-41311.json +++ b/2024/41xxx/CVE-2024-41311.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-41311", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-41311", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/strukturag/libheif/issues/1226", + "refsource": "MISC", + "name": "https://github.com/strukturag/libheif/issues/1226" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/strukturag/libheif/pull/1227", + "url": "https://github.com/strukturag/libheif/pull/1227" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36", + "url": "https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0", + "url": "https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0" } ] } diff --git a/2024/44xxx/CVE-2024-44775.json b/2024/44xxx/CVE-2024-44775.json index 0d81bf7bc30..70446fbcb8f 100644 --- a/2024/44xxx/CVE-2024-44775.json +++ b/2024/44xxx/CVE-2024-44775.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-44775", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-44775", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/pengwGit/26fd8630392af5d8829c2e220091ac4f", + "url": "https://gist.github.com/pengwGit/26fd8630392af5d8829c2e220091ac4f" } ] } diff --git a/2024/48xxx/CVE-2024-48411.json b/2024/48xxx/CVE-2024-48411.json index aa7c14414a9..2a9f8bb0a75 100644 --- a/2024/48xxx/CVE-2024-48411.json +++ b/2024/48xxx/CVE-2024-48411.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48411", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48411", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI) via a crafted payload to the val-email parameter in forget_password.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Comitora/CVEs/blob/main/CVE-2024-48411", + "url": "https://github.com/Comitora/CVEs/blob/main/CVE-2024-48411" } ] } diff --git a/2024/48xxx/CVE-2024-48710.json b/2024/48xxx/CVE-2024-48710.json index b937bf55e16..bf5cfab26b8 100644 --- a/2024/48xxx/CVE-2024-48710.json +++ b/2024/48xxx/CVE-2024-48710.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48710", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48710", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sezangel/IOT-vul/blob/main/TPlink/TL-WDR7660/1/readme.md", + "refsource": "MISC", + "name": "https://github.com/sezangel/IOT-vul/blob/main/TPlink/TL-WDR7660/1/readme.md" } ] } diff --git a/2024/48xxx/CVE-2024-48712.json b/2024/48xxx/CVE-2024-48712.json index d04f53301e1..ae53b17c91d 100644 --- a/2024/48xxx/CVE-2024-48712.json +++ b/2024/48xxx/CVE-2024-48712.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48712", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48712", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sezangel/IOT-vul/blob/main/TPlink/TL-WDR7660/3/readme.md", + "refsource": "MISC", + "name": "https://github.com/sezangel/IOT-vul/blob/main/TPlink/TL-WDR7660/3/readme.md" } ] } diff --git a/2024/48xxx/CVE-2024-48713.json b/2024/48xxx/CVE-2024-48713.json index 2cc5bc25153..e186c2f184c 100644 --- a/2024/48xxx/CVE-2024-48713.json +++ b/2024/48xxx/CVE-2024-48713.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48713", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48713", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sezangel/IOT-vul/blob/main/TPlink/TL-WDR7660/4/read.md", + "refsource": "MISC", + "name": "https://github.com/sezangel/IOT-vul/blob/main/TPlink/TL-WDR7660/4/read.md" } ] } diff --git a/2024/48xxx/CVE-2024-48714.json b/2024/48xxx/CVE-2024-48714.json index 16fee37fcf1..12d0a64ed56 100644 --- a/2024/48xxx/CVE-2024-48714.json +++ b/2024/48xxx/CVE-2024-48714.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48714", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48714", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sezangel/IOT-vul/tree/main/TPlink/TL-WDR7660/2", + "refsource": "MISC", + "name": "https://github.com/sezangel/IOT-vul/tree/main/TPlink/TL-WDR7660/2" } ] } diff --git a/2024/48xxx/CVE-2024-48779.json b/2024/48xxx/CVE-2024-48779.json index 05b05064dfe..2461ab9114e 100644 --- a/2024/48xxx/CVE-2024-48779.json +++ b/2024/48xxx/CVE-2024-48779.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48779", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48779", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/zty-1995/3fcdf702017ad6721e5011f74c1f6cee", + "url": "https://gist.github.com/zty-1995/3fcdf702017ad6721e5011f74c1f6cee" } ] } diff --git a/2024/48xxx/CVE-2024-48781.json b/2024/48xxx/CVE-2024-48781.json index 4447d2e68cb..3fb1d96378d 100644 --- a/2024/48xxx/CVE-2024-48781.json +++ b/2024/48xxx/CVE-2024-48781.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48781", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48781", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/zty-1995/a7948be24b3411759a6afa3cc616dc12", + "url": "https://gist.github.com/zty-1995/a7948be24b3411759a6afa3cc616dc12" } ] } diff --git a/2024/48xxx/CVE-2024-48782.json b/2024/48xxx/CVE-2024-48782.json index c262f99c0b9..658493ba399 100644 --- a/2024/48xxx/CVE-2024-48782.json +++ b/2024/48xxx/CVE-2024-48782.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48782", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48782", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/zty-1995/7750a2ea1231971f973f02dc4c893b46", + "url": "https://gist.github.com/zty-1995/7750a2ea1231971f973f02dc4c893b46" } ] } diff --git a/2024/48xxx/CVE-2024-48783.json b/2024/48xxx/CVE-2024-48783.json index e6bb64359ee..961dee4ba4b 100644 --- a/2024/48xxx/CVE-2024-48783.json +++ b/2024/48xxx/CVE-2024-48783.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-48783", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-48783", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/zty-1995/8495b81e8d257e8f6df102a32ec3c583", + "url": "https://gist.github.com/zty-1995/8495b81e8d257e8f6df102a32ec3c583" } ] } diff --git a/2024/9xxx/CVE-2024-9486.json b/2024/9xxx/CVE-2024-9486.json index 09f3b749272..0ceec1e49dc 100644 --- a/2024/9xxx/CVE-2024-9486.json +++ b/2024/9xxx/CVE-2024-9486.json @@ -1,17 +1,143 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9486", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@kubernetes.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kubernetes", + "product": { + "product_data": [ + { + "product_name": "Image Builder", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "0", + "lessThanOrEqual": "0.1.37", + "versionType": "semver" + }, + { + "status": "unaffected", + "version": "0.1.38" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kubernetes/kubernetes/issues/128006", + "refsource": "MISC", + "name": "https://github.com/kubernetes/kubernetes/issues/128006" + }, + { + "url": "https://github.com/kubernetes-sigs/image-builder/pull/1595", + "refsource": "MISC", + "name": "https://github.com/kubernetes-sigs/image-builder/pull/1595" + }, + { + "url": "https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ", + "refsource": "MISC", + "name": "https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "value": "Prior to upgrading, this vulnerability can be mitigated by disabling the builder account on affected VMs:\nusermod -L builder", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Prior to upgrading, this vulnerability can be mitigated by disabling the builder account on affected VMs:
usermod -L builder

" + } + ] + } + ], + "solution": [ + { + "lang": "en", + "value": "Rebuild any affected images using a fixed version of Image Builder. Re-deploy the fixed images to any affected VMs.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Rebuild any affected images using a fixed version of Image Builder. Re-deploy the fixed images to any affected VMs.

" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "value": "Nicolai Rybnikar @rybnico from Rybnikar Enterprises GmbH." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "CRITICAL", + "baseScore": 9.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ] } diff --git a/2024/9xxx/CVE-2024-9594.json b/2024/9xxx/CVE-2024-9594.json index 415bc02dc13..0e5bd7ddd32 100644 --- a/2024/9xxx/CVE-2024-9594.json +++ b/2024/9xxx/CVE-2024-9594.json @@ -1,17 +1,130 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@kubernetes.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process\u00a0when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The credentials are disabled at the conclusion of the image build process. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project. Because these images were vulnerable during the image build process, they are affected only if an attacker was able to reach the VM where the image build was happening and used the vulnerability to modify the image at the time the image build was occurring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kubernetes", + "product": { + "product_data": [ + { + "product_name": "Image Builder", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "0", + "lessThanOrEqual": "0.1.37", + "versionType": "semver" + }, + { + "status": "unaffected", + "version": "0.1.38" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kubernetes/kubernetes/issues/128007", + "refsource": "MISC", + "name": "https://github.com/kubernetes/kubernetes/issues/128007" + }, + { + "url": "https://github.com/kubernetes-sigs/image-builder/pull/1596", + "refsource": "MISC", + "name": "https://github.com/kubernetes-sigs/image-builder/pull/1596" + }, + { + "url": "https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ", + "refsource": "MISC", + "name": "https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "value": "Rebuild any affected images using a fixed version of Image Builder. Re-deploy the fixed images to any affected VMs.", + "supportingMedia": [ + { + "type": "text/html", + "base64": false, + "value": "

Rebuild any affected images using a fixed version of Image Builder. Re-deploy the fixed images to any affected VMs.

" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "value": "Nicolai Rybnikar @rybnico from Rybnikar Enterprises GmbH." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "MEDIUM", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" } ] } diff --git a/2024/9xxx/CVE-2024-9676.json b/2024/9xxx/CVE-2024-9676.json index f61f0e6dd37..d5b1cbed1e3 100644 --- a/2024/9xxx/CVE-2024-9676.json +++ b/2024/9xxx/CVE-2024-9676.json @@ -80,7 +80,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } }, { @@ -136,7 +136,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "affected" + "defaultStatus": "unaffected" } }, { diff --git a/2024/9xxx/CVE-2024-9954.json b/2024/9xxx/CVE-2024-9954.json index 9c5385b622a..ede59c08ac4 100644 --- a/2024/9xxx/CVE-2024-9954.json +++ b/2024/9xxx/CVE-2024-9954.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9954", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "130.0.6723.58", + "version_value": "130.0.6723.58" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://issues.chromium.org/issues/367755363", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/367755363" } ] } diff --git a/2024/9xxx/CVE-2024-9955.json b/2024/9xxx/CVE-2024-9955.json index dc10bf1da03..72488defe79 100644 --- a/2024/9xxx/CVE-2024-9955.json +++ b/2024/9xxx/CVE-2024-9955.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9955", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "130.0.6723.58", + "version_value": "130.0.6723.58" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://issues.chromium.org/issues/370133761", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/370133761" } ] } diff --git a/2024/9xxx/CVE-2024-9956.json b/2024/9xxx/CVE-2024-9956.json index c4c0a821d23..5a16b02415b 100644 --- a/2024/9xxx/CVE-2024-9956.json +++ b/2024/9xxx/CVE-2024-9956.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9956", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "130.0.6723.58", + "version_value": "130.0.6723.58" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://issues.chromium.org/issues/370482421", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/370482421" } ] } diff --git a/2024/9xxx/CVE-2024-9957.json b/2024/9xxx/CVE-2024-9957.json index f2283398b9c..54e914fe1c0 100644 --- a/2024/9xxx/CVE-2024-9957.json +++ b/2024/9xxx/CVE-2024-9957.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9957", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "130.0.6723.58", + "version_value": "130.0.6723.58" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://issues.chromium.org/issues/358151317", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/358151317" } ] } diff --git a/2024/9xxx/CVE-2024-9958.json b/2024/9xxx/CVE-2024-9958.json index cb5f6cdf7ba..bb5329b6715 100644 --- a/2024/9xxx/CVE-2024-9958.json +++ b/2024/9xxx/CVE-2024-9958.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9958", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "130.0.6723.58", + "version_value": "130.0.6723.58" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://issues.chromium.org/issues/40076120", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/40076120" } ] } diff --git a/2024/9xxx/CVE-2024-9959.json b/2024/9xxx/CVE-2024-9959.json index 641b9a35f6a..770e5c9fe3a 100644 --- a/2024/9xxx/CVE-2024-9959.json +++ b/2024/9xxx/CVE-2024-9959.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9959", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "130.0.6723.58", + "version_value": "130.0.6723.58" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://issues.chromium.org/issues/368672129", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/368672129" } ] } diff --git a/2024/9xxx/CVE-2024-9960.json b/2024/9xxx/CVE-2024-9960.json index ea3dbcabdde..739f04e9c9a 100644 --- a/2024/9xxx/CVE-2024-9960.json +++ b/2024/9xxx/CVE-2024-9960.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9960", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "130.0.6723.58", + "version_value": "130.0.6723.58" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://issues.chromium.org/issues/354748063", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/354748063" } ] } diff --git a/2024/9xxx/CVE-2024-9961.json b/2024/9xxx/CVE-2024-9961.json index fc067c567a9..99cd2b222ff 100644 --- a/2024/9xxx/CVE-2024-9961.json +++ b/2024/9xxx/CVE-2024-9961.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9961", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free", + "cweId": "CWE-416" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "130.0.6723.58", + "version_value": "130.0.6723.58" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://issues.chromium.org/issues/357776197", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/357776197" } ] } diff --git a/2024/9xxx/CVE-2024-9962.json b/2024/9xxx/CVE-2024-9962.json index e02ced4512b..6f922b31790 100644 --- a/2024/9xxx/CVE-2024-9962.json +++ b/2024/9xxx/CVE-2024-9962.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9962", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "130.0.6723.58", + "version_value": "130.0.6723.58" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://issues.chromium.org/issues/364508693", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/364508693" } ] } diff --git a/2024/9xxx/CVE-2024-9963.json b/2024/9xxx/CVE-2024-9963.json index 89e8533e242..909de94375f 100644 --- a/2024/9xxx/CVE-2024-9963.json +++ b/2024/9xxx/CVE-2024-9963.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9963", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient data validation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "130.0.6723.58", + "version_value": "130.0.6723.58" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://issues.chromium.org/issues/328278718", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/328278718" } ] } diff --git a/2024/9xxx/CVE-2024-9964.json b/2024/9xxx/CVE-2024-9964.json index 28e82a9a3e0..e777633c490 100644 --- a/2024/9xxx/CVE-2024-9964.json +++ b/2024/9xxx/CVE-2024-9964.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9964", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "130.0.6723.58", + "version_value": "130.0.6723.58" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://issues.chromium.org/issues/361711121", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/361711121" } ] } diff --git a/2024/9xxx/CVE-2024-9965.json b/2024/9xxx/CVE-2024-9965.json index 92779a10ee2..2e84f1ab59d 100644 --- a/2024/9xxx/CVE-2024-9965.json +++ b/2024/9xxx/CVE-2024-9965.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9965", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient data validation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "130.0.6723.58", + "version_value": "130.0.6723.58" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://issues.chromium.org/issues/352651673", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/352651673" } ] } diff --git a/2024/9xxx/CVE-2024-9966.json b/2024/9xxx/CVE-2024-9966.json index c914d76dd48..3b5aaf6ab2e 100644 --- a/2024/9xxx/CVE-2024-9966.json +++ b/2024/9xxx/CVE-2024-9966.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9966", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "130.0.6723.58", + "version_value": "130.0.6723.58" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html" + }, + { + "url": "https://issues.chromium.org/issues/364773822", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/364773822" } ] }