admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-29 08:00:35 +00:00
parent 73519ae00c
commit 101b3aee42
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
16 changed files with 314 additions and 302 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2023/25xxx/CVE-2023-25330.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer."
"value": "** DISPUTED ** A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection."
}
]
},
@ -56,6 +56,11 @@
"url": "https://github.com/FCncdn/MybatisPlusTenantPluginSQLInjection-POC/blob/master/Readme.en.md",
"refsource": "MISC",
"name": "https://github.com/FCncdn/MybatisPlusTenantPluginSQLInjection-POC/blob/master/Readme.en.md"
},
{
"refsource": "MISC",
"name": "https://baomidou.com/reference/about-cve/",
"url": "https://baomidou.com/reference/about-cve/"
}
]
}

18
2023/7xxx/CVE-2023-7265.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-7265",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

8
2024/24xxx/CVE-2024-24856.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a\nsuccessful allocation, but the subsequent code directly dereferences the\npointer that receives it, which may lead to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null, \nreturn exception code AE_NO_MEMORY.\n\n"
"value": "The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a\nsuccessful allocation, but the subsequent code directly dereferences the\npointer that receives it, which may lead to null pointer dereference.\n\nTo fix this issue, a null pointer check should be added. If it is null, \nreturn exception code AE_NO_MEMORY."
}
]
},
@ -32,11 +32,11 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"vendor_name": "OpenAnolis",
"product": {
"product_data": [
{
"product_name": "Linux kernel",
"product_name": "Anolis OS",
"version": {
"version_data": [
{
@ -78,7 +78,7 @@
"value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0\">https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0</a><br>"
}
],
"value": " https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 \n"
"value": "https://github.com/acpica/acpica/pull/946/commits/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0"
}
],
"credits": [

98
2024/24xxx/CVE-2024-24862.json
View File

@ -5,107 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2024-24862",
"ASSIGNER": "security@openanolis.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In function pci1xxxx_spi_probe, there is a potential null pointer that\nmay be caused by a failed memory allocation by the function devm_kzalloc.\nHence, a null pointer check needs to be added to prevent null pointer\ndereferencing later in the code.\n\nTo fix this issue, spi_bus->spi_int[iter] should be checked. The memory\nallocated by devm_kzalloc will be automatically released, so just directly\nreturn -ENOMEM without worrying about memory leaks.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "v6.2",
"version_value": "v6.9-rc3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8748",
"refsource": "MISC",
"name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8748"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20240411&amp;id=1f886a7bfb3faf4c1021e73f045538008ce7634e\">https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20240411&amp;id=1...</a><br>"
}
],
"value": " https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20240411&id=1... https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/ \n"
}
],
"credits": [
{
"lang": "en",
"value": "\u5218\u6000\u8fdc <qq810974084@gmail.com>"
},
{
"lang": "en",
"value": "\u767d\u5bb6\u9a79 <baijiaju@buaa.edu.cn>"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}

98
2024/24xxx/CVE-2024-24863.json
View File

@ -5,107 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2024-24863",
"ASSIGNER": "security@openanolis.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In malidp_mw_connector_reset, new memory is allocated with kzalloc, but \nno check is performed. In order to prevent null pointer dereferencing, \nensure that mw_state is checked before calling \n__drm_atomic_helper_connector_reset.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "v4.19-rc1",
"version_value": "v6.9-rc2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8750",
"refsource": "MISC",
"name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8750"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/all/20240407063053.5481-1-qq810974084@gmail.com/\">https://lore.kernel.org/all/20240407063053.5481-1-qq810974084@gmail.com/</a><br>"
}
],
"value": " https://lore.kernel.org/all/20240407063053.5481-1-qq810974084@gmail.com/ \n"
}
],
"credits": [
{
"lang": "en",
"value": "Huai-Yuan Liu <qq810974084@gmail.com>"
},
{
"lang": "en",
"value": "\u767d\u5bb6\u9a79 <baijiaju@buaa.edu.cn>"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\nCVE-2024-24863 has been replaced by\u00a0CVE-2024-36014."
}
]
}

7
2024/35xxx/CVE-2024-35548.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection"
"value": "** DISPUTED ** A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection."
}
]
},
@ -56,6 +56,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/baomidou/mybatis-plus/issues/6167",
"url": "https://github.com/baomidou/mybatis-plus/issues/6167"
},
{
"refsource": "MISC",
"name": "https://baomidou.com/reference/about-cve/",
"url": "https://baomidou.com/reference/about-cve/"
}
]
}

81
2024/36xxx/CVE-2024-36015.json
View File

@ -1,18 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36015",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nppdev: Add an error check in register_device\n\nIn register_device, the return value of ida_simple_get is unchecked,\nin witch ida_simple_get will use an invalid index value.\n\nTo address this issue, index should be checked after ida_simple_get. When\nthe index value is abnormal, a warning message should be printed, the port\nshould be dropped, and the value should be recorded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9a69645dde11",
"version_value": "fbf740aeb86a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.11",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.11",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
}
}

18
2024/36xxx/CVE-2024-36499.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36499",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/36xxx/CVE-2024-36500.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36500",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/36xxx/CVE-2024-36501.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36501",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/36xxx/CVE-2024-36502.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36502",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/36xxx/CVE-2024-36503.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

98
2024/4xxx/CVE-2024-4810.json
View File

@ -5,107 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2024-4810",
"ASSIGNER": "security@openanolis.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In register_device, the return value of ida_simple_get is unchecked,\nin witch ida_simple_get will use an invalid index value.\n\nTo address this issue, index should be checked after ida_simple_get. When\nthe index value is abnormal, a warning message should be printed, the port\nshould be dropped, and the value should be recorded.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "v4.11-rc4",
"version_value": "v6.9-rc7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=9008",
"refsource": "MISC",
"name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=9008"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/?id=fbf740aeb86a4fe82ad158d26d711f2f3be79b3e\">https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/?id=fbf740aeb86a4fe82ad1...</a><br>"
}
],
"value": " https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/?id=fbf740aeb86a4fe82ad1... https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/ \n"
}
],
"credits": [
{
"lang": "en",
"value": "Huai-Yuan Liu <qq810974084@gmail.com>"
},
{
"lang": "en",
"value": "\u767d\u5bb6\u9a79 <baijiaju@buaa.edu.cn>"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\nThis CVE has been replaced by\u00a0CVE-2024-36015."
}
]
}

75
2024/5xxx/CVE-2024-5086.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5086",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Essential Addons for Elementor PRO \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Essential Addons",
"product": {
"product_data": [
{
"product_name": "Essential Addons for Elementor Pro",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.8.14"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f7773b98-537f-4f4e-98d6-db61d2bffe8c?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f7773b98-537f-4f4e-98d6-db61d2bffe8c?source=cve"
},
{
"url": "https://essential-addons.com/changelog/",
"refsource": "MISC",
"name": "https://essential-addons.com/changelog/"
}
]
},
"credits": [
{
"lang": "en",
"value": "wesley"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

18
2024/5xxx/CVE-2024-5464.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5464",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5465.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5465",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}