admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-10 08:00:32 +00:00
parent b05bccbffe
commit 199b78049c
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 319 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2023/26xxx/CVE-2023-26310.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a command injection problem in the old version of the mobile phone backup app.\n"
"value": "There is a command injection problem in the old version of the mobile phone backup app."
}
]
},

4
2023/40xxx/CVE-2023-40548.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound",
"cweId": "CWE-190"
"value": "Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}

5
2024/39xxx/CVE-2024-39463.json
View File

@ -115,6 +115,11 @@
"url": "https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1194/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1194/"
}
]
},

88
2024/42xxx/CVE-2024-42427.json
View File

@ -1,17 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-42427",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@dell.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dell",
"product": {
"product_data": [
{
"product_name": "Wyse Proprietary OS (Modern ThinOS)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Dell ThinOS 2402"
},
{
"version_affected": "=",
"version_value": "Dell ThinOS 2405"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000228350/dsa-2024-386",
"refsource": "MISC",
"name": "https://www.dell.com/support/kbdoc/en-us/000228350/dsa-2024-386"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Dell would like to thank REQON for reporting this issue"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

89
2024/43xxx/CVE-2024-43898.json
View File

@ -5,99 +5,14 @@
"CVE_data_meta": {
"ID": "CVE-2024-43898",
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: sanity check for NULL pointer after ext4_force_shutdown\n\nTest case: 2 threads write short inline data to a file.\nIn ext4_page_mkwrite the resulting inline data is converted.\nHandling ext4_grp_locked_error with description \"block bitmap\nand bg descriptor inconsistent: X vs Y free clusters\" calls\next4_force_shutdown. The conversion clears\nEXT4_STATE_MAY_INLINE_DATA but fails for\next4_destroy_inline_data_nolock and ext4_mark_iloc_dirty due\nto ext4_forced_shutdown. The restoration of inline data fails\nfor the same reason not setting EXT4_STATE_MAY_INLINE_DATA.\nWithout the flag set a regular process path in ext4_da_write_end\nfollows trying to dereference page folio private pointer that has\nnot been set. The fix calls early return with -EIO error shall the\npointer to private be NULL.\n\nSample crash report:\n\nUnable to handle kernel paging request at virtual address dfff800000000004\nKASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]\nMem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[dfff800000000004] address between user and kernel address ranges\nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 PID: 20274 Comm: syz-executor185 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __block_commit_write+0x64/0x2b0 fs/buffer.c:2167\nlr : __block_commit_write+0x3c/0x2b0 fs/buffer.c:2160\nsp : ffff8000a1957600\nx29: ffff8000a1957610 x28: dfff800000000000 x27: ffff0000e30e34b0\nx26: 0000000000000000 x25: dfff800000000000 x24: dfff800000000000\nx23: fffffdffc397c9e0 x22: 0000000000000020 x21: 0000000000000020\nx20: 0000000000000040 x19: fffffdffc397c9c0 x18: 1fffe000367bd196\nx17: ffff80008eead000 x16: ffff80008ae89e3c x15: 00000000200000c0\nx14: 1fffe0001cbe4e04 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000001 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 0000000000000004 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : fffffdffc397c9c0 x4 : 0000000000000020 x3 : 0000000000000020\nx2 : 0000000000000040 x1 : 0000000000000020 x0 : fffffdffc397c9c0\nCall trace:\n __block_commit_write+0x64/0x2b0 fs/buffer.c:2167\n block_write_end+0xb4/0x104 fs/buffer.c:2253\n ext4_da_do_write_end fs/ext4/inode.c:2955 [inline]\n ext4_da_write_end+0x2c4/0xa40 fs/ext4/inode.c:3028\n generic_perform_write+0x394/0x588 mm/filemap.c:3985\n ext4_buffered_write_iter+0x2c0/0x4ec fs/ext4/file.c:299\n ext4_file_write_iter+0x188/0x1780\n call_write_iter include/linux/fs.h:2110 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x968/0xc3c fs/read_write.c:590\n ksys_write+0x15c/0x26c fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __arm64_sys_write+0x7c/0x90 fs/read_write.c:652\n __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\nCode: 97f85911 f94002da 91008356 d343fec8 (38796908)\n---[ end trace 0000000000000000 ]---\n----------------\nCode disassembly (best guess):\n 0:\t97f85911 \tbl\t0xffffffffffe16444\n 4:\tf94002da \tldr\tx26, [x22]\n 8:\t91008356 \tadd\tx22, x26, #0x20\n c:\td343fec8 \tlsr\tx8, x22, #3\n* 10:\t38796908 \tldrb\tw8, [x8, x25] <-- trapping instruction"
"value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "3f6bbe6e07e5"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.6.47",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10.5",
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.11-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3f6bbe6e07e5239294ecc3d2efa70d1f98aed52e"
},
{
"url": "https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f619876ccbfd329ae785fe5d3289b9dcd6eb5901"
},
{
"url": "https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/83f4414b8f84249d538905825b088ff3ae555652"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

5
2024/44xxx/CVE-2024-44944.json
View File

@ -164,6 +164,11 @@
"url": "https://git.kernel.org/stable/c/782161895eb4ac45cf7cfa8db375bd4766cb8299",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/782161895eb4ac45cf7cfa8db375bd4766cb8299"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1182/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1182/"
}
]
},

96
2024/7xxx/CVE-2024-7618.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7618",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018content\u2019 parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "peepso",
"product": {
"product_data": [
{
"product_name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "6.4.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/edf2e060-5ae4-4b46-bc68-22ae5f516fe8?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/edf2e060-5ae4-4b46-bc68-22ae5f516fe8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/peepso-core/tags/6.4.4.0/templates/reactions/admin_reaction.php#L112",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/peepso-core/tags/6.4.4.0/templates/reactions/admin_reaction.php#L112"
},
{
"url": "https://wordpress.org/plugins/peepso-core/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/peepso-core/#developers"
},
{
"url": "https://www.peepso.com/changelog/",
"refsource": "MISC",
"name": "https://www.peepso.com/changelog/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3147528/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3147528/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/peepso-core/tags/6.4.6.0/classes/adminconfigreactions.php?rev=3147528#L88",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/peepso-core/tags/6.4.6.0/classes/adminconfigreactions.php?rev=3147528#L88"
}
]
},
"credits": [
{
"lang": "en",
"value": "Tieu Pham Trong Nhan"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
}
]
}

96
2024/7xxx/CVE-2024-7655.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "peepso",
"product": {
"product_data": [
{
"product_name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "6.4.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e85ee611-ae81-4736-b4f0-b9d06714da18?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e85ee611-ae81-4736-b4f0-b9d06714da18?source=cve"
},
{
"url": "https://wordpress.org/plugins/peepso-core/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/peepso-core/#developers"
},
{
"url": "https://www.peepso.com/6-4-6-0/",
"refsource": "MISC",
"name": "https://www.peepso.com/6-4-6-0/"
},
{
"url": "https://www.peepso.com/changelog/",
"refsource": "MISC",
"name": "https://www.peepso.com/changelog/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/peepso-core/tags/6.4.6.0/classes/adminconfigfields.php?rev=3147528#L17",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/peepso-core/tags/6.4.6.0/classes/adminconfigfields.php?rev=3147528#L17"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3147528/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3147528/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Tieu Pham Trong Nhan"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
}
]
}

18
2024/8xxx/CVE-2024-8643.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8643",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8644.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8644",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}