admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-13 21:00:34 +00:00
parent bb2e18e1b3
commit 20f8796d2d
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 420 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2024/32xxx/CVE-2024-32929.json
View File

@ -1,17 +1,62 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-32929",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "dsap-vuln-management@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Android kernel"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-05-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2024-05-01"
}
]
}

2
2024/35xxx/CVE-2024-35255.json
View File

@ -102,7 +102,7 @@
{
"version_affected": "<",
"version_name": "1.0.0",
"version_value": "1.7.0"
"version_value": "1.8.0"
}
]
}

67
2024/38xxx/CVE-2024-38312.json
View File

@ -1,18 +1,75 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38312",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Private tabs could result in residual data related to browsing history in app bundle"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox for iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "127"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1878578",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1878578"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-27/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-27/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Adam Berry"
}
]
}

67
2024/38xxx/CVE-2024-38313.json
View File

@ -1,18 +1,75 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38313",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Location URL bar could be visually spoofed with a fake toolbar"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox for iOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "127"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1878489",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1878489"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-27/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-27/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Muneaki Nishimura"
}
]
}

98
2024/4xxx/CVE-2024-4696.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4696",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@lenovo.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lenovo",
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.0.2.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-163429",
"refsource": "MISC",
"name": "https://support.lenovo.com/us/en/product_security/LEN-163429"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div><div><div><p>Upgrade to the Lenovo Service Bridge version 5.0.2.17 or later. If you previously installed Lenovo Service Bridge, the update will be performed automatically.</p></div></div></div>"
}
],
"value": "Upgrade to the Lenovo Service Bridge version 5.0.2.17 or later. If you previously installed Lenovo Service Bridge, the update will be performed automatically."
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Darrel Huang of the Trend Micro Zero Day Initiative for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

81
2024/5xxx/CVE-2024-5758.json
View File

@ -5,90 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2024-5758",
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterMobileText parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpxpo",
"product": {
"product_data": [
{
"product_name": "Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "4.0.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4dcc3f47-8504-4aa6-af60-03edeaa39fd7?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4dcc3f47-8504-4aa6-af60-03edeaa39fd7?source=cve"
},
{
"url": "https://research.cleantalk.org/cve-2024-4305/",
"refsource": "MISC",
"name": "https://research.cleantalk.org/cve-2024-4305/"
},
{
"url": "https://wpscan.com/vulnerability/635be98d-4c17-4e75-871f-9794d85a2eb1/",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/635be98d-4c17-4e75-871f-9794d85a2eb1/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3088956%40ultimate-post%2Ftrunk&old=3076390%40ultimate-post%2Ftrunk&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3088956%40ultimate-post%2Ftrunk&old=3076390%40ultimate-post%2Ftrunk&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Dmitrii Ignatyev"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
"value": "** REJECT ** Duplicate of CVE-2024-4305. Please use CVE-2024-4305 instead."
}
]
}

100
2024/5xxx/CVE-2024-5976.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5976",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. Affected is the function log_employee of the file /classes/Master.php?f=log_employee. The manipulation of the argument employee_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268422 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 ausgemacht. Es geht dabei um die Funktion log_employee der Datei /classes/Master.php?f=log_employee. Dank der Manipulation des Arguments employee_code mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Employee and Visitor Gate Pass Logging System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.268422",
"refsource": "MISC",
"name": "https://vuldb.com/?id.268422"
},
{
"url": "https://vuldb.com/?ctiid.268422",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.268422"
},
{
"url": "https://vuldb.com/?submit.355692",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.355692"
},
{
"url": "https://github.com/Xu-Mingming/cve/blob/main/sql.md",
"refsource": "MISC",
"name": "https://github.com/Xu-Mingming/cve/blob/main/sql.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "Xu Mingming (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2024/5xxx/CVE-2024-5988.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5988",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5989.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5989",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/5xxx/CVE-2024-5990.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5990",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}