admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-13 23:00:33 +00:00
parent 163d599535
commit 251d258a99
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
13 changed files with 283 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2023/4xxx/CVE-2023-4039.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n"
"value": "** DISPUTED ** \n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n"
}
]
},

56
2024/31xxx/CVE-2024-31777.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31777",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-31777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/FreySolarEye/Exploit-CVE-2024-31777",
"url": "https://github.com/FreySolarEye/Exploit-CVE-2024-31777"
}
]
}

56
2024/33xxx/CVE-2024-33253.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33253",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-33253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/FreySolarEye/CVE/blob/master/GUnet%20OpenEclass%20E-learning%20platform%203.15%20-%20'certbadge.php'%20Stored%20Cross%20Site%20Scripting",
"url": "https://github.com/FreySolarEye/CVE/blob/master/GUnet%20OpenEclass%20E-learning%20platform%203.15%20-%20'certbadge.php'%20Stored%20Cross%20Site%20Scripting"
}
]
}

5
2024/37xxx/CVE-2024-37408.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2024/06/13/2",
"url": "https://www.openwall.com/lists/oss-security/2024/06/13/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20240613 Re: Security vulnerability in fprintd",
"url": "http://www.openwall.com/lists/oss-security/2024/06/13/3"
}
]
}

23
2024/5xxx/CVE-2024-5688.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12."
"value": "If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.12"
}
]
}
}
]
}
@ -71,6 +83,11 @@
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895086"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-25/",
"refsource": "MISC",
@ -82,9 +99,9 @@
"name": "https://www.mozilla.org/security/advisories/mfsa2024-26/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-28/",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
"name": "https://www.mozilla.org/security/advisories/mfsa2024-28/"
}
]
},

23
2024/5xxx/CVE-2024-5690.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12."
"value": "By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.12"
}
]
}
}
]
}
@ -71,6 +83,11 @@
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1883693"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-25/",
"refsource": "MISC",
@ -82,9 +99,9 @@
"name": "https://www.mozilla.org/security/advisories/mfsa2024-26/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-28/",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
"name": "https://www.mozilla.org/security/advisories/mfsa2024-28/"
}
]
},

23
2024/5xxx/CVE-2024-5691.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12."
"value": "By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.12"
}
]
}
}
]
}
@ -71,6 +83,11 @@
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1888695"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-25/",
"refsource": "MISC",
@ -82,9 +99,9 @@
"name": "https://www.mozilla.org/security/advisories/mfsa2024-26/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-28/",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
"name": "https://www.mozilla.org/security/advisories/mfsa2024-28/"
}
]
},

26
2024/5xxx/CVE-2024-5692.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "On Windows, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12."
"value": "On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.12"
}
]
}
}
]
}
@ -66,11 +78,6 @@
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837514",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837514"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1891234",
"refsource": "MISC",
@ -85,13 +92,18 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-26/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-26/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-28/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-28/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Raphael Shaniyazov and Axel Chong (@Haxatron)"
"value": "Raphael Shaniyazov"
}
]
}

23
2024/5xxx/CVE-2024-5693.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12."
"value": "Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.12"
}
]
}
}
]
}
@ -71,6 +83,11 @@
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1891319"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-25/",
"refsource": "MISC",
@ -82,9 +99,9 @@
"name": "https://www.mozilla.org/security/advisories/mfsa2024-26/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-28/",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
"name": "https://www.mozilla.org/security/advisories/mfsa2024-28/"
}
]
},

23
2024/5xxx/CVE-2024-5696.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "By manipulating the text in an `&lt;input&gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12."
"value": "By manipulating the text in an `&lt;input&gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.12"
}
]
}
}
]
}
@ -71,6 +83,11 @@
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1896555"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-25/",
"refsource": "MISC",
@ -82,9 +99,9 @@
"name": "https://www.mozilla.org/security/advisories/mfsa2024-26/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-28/",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
"name": "https://www.mozilla.org/security/advisories/mfsa2024-28/"
}
]
},

23
2024/5xxx/CVE-2024-5700.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12."
"value": "Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.12"
}
]
}
}
]
}
@ -71,6 +83,11 @@
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1862809%2C1889355%2C1893388%2C1895123"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-25/",
"refsource": "MISC",
@ -82,9 +99,9 @@
"name": "https://www.mozilla.org/security/advisories/mfsa2024-26/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-28/",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
"name": "https://www.mozilla.org/security/advisories/mfsa2024-28/"
}
]
},

23
2024/5xxx/CVE-2024-5702.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125 and Firefox ESR < 115.12."
"value": "Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.12"
}
]
}
}
]
}
@ -71,6 +83,11 @@
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1193389"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
@ -82,9 +99,9 @@
"name": "https://www.mozilla.org/security/advisories/mfsa2024-26/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-28/",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00000.html"
"name": "https://www.mozilla.org/security/advisories/mfsa2024-28/"
}
]
},

18
2024/5xxx/CVE-2024-5993.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5993",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}