admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-03-05 23:00:35 +00:00
parent 8aa07d4c88
commit 2831562337
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
18 changed files with 865 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
2023/45xxx/CVE-2023-45289.json
View File

@ -1,18 +1,107 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-45289", "ID": "CVE-2023-45289",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@golang.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded."
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go standard library",
"product": {
"product_data": [
{
"product_name": "net/http",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.21.8"
},
{
"version_affected": "<",
"version_name": "1.22.0-0",
"version_value": "1.22.1"
}
]
}
},
{
"product_name": "net/http/cookiejar",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.21.8"
},
{
"version_affected": "<",
"version_name": "1.22.0-0",
"version_value": "1.22.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/issue/65065",
"refsource": "MISC",
"name": "https://go.dev/issue/65065"
},
{
"url": "https://go.dev/cl/569340",
"refsource": "MISC",
"name": "https://go.dev/cl/569340"
},
{
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2600",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2024-2600"
}
]
},
"credits": [
{
"lang": "en",
"value": "Juho Nurminen of Mattermost"
}
]
} }

82
2023/45xxx/CVE-2023-45290.json
View File

@ -1,18 +1,90 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-45290", "ID": "CVE-2023-45290",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@golang.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines."
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go standard library",
"product": {
"product_data": [
{
"product_name": "net/textproto",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.21.8"
},
{
"version_affected": "<",
"version_name": "1.22.0-0",
"version_value": "1.22.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/issue/65383",
"refsource": "MISC",
"name": "https://go.dev/issue/65383"
},
{
"url": "https://go.dev/cl/569341",
"refsource": "MISC",
"name": "https://go.dev/cl/569341"
},
{
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2599",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2024-2599"
}
]
},
"credits": [
{
"lang": "en",
"value": "Bartek Nowotarski"
}
]
} }

56
2023/48xxx/CVE-2023-48644.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-48644",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2023-48644",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-48644",
"refsource": "MISC",
"name": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-48644"
} }
] ]
} }

89
2023/52xxx/CVE-2023-52521.json
View File

@ -5,99 +5,14 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-52521", "ID": "CVE-2023-52521",
"ASSIGNER": "cve@kernel.org", "ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Annotate bpf_long_memcpy with data_race\n\nsyzbot reported a data race splat between two processes trying to\nupdate the same BPF map value via syscall on different CPUs:\n\n BUG: KCSAN: data-race in bpf_percpu_array_update / bpf_percpu_array_update\n\n write to 0xffffe8fffe7425d8 of 8 bytes by task 8257 on cpu 1:\n bpf_long_memcpy include/linux/bpf.h:428 [inline]\n bpf_obj_memcpy include/linux/bpf.h:441 [inline]\n copy_map_value_long include/linux/bpf.h:464 [inline]\n bpf_percpu_array_update+0x3bb/0x500 kernel/bpf/arraymap.c:380\n bpf_map_update_value+0x190/0x370 kernel/bpf/syscall.c:175\n generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1749\n bpf_map_do_batch+0x2df/0x3d0 kernel/bpf/syscall.c:4648\n __sys_bpf+0x28a/0x780\n __do_sys_bpf kernel/bpf/syscall.c:5241 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5239 [inline]\n __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5239\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n write to 0xffffe8fffe7425d8 of 8 bytes by task 8268 on cpu 0:\n bpf_long_memcpy include/linux/bpf.h:428 [inline]\n bpf_obj_memcpy include/linux/bpf.h:441 [inline]\n copy_map_value_long include/linux/bpf.h:464 [inline]\n bpf_percpu_array_update+0x3bb/0x500 kernel/bpf/arraymap.c:380\n bpf_map_update_value+0x190/0x370 kernel/bpf/syscall.c:175\n generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1749\n bpf_map_do_batch+0x2df/0x3d0 kernel/bpf/syscall.c:4648\n __sys_bpf+0x28a/0x780\n __do_sys_bpf kernel/bpf/syscall.c:5241 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5239 [inline]\n __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5239\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n value changed: 0x0000000000000000 -> 0xfffffff000002788\n\nThe bpf_long_memcpy is used with 8-byte aligned pointers, power-of-8 size\nand forced to use long read/writes to try to atomically copy long counters.\nIt is best-effort only and no barriers are here since it _will_ race with\nconcurrent updates from BPF programs. The bpf_long_memcpy() is called from\nbpf(2) syscall. Marco suggested that the best way to make this known to\nKCSAN would be to use data_race() annotation." "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "5685f8a6fae1"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.56",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.5.6",
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5685f8a6fae1fbe480493b980a1fdbe67c86a094",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5685f8a6fae1fbe480493b980a1fdbe67c86a094"
},
{
"url": "https://git.kernel.org/stable/c/e562de67dc9196f2415f117796a2108c00ac7fc6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e562de67dc9196f2415f117796a2108c00ac7fc6"
},
{
"url": "https://git.kernel.org/stable/c/6a86b5b5cd76d2734304a0173f5f01aa8aa2025e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/6a86b5b5cd76d2734304a0173f5f01aa8aa2025e"
}
]
},
"generator": {
"engine": "bippy-4986f5686161"
} }
} }

56
2024/24xxx/CVE-2024-24275.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-24275",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-24275",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/",
"refsource": "MISC",
"name": "https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/"
} }
] ]
} }

56
2024/24xxx/CVE-2024-24276.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-24276",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-24276",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/",
"refsource": "MISC",
"name": "https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/"
} }
] ]
} }

56
2024/24xxx/CVE-2024-24278.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-24278",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-24278",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/",
"refsource": "MISC",
"name": "https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/"
} }
] ]
} }

82
2024/24xxx/CVE-2024-24783.json
View File

@ -1,18 +1,90 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-24783", "ID": "CVE-2024-24783",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@golang.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates."
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go standard library",
"product": {
"product_data": [
{
"product_name": "crypto/x509",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.21.8"
},
{
"version_affected": "<",
"version_name": "1.22.0-0",
"version_value": "1.22.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/issue/65390",
"refsource": "MISC",
"name": "https://go.dev/issue/65390"
},
{
"url": "https://go.dev/cl/569339",
"refsource": "MISC",
"name": "https://go.dev/cl/569339"
},
{
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2598",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2024-2598"
}
]
},
"credits": [
{
"lang": "en",
"value": "John Howard (Google)"
}
]
} }

86
2024/24xxx/CVE-2024-24784.json
View File

@ -1,18 +1,94 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-24784", "ID": "CVE-2024-24784",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@golang.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers."
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go standard library",
"product": {
"product_data": [
{
"product_name": "net/mail",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.21.8"
},
{
"version_affected": "<",
"version_name": "1.22.0-0",
"version_value": "1.22.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/issue/65083",
"refsource": "MISC",
"name": "https://go.dev/issue/65083"
},
{
"url": "https://go.dev/cl/555596",
"refsource": "MISC",
"name": "https://go.dev/cl/555596"
},
{
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2609",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2024-2609"
}
]
},
"credits": [
{
"lang": "en",
"value": "Juho Nurminen of Mattermost"
},
{
"lang": "en",
"value": "Slonser (https://github.com/Slonser)"
}
]
} }

82
2024/24xxx/CVE-2024-24785.json
View File

@ -1,18 +1,90 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-24785", "ID": "CVE-2024-24785",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@golang.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates."
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Go standard library",
"product": {
"product_data": [
{
"product_name": "html/template",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.21.8"
},
{
"version_affected": "<",
"version_name": "1.22.0-0",
"version_value": "1.22.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/issue/65697",
"refsource": "MISC",
"name": "https://go.dev/issue/65697"
},
{
"url": "https://go.dev/cl/564196",
"refsource": "MISC",
"name": "https://go.dev/cl/564196"
},
{
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"refsource": "MISC",
"name": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2610",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2024-2610"
}
]
},
"credits": [
{
"lang": "en",
"value": "RyotaK (https://ryotak.net)"
}
]
} }

71
2024/24xxx/CVE-2024-24786.json
View File

@ -1,17 +1,80 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-24786", "ID": "CVE-2024-24786",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@golang.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1286: Improper Validation of Syntactic Correctness of Input"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "google.golang.org/protobuf",
"product": {
"product_data": [
{
"product_name": "google.golang.org/protobuf/encoding/protojson",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.33.0"
}
]
}
},
{
"product_name": "google.golang.org/protobuf/internal/encoding/json",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.33.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://go.dev/cl/569356",
"refsource": "MISC",
"name": "https://go.dev/cl/569356"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2611",
"refsource": "MISC",
"name": "https://pkg.go.dev/vuln/GO-2024-2611"
} }
] ]
} }

56
2024/27xxx/CVE-2024-27764.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-27764",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-27764",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90",
"refsource": "MISC",
"name": "https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90"
} }
] ]
} }

56
2024/27xxx/CVE-2024-27765.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-27765",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2024-27765",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90",
"refsource": "MISC",
"name": "https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90"
} }
] ]
} }

18
2024/2xxx/CVE-2024-2205.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2205",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/2xxx/CVE-2024-2206.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2206",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/2xxx/CVE-2024-2207.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2207",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/2xxx/CVE-2024-2208.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2208",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/2xxx/CVE-2024-2209.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}