From 3c0d29150ec5974494964457f886c0c4ed6df841 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Apr 2024 14:10:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/42xxx/CVE-2023-42790.json | 40 +------------ 2023/48xxx/CVE-2023-48788.json | 4 +- 2024/0xxx/CVE-2024-0743.json | 40 ++++++++++++- 2024/2xxx/CVE-2024-2169.json | 5 ++ 2024/2xxx/CVE-2024-2605.json | 101 +++++++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2606.json | 67 ++++++++++++++++++++-- 2024/2xxx/CVE-2024-2607.json | 101 +++++++++++++++++++++++++++++++-- 2024/2xxx/CVE-2024-2608.json | 101 +++++++++++++++++++++++++++++++-- 8 files changed, 397 insertions(+), 62 deletions(-) diff --git a/2023/42xxx/CVE-2023-42790.json b/2023/42xxx/CVE-2023-42790.json index 44c27825374..43aaae5f0a8 100644 --- a/2023/42xxx/CVE-2023-42790.json +++ b/2023/42xxx/CVE-2023-42790.json @@ -92,40 +92,6 @@ } ] } - }, - { - "product_name": "FortiSwitchManager", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "7.2.0", - "version_value": "7.2.2" - }, - { - "version_affected": "<=", - "version_name": "7.0.0", - "version_value": "7.0.2" - } - ] - } - }, - { - "product_name": "FortiPAM", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "1.1.0", - "version_value": "1.1.2" - }, - { - "version_affected": "<=", - "version_name": "1.0.0", - "version_value": "1.0.3" - } - ] - } } ] } @@ -136,16 +102,16 @@ "references": { "reference_data": [ { - "url": "https://fortiguard.com/psirt/FG-IR-23-327", + "url": "https://fortiguard.com/psirt/FG-IR-23-328", "refsource": "MISC", - "name": "https://fortiguard.com/psirt/FG-IR-23-327" + "name": "https://fortiguard.com/psirt/FG-IR-23-328" } ] }, "solution": [ { "lang": "en", - "value": "Please upgrade to FortiOS version 7.4.2 or above\r\nPlease upgrade to FortiOS version 7.2.6 or above\r\nPlease upgrade to FortiOS version 7.0.13 or above\r\nPlease upgrade to FortiOS version 6.4.15 or above\r\nPlease upgrade to FortiOS version 6.2.16 or above\r\nPlease upgrade to FortiProxy version 7.4.1 or above\r\nPlease upgrade to FortiProxy version 7.2.7 or above\r\nPlease upgrade to FortiProxy version 7.0.13 or above\r\nPlease upgrade to FortiProxy version 2.0.14 or above\r\nFortinet in Q3/23 has remediated this issue in FortiSASE version 23.3.b and hence the customers need not perform any action.\r\n" + "value": "Please upgrade to FortiOS version 7.4.2 or above\nPlease upgrade to FortiOS version 7.2.6 or above\nPlease upgrade to FortiOS version 7.0.13 or above\nPlease upgrade to FortiOS version 6.4.15 or above\nPlease upgrade to FortiOS version 6.2.16 or above\nPlease upgrade to FortiProxy version 7.4.1 or above\nPlease upgrade to FortiProxy version 7.2.7 or above\nPlease upgrade to FortiProxy version 7.0.13 or above\nPlease upgrade to FortiProxy version 2.0.14 or above\nFortinet in Q3/23 has remediated this issue in FortiSASE version 23.3.b and hence the customers need not perform any action.\n" } ], "impact": { diff --git a/2023/48xxx/CVE-2023-48788.json b/2023/48xxx/CVE-2023-48788.json index 1b03519d26e..0ba8d1bdbb9 100644 --- a/2023/48xxx/CVE-2023-48788.json +++ b/2023/48xxx/CVE-2023-48788.json @@ -61,9 +61,9 @@ "references": { "reference_data": [ { - "url": "https://fortiguard.com/psirt/FG-IR-23-430", + "url": "https://fortiguard.com/psirt/FG-IR-24-007", "refsource": "MISC", - "name": "https://fortiguard.com/psirt/FG-IR-23-430" + "name": "https://fortiguard.com/psirt/FG-IR-24-007" } ] }, diff --git a/2024/0xxx/CVE-2024-0743.json b/2024/0xxx/CVE-2024-0743.json index 891c0dcb529..c95cdab618b 100644 --- a/2024/0xxx/CVE-2024-0743.json +++ b/2024/0xxx/CVE-2024-0743.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122." + "value": "An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9." } ] }, @@ -45,6 +45,30 @@ } ] } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.9" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.9" + } + ] + } } ] } @@ -59,15 +83,25 @@ "refsource": "MISC", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1867408" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html" + }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/", "refsource": "MISC", "name": "https://www.mozilla.org/security/advisories/mfsa2024-01/" }, { - "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html", + "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/", "refsource": "MISC", - "name": "https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html" + "name": "https://www.mozilla.org/security/advisories/mfsa2024-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/" } ] }, diff --git a/2024/2xxx/CVE-2024-2169.json b/2024/2xxx/CVE-2024-2169.json index 44990551298..317c5e64589 100644 --- a/2024/2xxx/CVE-2024-2169.json +++ b/2024/2xxx/CVE-2024-2169.json @@ -95,6 +95,11 @@ "url": "https://kb.cert.org/vuls/id/417980", "refsource": "MISC", "name": "https://kb.cert.org/vuls/id/417980" + }, + { + "url": "https://www.kb.cert.org/vuls/id/417980", + "refsource": "MISC", + "name": "https://www.kb.cert.org/vuls/id/417980" } ] }, diff --git a/2024/2xxx/CVE-2024-2605.json b/2024/2xxx/CVE-2024-2605.json index 5ee27b3d09d..dcf3f2db137 100644 --- a/2024/2xxx/CVE-2024-2605.json +++ b/2024/2xxx/CVE-2024-2605.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Windows Error Reporter could be used as a Sandbox escape vector" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "124" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.9" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1872920", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1872920" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-12/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "goodbyeselene" + } + ] } \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2606.json b/2024/2xxx/CVE-2024-2606.json index 429cb6509d7..ac2e6216074 100644 --- a/2024/2xxx/CVE-2024-2606.json +++ b/2024/2xxx/CVE-2024-2606.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Mishandling of WASM register values" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "124" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879237", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879237" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-12/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "P1umer" + } + ] } \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2607.json b/2024/2xxx/CVE-2024-2607.json index 2047574f82d..a8f3b432f3b 100644 --- a/2024/2xxx/CVE-2024-2607.json +++ b/2024/2xxx/CVE-2024-2607.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2607", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "JIT code failed to save return registers on Armv7-A" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "124" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.9" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879939", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1879939" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-12/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Gary Kwong" + } + ] } \ No newline at end of file diff --git a/2024/2xxx/CVE-2024-2608.json b/2024/2xxx/CVE-2024-2608.json index 71da8457a28..27f577df4c8 100644 --- a/2024/2xxx/CVE-2024-2608.json +++ b/2024/2xxx/CVE-2024-2608.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2608", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow could have led to out of bounds write" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "124" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.9" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1880692", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1880692" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-12/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-13/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2024-14/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Ronald Crane" + } + ] } \ No newline at end of file