admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-16 16:00:33 +00:00
parent e5dd0ce0a7
commit 3d7e25343a
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
20 changed files with 1354 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2023/50xxx/CVE-2023-50872.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-50872",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-50872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** DISPUTED ** The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions \"Vendor says that it's not a security issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://help.accredible.com/accredible-product-release-notes",
"refsource": "MISC",
"name": "https://help.accredible.com/accredible-product-release-notes"
},
{
"refsource": "MISC",
"name": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-50872",
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-50872"
}
]
}

19
2024/2xxx/CVE-2024-2609.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The permission prompt input delay could have expired while the window is not in focus, which made the prompt vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124."
"value": "The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124 and Firefox ESR < 115.10."
}
]
},
@ -45,6 +45,18 @@
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.10"
}
]
}
}
]
}
@ -63,6 +75,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-12/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-12/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-19/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
}
]
},

89
2024/3xxx/CVE-2024-3302.json
View File

@ -1,18 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3302",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service using HTTP/2 CONTINUATION frames"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1881183",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1881183"
},
{
"url": "https://kb.cert.org/vuls/id/421644",
"refsource": "MISC",
"name": "https://kb.cert.org/vuls/id/421644"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-19/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Bartek Nowotarski via CERT"
}
]
}

84
2024/3xxx/CVE-2024-3852.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3852",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "GetBoundName in the JIT returned the wrong object"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1883542",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1883542"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-19/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Logan Stratton"
}
]
}

67
2024/3xxx/CVE-2024-3853.json
View File

@ -1,18 +1,75 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3853",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free if garbage collection runs during realm initialization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1884427",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1884427"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Gary Kwong"
}
]
}

84
2024/3xxx/CVE-2024-3854.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3854",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds-read after mis-optimized switch statement"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1884552",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1884552"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-19/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lukas Bernhard"
}
]
}

67
2024/3xxx/CVE-2024-3855.json
View File

@ -1,18 +1,75 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3855",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox < 125."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect JIT optimization of MSubstr leads to out-of-bounds reads"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1885828",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1885828"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lukas Bernhard"
}
]
}

67
2024/3xxx/CVE-2024-3856.json
View File

@ -1,18 +1,75 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3856",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects Firefox < 125."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free in WASM garbage collection"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1885829",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1885829"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Nan Wang"
}
]
}

84
2024/3xxx/CVE-2024-3857.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3857",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect JITting of arguments led to use-after-free during garbage collection"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1886683",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1886683"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-19/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lukas Bernhard"
}
]
}

67
2024/3xxx/CVE-2024-3858.json
View File

@ -1,18 +1,75 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3858",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Corrupt pointer dereference in js::CheckTracedThing"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1888892",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1888892"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lukas Bernhard"
}
]
}

84
2024/3xxx/CVE-2024-3859.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3859",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer-overflow led to out-of-bounds-read in the OpenType sanitizer"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874489",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874489"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-19/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Ronald Crane"
}
]
}

67
2024/3xxx/CVE-2024-3860.json
View File

@ -1,18 +1,75 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3860",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox < 125."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Crash when tracing empty shape lists"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1881417",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1881417"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Gary Kwong"
}
]
}

84
2024/3xxx/CVE-2024-3861.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3861",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Potential use-after-free due to AlignedBuffer self-move"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1883158",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1883158"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-19/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Ronald Crane"
}
]
}

67
2024/3xxx/CVE-2024-3862.json
View File

@ -1,18 +1,75 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3862",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability affects Firefox < 125."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Potential use of uninitialized memory in MarkStack assignment operator on self-assignment"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1884457",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1884457"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Ronald Crane"
}
]
}

84
2024/3xxx/CVE-2024-3863.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3863",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The executable file warning was not presented when downloading .xrm-ms files. \n*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125 and Firefox ESR < 115.10."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Download Protections were bypassed by .xrm-ms files on Windows"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1885855",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1885855"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-19/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Eduardo Braun Prado working with Trend Micro Zero Day Initiative"
}
]
}

84
2024/3xxx/CVE-2024-3864.json
View File

@ -1,18 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3864",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1888333",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1888333"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-19/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-19/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Paul Bone"
}
]
}

67
2024/3xxx/CVE-2024-3865.json
View File

@ -1,18 +1,75 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3865",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "125"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1881076%2C1884887%2C1885359%2C1889049",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1881076%2C1884887%2C1885359%2C1889049"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-18/"
}
]
},
"credits": [
{
"lang": "en",
"value": "the Mozilla Fuzzing Team, Simon Friedberger, Andrew McCreight"
}
]
}

100
2024/3xxx/CVE-2024-3873.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3873",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has been classified as problematic. This affects an unknown part of the component Web Interface. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260907."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in SMI SMI-EX-5414W bis 1.0.03 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Komponente Web Interface. Durch das Beeinflussen mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SMI",
"product": {
"product_data": [
{
"product_name": "SMI-EX-5414W",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.03"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.260907",
"refsource": "MISC",
"name": "https://vuldb.com/?id.260907"
},
{
"url": "https://vuldb.com/?ctiid.260907",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.260907"
},
{
"url": "https://vuldb.com/?submit.312623",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.312623"
},
{
"url": "https://drive.google.com/file/d/1ekMbzI-lv6M02HttjFoQHWG8nZOIwPbf/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1ekMbzI-lv6M02HttjFoQHWG8nZOIwPbf/view?usp=sharing"
}
]
},
"credits": [
{
"lang": "en",
"value": "faiyazahmad (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
}
]
}

100
2024/3xxx/CVE-2024-3874.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3874",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260908. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In Tenda W20E 15.11.0.6 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion formSetRemoteWebManage der Datei /goform/SetRemoteWebManage. Durch Beeinflussen des Arguments remoteIP mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "W20E",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15.11.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.260908",
"refsource": "MISC",
"name": "https://vuldb.com/?id.260908"
},
{
"url": "https://vuldb.com/?ctiid.260908",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.260908"
},
{
"url": "https://vuldb.com/?submit.312816",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.312816"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W20E/formSetRemoteWebManage.md",
"refsource": "MISC",
"name": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W20E/formSetRemoteWebManage.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "wxhwxhwxh_mie (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
}
]
}

18
2024/3xxx/CVE-2024-3885.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3885",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}