admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-17 08:00:34 +00:00
parent 60fb47af3a
commit 3f77401e7d
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
4 changed files with 355 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
2024/36xxx/CVE-2024-36277.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36277",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper verification of cryptographic signature issue exists in \"FreeFrom - the nostr client\" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Verification of Cryptographic Signature"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeFrom K.K.",
"product": {
"product_data": [
{
"product_name": "\"FreeFrom - the nostr client\" App for Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "prior to 1.3.5"
}
]
}
},
{
"product_name": "\"FreeFrom - the nostr client\" App for iOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "prior to 1.3.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://freefrom.space/",
"refsource": "MISC",
"name": "https://freefrom.space/"
},
{
"url": "https://play.google.com/store/apps/details?id=com.freefrom",
"refsource": "MISC",
"name": "https://play.google.com/store/apps/details?id=com.freefrom"
},
{
"url": "https://apps.apple.com/us/app/freefrom-the-nostr-client/id6446819930",
"refsource": "MISC",
"name": "https://apps.apple.com/us/app/freefrom-the-nostr-client/id6446819930"
},
{
"url": "https://jvn.jp/en/jp/JVN55045256/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN55045256/"
}
]
}

79
2024/36xxx/CVE-2024-36279.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36279",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in \"FreeFrom - the nostr client\" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reliance on obfuscation or encryption of security-relevant inputs without integrity checking"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeFrom K.K.",
"product": {
"product_data": [
{
"product_name": "\"FreeFrom - the nostr client\" App for Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "prior to 1.3.5"
}
]
}
},
{
"product_name": "\"FreeFrom - the nostr client\" App for iOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "prior to 1.3.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://freefrom.space/",
"refsource": "MISC",
"name": "https://freefrom.space/"
},
{
"url": "https://play.google.com/store/apps/details?id=com.freefrom",
"refsource": "MISC",
"name": "https://play.google.com/store/apps/details?id=com.freefrom"
},
{
"url": "https://apps.apple.com/us/app/freefrom-the-nostr-client/id6446819930",
"refsource": "MISC",
"name": "https://apps.apple.com/us/app/freefrom-the-nostr-client/id6446819930"
},
{
"url": "https://jvn.jp/en/jp/JVN55045256/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN55045256/"
}
]
}

79
2024/36xxx/CVE-2024-36289.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36289",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Reusing a nonce, key pair in encryption issue exists in \"FreeFrom - the nostr client\" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reusing a nonce, key pair in encryption"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeFrom K.K.",
"product": {
"product_data": [
{
"product_name": "\"FreeFrom - the nostr client\" App for Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "prior to 1.3.5"
}
]
}
},
{
"product_name": "\"FreeFrom - the nostr client\" App for iOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "prior to 1.3.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://freefrom.space/",
"refsource": "MISC",
"name": "https://freefrom.space/"
},
{
"url": "https://play.google.com/store/apps/details?id=com.freefrom",
"refsource": "MISC",
"name": "https://play.google.com/store/apps/details?id=com.freefrom"
},
{
"url": "https://apps.apple.com/us/app/freefrom-the-nostr-client/id6446819930",
"refsource": "MISC",
"name": "https://apps.apple.com/us/app/freefrom-the-nostr-client/id6446819930"
},
{
"url": "https://jvn.jp/en/jp/JVN55045256/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN55045256/"
}
]
}

134
2024/6xxx/CVE-2024-6048.json
View File

@ -1,17 +1,143 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6048",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Openfind",
"product": {
"product_data": [
{
"product_name": "MailGates 5.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "earlier",
"version_value": "Patch 5.2.10.094"
}
]
}
},
{
"product_name": "MailAudit 5.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "earlier",
"version_value": "Patch 5.2.10.094"
}
]
}
},
{
"product_name": "MailGates 6.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "earlier",
"version_value": "Patch 6.1.7.037"
}
]
}
},
{
"product_name": "MailAudit 6.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "earlier",
"version_value": "Patch 6.1.7.037"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7885-a8013-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-7885-a8013-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-7886-20b61-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-7886-20b61-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202406016",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update MailGates/MailAudit v5.0 to Patch 5.2.10.094 or later.<br>Update MailAudit/MailAudit v6.0 to Patch 6.1.7.037 or later.<br>"
}
],
"value": "Update MailGates/MailAudit v5.0 to Patch 5.2.10.094 or later.\nUpdate MailAudit/MailAudit v6.0 to Patch 6.1.7.037 or later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}