From 460d8f7645bdae2919e24bc341b49d0db559e364 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 10 Apr 2024 19:02:03 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/46xxx/CVE-2021-46905.json | 32 +------ 2023/31xxx/CVE-2023-31028.json | 78 +++++++++++++++- 2023/36xxx/CVE-2023-36643.json | 70 +++++++++++++-- 2023/36xxx/CVE-2023-36644.json | 70 +++++++++++++-- 2023/36xxx/CVE-2023-36645.json | 70 +++++++++++++-- 2024/0xxx/CVE-2024-0072.json | 78 +++++++++++++++- 2024/0xxx/CVE-2024-0076.json | 78 +++++++++++++++- 2024/0xxx/CVE-2024-0080.json | 78 +++++++++++++++- 2024/0xxx/CVE-2024-0081.json | 78 +++++++++++++++- 2024/20xxx/CVE-2024-20800.json | 103 ++++++++++++++++++++- 2024/22xxx/CVE-2024-22004.json | 78 +++++++++++++++- 2024/24xxx/CVE-2024-24970.json | 18 ++++ 2024/25xxx/CVE-2024-25007.json | 98 +++++++++++++++++++- 2024/26xxx/CVE-2024-26794.json | 12 ++- 2024/26xxx/CVE-2024-26800.json | 22 ++++- 2024/26xxx/CVE-2024-26803.json | 125 +++++++++++++++++++++++++- 2024/26xxx/CVE-2024-26804.json | 147 +++++++++++++++++++++++++++++- 2024/26xxx/CVE-2024-26805.json | 158 ++++++++++++++++++++++++++++++++- 2024/26xxx/CVE-2024-26806.json | 92 ++++++++++++++++++- 2024/26xxx/CVE-2024-26807.json | 103 ++++++++++++++++++++- 2024/26xxx/CVE-2024-26808.json | 136 +++++++++++++++++++++++++++- 2024/27xxx/CVE-2024-27231.json | 53 ++++++++++- 2024/27xxx/CVE-2024-27232.json | 53 ++++++++++- 2024/27xxx/CVE-2024-27460.json | 18 ++++ 2024/28xxx/CVE-2024-28065.json | 61 +++++++++++-- 2024/28xxx/CVE-2024-28888.json | 18 ++++ 2024/29xxx/CVE-2024-29080.json | 18 ++++ 2024/29xxx/CVE-2024-29192.json | 81 ++++++++++++++++- 2024/29xxx/CVE-2024-29193.json | 76 +++++++++++++++- 2024/29xxx/CVE-2024-29738.json | 53 ++++++++++- 2024/29xxx/CVE-2024-29739.json | 53 ++++++++++- 2024/2xxx/CVE-2024-2312.json | 83 ++++++++++++++++- 2024/30xxx/CVE-2024-30249.json | 76 +++++++++++++++- 2024/30xxx/CVE-2024-30252.json | 96 +++++++++++++++++++- 2024/30xxx/CVE-2024-30254.json | 81 ++++++++++++++++- 2024/31xxx/CVE-2024-31705.json | 18 ++++ 2024/31xxx/CVE-2024-31706.json | 18 ++++ 2024/31xxx/CVE-2024-31707.json | 18 ++++ 2024/31xxx/CVE-2024-31708.json | 18 ++++ 2024/31xxx/CVE-2024-31709.json | 18 ++++ 2024/31xxx/CVE-2024-31710.json | 18 ++++ 2024/31xxx/CVE-2024-31711.json | 18 ++++ 2024/31xxx/CVE-2024-31712.json | 18 ++++ 2024/31xxx/CVE-2024-31713.json | 18 ++++ 2024/31xxx/CVE-2024-31714.json | 18 ++++ 2024/31xxx/CVE-2024-31715.json | 18 ++++ 2024/31xxx/CVE-2024-31716.json | 18 ++++ 2024/31xxx/CVE-2024-31717.json | 18 ++++ 2024/31xxx/CVE-2024-31718.json | 18 ++++ 2024/31xxx/CVE-2024-31719.json | 18 ++++ 2024/31xxx/CVE-2024-31720.json | 18 ++++ 2024/31xxx/CVE-2024-31721.json | 18 ++++ 2024/31xxx/CVE-2024-31722.json | 18 ++++ 2024/31xxx/CVE-2024-31723.json | 18 ++++ 2024/31xxx/CVE-2024-31724.json | 18 ++++ 2024/31xxx/CVE-2024-31725.json | 18 ++++ 2024/31xxx/CVE-2024-31726.json | 18 ++++ 2024/31xxx/CVE-2024-31727.json | 18 ++++ 2024/31xxx/CVE-2024-31728.json | 18 ++++ 2024/31xxx/CVE-2024-31729.json | 18 ++++ 2024/31xxx/CVE-2024-31730.json | 18 ++++ 2024/31xxx/CVE-2024-31731.json | 18 ++++ 2024/31xxx/CVE-2024-31732.json | 18 ++++ 2024/31xxx/CVE-2024-31733.json | 18 ++++ 2024/31xxx/CVE-2024-31734.json | 18 ++++ 2024/31xxx/CVE-2024-31735.json | 18 ++++ 2024/31xxx/CVE-2024-31736.json | 18 ++++ 2024/31xxx/CVE-2024-31737.json | 18 ++++ 2024/31xxx/CVE-2024-31851.json | 89 +++++++++++++++++++ 2024/31xxx/CVE-2024-31855.json | 18 ++++ 2024/3xxx/CVE-2024-3262.json | 97 +++++++++++++++++++- 2024/3xxx/CVE-2024-3297.json | 18 ++++ 2024/3xxx/CVE-2024-3298.json | 103 +-------------------- 2024/3xxx/CVE-2024-3299.json | 108 +--------------------- 2024/3xxx/CVE-2024-3300.json | 18 ++++ 2024/3xxx/CVE-2024-3301.json | 18 ++++ 2024/3xxx/CVE-2024-3336.json | 18 ++++ 2024/3xxx/CVE-2024-3351.json | 110 +++++++++++++++++++++++ 2024/3xxx/CVE-2024-3352.json | 110 +++++++++++++++++++++++ 2024/3xxx/CVE-2024-3353.json | 110 +++++++++++++++++++++++ 2024/3xxx/CVE-2024-3354.json | 110 +++++++++++++++++++++++ 2024/3xxx/CVE-2024-3398.json | 18 ++++ 2024/3xxx/CVE-2024-3399.json | 18 ++++ 2024/3xxx/CVE-2024-3400.json | 18 ++++ 2024/3xxx/CVE-2024-3401.json | 18 ++++ 2024/3xxx/CVE-2024-3402.json | 18 ++++ 2024/3xxx/CVE-2024-3403.json | 18 ++++ 2024/3xxx/CVE-2024-3404.json | 18 ++++ 2024/3xxx/CVE-2024-3405.json | 18 ++++ 2024/3xxx/CVE-2024-3406.json | 18 ++++ 2024/3xxx/CVE-2024-3407.json | 18 ++++ 2024/3xxx/CVE-2024-3408.json | 18 ++++ 92 files changed, 3903 insertions(+), 360 deletions(-) create mode 100644 2024/24xxx/CVE-2024-24970.json create mode 100644 2024/27xxx/CVE-2024-27460.json create mode 100644 2024/28xxx/CVE-2024-28888.json create mode 100644 2024/29xxx/CVE-2024-29080.json create mode 100644 2024/31xxx/CVE-2024-31705.json create mode 100644 2024/31xxx/CVE-2024-31706.json create mode 100644 2024/31xxx/CVE-2024-31707.json create mode 100644 2024/31xxx/CVE-2024-31708.json create mode 100644 2024/31xxx/CVE-2024-31709.json create mode 100644 2024/31xxx/CVE-2024-31710.json create mode 100644 2024/31xxx/CVE-2024-31711.json create mode 100644 2024/31xxx/CVE-2024-31712.json create mode 100644 2024/31xxx/CVE-2024-31713.json create mode 100644 2024/31xxx/CVE-2024-31714.json create mode 100644 2024/31xxx/CVE-2024-31715.json create mode 100644 2024/31xxx/CVE-2024-31716.json create mode 100644 2024/31xxx/CVE-2024-31717.json create mode 100644 2024/31xxx/CVE-2024-31718.json create mode 100644 2024/31xxx/CVE-2024-31719.json create mode 100644 2024/31xxx/CVE-2024-31720.json create mode 100644 2024/31xxx/CVE-2024-31721.json create mode 100644 2024/31xxx/CVE-2024-31722.json create mode 100644 2024/31xxx/CVE-2024-31723.json create mode 100644 2024/31xxx/CVE-2024-31724.json create mode 100644 2024/31xxx/CVE-2024-31725.json create mode 100644 2024/31xxx/CVE-2024-31726.json create mode 100644 2024/31xxx/CVE-2024-31727.json create mode 100644 2024/31xxx/CVE-2024-31728.json create mode 100644 2024/31xxx/CVE-2024-31729.json create mode 100644 2024/31xxx/CVE-2024-31730.json create mode 100644 2024/31xxx/CVE-2024-31731.json create mode 100644 2024/31xxx/CVE-2024-31732.json create mode 100644 2024/31xxx/CVE-2024-31733.json create mode 100644 2024/31xxx/CVE-2024-31734.json create mode 100644 2024/31xxx/CVE-2024-31735.json create mode 100644 2024/31xxx/CVE-2024-31736.json create mode 100644 2024/31xxx/CVE-2024-31737.json create mode 100644 2024/31xxx/CVE-2024-31851.json create mode 100644 2024/31xxx/CVE-2024-31855.json create mode 100644 2024/3xxx/CVE-2024-3297.json create mode 100644 2024/3xxx/CVE-2024-3300.json create mode 100644 2024/3xxx/CVE-2024-3301.json create mode 100644 2024/3xxx/CVE-2024-3336.json create mode 100644 2024/3xxx/CVE-2024-3351.json create mode 100644 2024/3xxx/CVE-2024-3352.json create mode 100644 2024/3xxx/CVE-2024-3353.json create mode 100644 2024/3xxx/CVE-2024-3354.json create mode 100644 2024/3xxx/CVE-2024-3398.json create mode 100644 2024/3xxx/CVE-2024-3399.json create mode 100644 2024/3xxx/CVE-2024-3400.json create mode 100644 2024/3xxx/CVE-2024-3401.json create mode 100644 2024/3xxx/CVE-2024-3402.json create mode 100644 2024/3xxx/CVE-2024-3403.json create mode 100644 2024/3xxx/CVE-2024-3404.json create mode 100644 2024/3xxx/CVE-2024-3405.json create mode 100644 2024/3xxx/CVE-2024-3406.json create mode 100644 2024/3xxx/CVE-2024-3407.json create mode 100644 2024/3xxx/CVE-2024-3408.json diff --git a/2021/46xxx/CVE-2021-46905.json b/2021/46xxx/CVE-2021-46905.json index 911bc33950d..8eccd92b138 100644 --- a/2021/46xxx/CVE-2021-46905.json +++ b/2021/46xxx/CVE-2021-46905.json @@ -38,21 +38,6 @@ "product_name": "Linux", "version": { "version_data": [ - { - "version_affected": "<", - "version_name": "a462067d7c8e", - "version_value": "5871761c5f0f" - }, - { - "version_affected": "<", - "version_name": "145c89c441d2", - "version_value": "0c71d4c89559" - }, - { - "version_affected": "<", - "version_name": "caf5ac93b3b5", - "version_value": "24b699bea755" - }, { "version_affected": "<", "version_name": "92028d7a31e5", @@ -143,21 +128,6 @@ }, "references": { "reference_data": [ - { - "url": "https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554" - }, - { - "url": "https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e" - }, - { - "url": "https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1" - }, { "url": "https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725", "refsource": "MISC", @@ -191,6 +161,6 @@ ] }, "generator": { - "engine": "bippy-5f0117140d9a" + "engine": "bippy-e0c11145c45e" } } \ No newline at end of file diff --git a/2023/31xxx/CVE-2023-31028.json b/2023/31xxx/CVE-2023-31028.json index ad60e177e9a..ee5a7dc74f2 100644 --- a/2023/31xxx/CVE-2023-31028.json +++ b/2023/31xxx/CVE-2023-31028.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31028", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nNVIDIA nvJPEG2000 Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA", + "product": { + "product_data": [ + { + "product_name": "nvJPEG2000 Library", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions prior to nvJPEG2000 v0.7.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5517", + "refsource": "MISC", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5517" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 2.8, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36643.json b/2023/36xxx/CVE-2023-36643.json index 2f491d5c22f..77b72fa9f32 100644 --- a/2023/36xxx/CVE-2023-36643.json +++ b/2023/36xxx/CVE-2023-36643.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36643", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36643", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/caffeinated-labs/CVE-2023-36643", + "url": "https://github.com/caffeinated-labs/CVE-2023-36643" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2023/36xxx/CVE-2023-36644.json b/2023/36xxx/CVE-2023-36644.json index f4bf74aef4b..3587c919dd8 100644 --- a/2023/36xxx/CVE-2023-36644.json +++ b/2023/36xxx/CVE-2023-36644.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36644", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36644", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/caffeinated-labs/CVE-2023-36644", + "url": "https://github.com/caffeinated-labs/CVE-2023-36644" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2023/36xxx/CVE-2023-36645.json b/2023/36xxx/CVE-2023-36645.json index dba5a562807..3c273206d14 100644 --- a/2023/36xxx/CVE-2023-36645.json +++ b/2023/36xxx/CVE-2023-36645.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36645", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36645", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/caffeinated-labs/CVE-2023-36645", + "url": "https://github.com/caffeinated-labs/CVE-2023-36645" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2024/0xxx/CVE-2024-0072.json b/2024/0xxx/CVE-2024-0072.json index 1b7be238135..2871086c57a 100644 --- a/2024/0xxx/CVE-2024-0072.json +++ b/2024/0xxx/CVE-2024-0072.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0072", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nNVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476 NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA", + "product": { + "product_data": [ + { + "product_name": "NVIDIA CUDA Toolkit", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions prior to CUDA Toolkit v12.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5517", + "refsource": "MISC", + "name": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5517" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0076.json b/2024/0xxx/CVE-2024-0076.json index 818f4026f12..f7bb2b8b3bb 100644 --- a/2024/0xxx/CVE-2024-0076.json +++ b/2024/0xxx/CVE-2024-0076.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0076", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nNVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA", + "product": { + "product_data": [ + { + "product_name": "NVIDIA CUDA Toolkit", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions prior to CUDA Toolkit v12.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5517", + "refsource": "MISC", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5517" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0080.json b/2024/0xxx/CVE-2024-0080.json index 6d80b3214dd..f545c9937c1 100644 --- a/2024/0xxx/CVE-2024-0080.json +++ b/2024/0xxx/CVE-2024-0080.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0080", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nNVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA", + "product": { + "product_data": [ + { + "product_name": "nvTIFF Library", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions prior to nvTIFF v0.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5517", + "refsource": "MISC", + "name": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5517" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 2.8, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0081.json b/2024/0xxx/CVE-2024-0081.json index 27aa9bcce6a..cfe0b1469a7 100644 --- a/2024/0xxx/CVE-2024-0081.json +++ b/2024/0xxx/CVE-2024-0081.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0081", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nNVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerability may lead to a server-side denial of service.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770 Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA", + "product": { + "product_data": [ + { + "product_name": "NeMo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "NVIDIA Neural Modules 1.22.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/NVIDIA/NeMo/security/advisories/GHSA-x392-p65g-4rxx", + "refsource": "MISC", + "name": "https://github.com/NVIDIA/NeMo/security/advisories/GHSA-x392-p65g-4rxx" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/20xxx/CVE-2024-20800.json b/2024/20xxx/CVE-2024-20800.json index a84ce425a65..36e94807312 100644 --- a/2024/20xxx/CVE-2024-20800.json +++ b/2024/20xxx/CVE-2024-20800.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution within the context of the victim's browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (DOM-based XSS) (CWE-79)", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "6.5.19", + "status": "affected", + "version": "0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html", + "refsource": "MISC", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "availabilityRequirement": "NOT_DEFINED", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "confidentialityRequirement": "NOT_DEFINED", + "environmentalScore": 5.4, + "environmentalSeverity": "MEDIUM", + "exploitCodeMaturity": "NOT_DEFINED", + "integrityImpact": "LOW", + "integrityRequirement": "NOT_DEFINED", + "modifiedAttackComplexity": "LOW", + "modifiedAttackVector": "NETWORK", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "LOW", + "modifiedIntegrityImpact": "LOW", + "modifiedPrivilegesRequired": "LOW", + "modifiedScope": "NOT_DEFINED", + "modifiedUserInteraction": "REQUIRED", + "privilegesRequired": "LOW", + "remediationLevel": "NOT_DEFINED", + "reportConfidence": "NOT_DEFINED", + "scope": "CHANGED", + "temporalScore": 5.4, + "temporalSeverity": "MEDIUM", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22004.json b/2024/22xxx/CVE-2024-22004.json index 4216da70d29..7aac5ac2f44 100644 --- a/2024/22xxx/CVE-2024-22004.json +++ b/2024/22xxx/CVE-2024-22004.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure\u00a0memory from the Trusted Application\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Nest Wifi Pro", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.google.com/product-documentation/answer/14580222?hl=en&ref_topic=12974021&sjid=10751611047462550096-NA", + "refsource": "MISC", + "name": "https://support.google.com/product-documentation/answer/14580222?hl=en&ref_topic=12974021&sjid=10751611047462550096-NA" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/24xxx/CVE-2024-24970.json b/2024/24xxx/CVE-2024-24970.json new file mode 100644 index 00000000000..a9978d0963f --- /dev/null +++ b/2024/24xxx/CVE-2024-24970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-24970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25007.json b/2024/25xxx/CVE-2024-25007.json index 3d294acbc63..79c86af4478 100644 --- a/2024/25xxx/CVE-2024-25007.json +++ b/2024/25xxx/CVE-2024-25007.json @@ -1,17 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@ericsson.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nEricsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File", + "cweId": "CWE-1236" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ericsson", + "product": { + "product_data": [ + { + "product_name": "Ericsson Network Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "23.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024", + "refsource": "MISC", + "name": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Upgrade to ENM version 23.1 or later." + } + ], + "value": "Upgrade to ENM version 23.1 or later." + } + ], + "credits": [ + { + "lang": "en", + "value": "Ericsson thanks Luca Borzacchiello, Andrea Carlo Maria Dattola, Massimiliano Ferraresi, Massimiliano Brolli of TIM Security Red Team Research, TIM S.p.A. for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/26xxx/CVE-2024-26794.json b/2024/26xxx/CVE-2024-26794.json index df095c6d597..38e67617f2b 100644 --- a/2024/26xxx/CVE-2024-26794.json +++ b/2024/26xxx/CVE-2024-26794.json @@ -48,6 +48,11 @@ "version_name": "89bca7fe6382", "version_value": "31d07a757c6d" }, + { + "version_affected": "<", + "version_name": "b0ad381fa769", + "version_value": "a1a4a9ca77f1" + }, { "version_affected": "<", "version_name": "6.6.24", @@ -78,10 +83,15 @@ "url": "https://git.kernel.org/stable/c/31d07a757c6d3430e03cc22799921569999b9a12", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/31d07a757c6d3430e03cc22799921569999b9a12" + }, + { + "url": "https://git.kernel.org/stable/c/a1a4a9ca77f143c00fce69c1239887ff8b813bec", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a1a4a9ca77f143c00fce69c1239887ff8b813bec" } ] }, "generator": { - "engine": "bippy-e0c11145c45e" + "engine": "bippy-5f0117140d9a" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26800.json b/2024/26xxx/CVE-2024-26800.json index 4f174045040..39df6726598 100644 --- a/2024/26xxx/CVE-2024-26800.json +++ b/2024/26xxx/CVE-2024-26800.json @@ -38,6 +38,11 @@ "product_name": "Linux", "version": { "version_data": [ + { + "version_affected": "<", + "version_name": "cd1bbca03f3c", + "version_value": "f2b85a4cc763" + }, { "version_affected": "<", "version_name": "13eca403876b", @@ -48,6 +53,11 @@ "version_name": "ab6397f072e5", "version_value": "1ac9fb84bc7e" }, + { + "version_affected": "<", + "version_name": "859054147318", + "version_value": "13114dc55430" + }, { "version_affected": "<", "version_name": "6.6.18", @@ -69,6 +79,11 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89" + }, { "url": "https://git.kernel.org/stable/c/81be85353b0f5a7b660635634b655329b429eefe", "refsource": "MISC", @@ -78,10 +93,15 @@ "url": "https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1" + }, + { + "url": "https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0" } ] }, "generator": { - "engine": "bippy-e0c11145c45e" + "engine": "bippy-5f0117140d9a" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26803.json b/2024/26xxx/CVE-2024-26803.json index 1666e2a5ac1..429228ad1d3 100644 --- a/2024/26xxx/CVE-2024-26803.json +++ b/2024/26xxx/CVE-2024-26803.json @@ -1,18 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26803", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: veth: clear GRO when clearing XDP even when down\n\nveth sets NETIF_F_GRO automatically when XDP is enabled,\nbecause both features use the same NAPI machinery.\n\nThe logic to clear NETIF_F_GRO sits in veth_disable_xdp() which\nis called both on ndo_stop and when XDP is turned off.\nTo avoid the flag from being cleared when the device is brought\ndown, the clearing is skipped when IFF_UP is not set.\nBringing the device down should indeed not modify its features.\n\nUnfortunately, this means that clearing is also skipped when\nXDP is disabled _while_ the device is down. And there's nothing\non the open path to bring the device features back into sync.\nIOW if user enables XDP, disables it and then brings the device\nup we'll end up with a stray GRO flag set but no NAPI instances.\n\nWe don't depend on the GRO flag on the datapath, so the datapath\nwon't crash. We will crash (or hang), however, next time features\nare sync'ed (either by user via ethtool or peer changing its config).\nThe GRO flag will go away, and veth will try to disable the NAPIs.\nBut the open path never created them since XDP was off, the GRO flag\nwas a stray. If NAPI was initialized before we'll hang in napi_disable().\nIf it never was we'll crash trying to stop uninitialized hrtimer.\n\nMove the GRO flag updates to the XDP enable / disable paths,\ninstead of mixing them with the ndo_open / ndo_close paths." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "d3256efd8e8b", + "version_value": "f011c103e654" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.13", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.13", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.151", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.81", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.21", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.9", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/f011c103e654d83dc85f057a7d1bd0960d02831c", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f011c103e654d83dc85f057a7d1bd0960d02831c" + }, + { + "url": "https://git.kernel.org/stable/c/7985d73961bbb4e726c1be7b9cd26becc7be8325", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7985d73961bbb4e726c1be7b9cd26becc7be8325" + }, + { + "url": "https://git.kernel.org/stable/c/16edf51f33f52dff70ed455bc40a6cc443c04664", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/16edf51f33f52dff70ed455bc40a6cc443c04664" + }, + { + "url": "https://git.kernel.org/stable/c/8f7a3894e58e6f5d5815533cfde60e3838947941", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8f7a3894e58e6f5d5815533cfde60e3838947941" + }, + { + "url": "https://git.kernel.org/stable/c/fe9f801355f0b47668419f30f1fac1cf4539e736", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/fe9f801355f0b47668419f30f1fac1cf4539e736" + } + ] + }, + "generator": { + "engine": "bippy-e0c11145c45e" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26804.json b/2024/26xxx/CVE-2024-26804.json index 85f75db3358..f28ab274b33 100644 --- a/2024/26xxx/CVE-2024-26804.json +++ b/2024/26xxx/CVE-2024-26804.json @@ -1,18 +1,157 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26804", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ip_tunnel: prevent perpetual headroom growth\n\nsyzkaller triggered following kasan splat:\nBUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170\nRead of size 1 at addr ffff88812fb4000e by task syz-executor183/5191\n[..]\n kasan_report+0xda/0x110 mm/kasan/report.c:588\n __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170\n skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline]\n ___skb_get_hash net/core/flow_dissector.c:1791 [inline]\n __skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856\n skb_get_hash include/linux/skbuff.h:1556 [inline]\n ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748\n ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592\n ...\n ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n ..\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831\n ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564\n ...\n\nThe splat occurs because skb->data points past skb->head allocated area.\nThis is because neigh layer does:\n __skb_pull(skb, skb_network_offset(skb));\n\n... but skb_network_offset() returns a negative offset and __skb_pull()\narg is unsigned. IOW, we skb->data gets \"adjusted\" by a huge value.\n\nThe negative value is returned because skb->head and skb->data distance is\nmore than 64k and skb->network_header (u16) has wrapped around.\n\nThe bug is in the ip_tunnel infrastructure, which can cause\ndev->needed_headroom to increment ad infinitum.\n\nThe syzkaller reproducer consists of packets getting routed via a gre\ntunnel, and route of gre encapsulated packets pointing at another (ipip)\ntunnel. The ipip encapsulation finds gre0 as next output device.\n\nThis results in the following pattern:\n\n1). First packet is to be sent out via gre0.\nRoute lookup found an output device, ipip0.\n\n2).\nip_tunnel_xmit for gre0 bumps gre0->needed_headroom based on the future\noutput device, rt.dev->needed_headroom (ipip0).\n\n3).\nip output / start_xmit moves skb on to ipip0. which runs the same\ncode path again (xmit recursion).\n\n4).\nRouting step for the post-gre0-encap packet finds gre0 as output device\nto use for ipip0 encapsulated packet.\n\ntunl0->needed_headroom is then incremented based on the (already bumped)\ngre0 device headroom.\n\nThis repeats for every future packet:\n\ngre0->needed_headroom gets inflated because previous packets' ipip0 step\nincremented rt->dev (gre0) headroom, and ipip0 incremented because gre0\nneeded_headroom was increased.\n\nFor each subsequent packet, gre/ipip0->needed_headroom grows until\npost-expand-head reallocations result in a skb->head/data distance of\nmore than 64k.\n\nOnce that happens, skb->network_header (u16) wraps around when\npskb_expand_head tries to make sure that skb_network_offset() is unchanged\nafter the headroom expansion/reallocation.\n\nAfter this skb_network_offset(skb) returns a different (and negative)\nresult post headroom expansion.\n\nThe next trip to neigh layer (or anything else that would __skb_pull the\nnetwork header) makes skb->data point to a memory location outside\nskb->head area.\n\nv2: Cap the needed_headroom update to an arbitarily chosen upperlimit to\nprevent perpetual increase instead of dropping the headroom increment\ncompletely." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "243aad830e8a", + "version_value": "f81e94d2dcd2" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "2.6.34", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.34", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.271", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.212", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.151", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.81", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.21", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.9", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/f81e94d2dcd2397137edcb8b85f4c5bed5d22383", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f81e94d2dcd2397137edcb8b85f4c5bed5d22383" + }, + { + "url": "https://git.kernel.org/stable/c/2e95350fe9db9d53c701075060ac8ac883b68aee", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2e95350fe9db9d53c701075060ac8ac883b68aee" + }, + { + "url": "https://git.kernel.org/stable/c/afec0c5cd2ed71ca95a8b36a5e6d03333bf34282", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/afec0c5cd2ed71ca95a8b36a5e6d03333bf34282" + }, + { + "url": "https://git.kernel.org/stable/c/ab63de24ebea36fe73ac7121738595d704b66d96", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ab63de24ebea36fe73ac7121738595d704b66d96" + }, + { + "url": "https://git.kernel.org/stable/c/a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9" + }, + { + "url": "https://git.kernel.org/stable/c/049d7989c67e8dd50f07a2096dbafdb41331fb9b", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/049d7989c67e8dd50f07a2096dbafdb41331fb9b" + }, + { + "url": "https://git.kernel.org/stable/c/5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f" + } + ] + }, + "generator": { + "engine": "bippy-e0c11145c45e" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26805.json b/2024/26xxx/CVE-2024-26805.json index a0e291b7920..c03402a6566 100644 --- a/2024/26xxx/CVE-2024-26805.json +++ b/2024/26xxx/CVE-2024-26805.json @@ -1,18 +1,168 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26805", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix kernel-infoleak-after-free in __skb_datagram_iter\n\nsyzbot reported the following uninit-value access issue [1]:\n\nnetlink_to_full_skb() creates a new `skb` and puts the `skb->data`\npassed as a 1st arg of netlink_to_full_skb() onto new `skb`. The data\nsize is specified as `len` and passed to skb_put_data(). This `len`\nis based on `skb->end` that is not data offset but buffer offset. The\n`skb->end` contains data and tailroom. Since the tailroom is not\ninitialized when the new `skb` created, KMSAN detects uninitialized\nmemory area when copying the data.\n\nThis patch resolved this issue by correct the len from `skb->end` to\n`skb->len`, which is the actual data offset.\n\nBUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf include/linux/iov_iter.h:29 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance include/linux/iov_iter.h:271 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186\n copy_to_iter include/linux/uio.h:197 [inline]\n simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:532\n __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:420\n skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546\n skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]\n packet_recvmsg+0xd9c/0x2000 net/packet/af_packet.c:3482\n sock_recvmsg_nosec net/socket.c:1044 [inline]\n sock_recvmsg net/socket.c:1066 [inline]\n sock_read_iter+0x467/0x580 net/socket.c:1136\n call_read_iter include/linux/fs.h:2014 [inline]\n new_sync_read fs/read_write.c:389 [inline]\n vfs_read+0x8f6/0xe00 fs/read_write.c:470\n ksys_read+0x20f/0x4c0 fs/read_write.c:613\n __do_sys_read fs/read_write.c:623 [inline]\n __se_sys_read fs/read_write.c:621 [inline]\n __x64_sys_read+0x93/0xd0 fs/read_write.c:621\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was stored to memory at:\n skb_put_data include/linux/skbuff.h:2622 [inline]\n netlink_to_full_skb net/netlink/af_netlink.c:181 [inline]\n __netlink_deliver_tap_skb net/netlink/af_netlink.c:298 [inline]\n __netlink_deliver_tap+0x5be/0xc90 net/netlink/af_netlink.c:325\n netlink_deliver_tap net/netlink/af_netlink.c:338 [inline]\n netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline]\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x10f1/0x1250 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n free_pages_prepare mm/page_alloc.c:1087 [inline]\n free_unref_page_prepare+0xb0/0xa40 mm/page_alloc.c:2347\n free_unref_page_list+0xeb/0x1100 mm/page_alloc.c:2533\n release_pages+0x23d3/0x2410 mm/swap.c:1042\n free_pages_and_swap_cache+0xd9/0xf0 mm/swap_state.c:316\n tlb_batch_pages\n---truncated---" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1853c9496460", + "version_value": "ec343a55b687" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.3", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.3", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.309", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.271", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.212", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.151", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.81", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.21", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.9", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/ec343a55b687a452f5e87f3b52bf9f155864df65", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/ec343a55b687a452f5e87f3b52bf9f155864df65" + }, + { + "url": "https://git.kernel.org/stable/c/9ae51361da43270f4ba0eb924427a07e87e48777", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9ae51361da43270f4ba0eb924427a07e87e48777" + }, + { + "url": "https://git.kernel.org/stable/c/f19d1f98e60e68b11fc60839105dd02a30ec0d77", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f19d1f98e60e68b11fc60839105dd02a30ec0d77" + }, + { + "url": "https://git.kernel.org/stable/c/c71ed29d15b1a1ed6c464f8c3536996963046285", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/c71ed29d15b1a1ed6c464f8c3536996963046285" + }, + { + "url": "https://git.kernel.org/stable/c/0b27bf4c494d61e5663baa34c3edd7ccebf0ea44", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/0b27bf4c494d61e5663baa34c3edd7ccebf0ea44" + }, + { + "url": "https://git.kernel.org/stable/c/d3ada42e534a83b618bbc1e490d23bf0fdae4736", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/d3ada42e534a83b618bbc1e490d23bf0fdae4736" + }, + { + "url": "https://git.kernel.org/stable/c/59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d" + }, + { + "url": "https://git.kernel.org/stable/c/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd" + } + ] + }, + "generator": { + "engine": "bippy-e0c11145c45e" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26806.json b/2024/26xxx/CVE-2024-26806.json index f49bf478b29..1b85b03afb5 100644 --- a/2024/26xxx/CVE-2024-26806.json +++ b/2024/26xxx/CVE-2024-26806.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26806", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks\n\nThe ->runtime_suspend() and ->runtime_resume() callbacks are not\nexpected to call spi_controller_suspend() and spi_controller_resume().\nRemove calls to those in the cadence-qspi driver.\n\nThose helpers have two roles currently:\n - They stop/start the queue, including dealing with the kworker.\n - They toggle the SPI controller SPI_CONTROLLER_SUSPENDED flag. It\n requires acquiring ctlr->bus_lock_mutex.\n\nStep one is irrelevant because cadence-qspi is not queued. Step two\nhowever has two implications:\n - A deadlock occurs, because ->runtime_resume() is called in a context\n where the lock is already taken (in the ->exec_op() callback, where\n the usage count is incremented).\n - It would disallow all operations once the device is auto-suspended.\n\nHere is a brief call tree highlighting the mutex deadlock:\n\nspi_mem_exec_op()\n ...\n spi_mem_access_start()\n mutex_lock(&ctlr->bus_lock_mutex)\n\n cqspi_exec_mem_op()\n pm_runtime_resume_and_get()\n cqspi_resume()\n spi_controller_resume()\n mutex_lock(&ctlr->bus_lock_mutex)\n ...\n\n spi_mem_access_end()\n mutex_unlock(&ctlr->bus_lock_mutex)\n ..." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0578a6dbfe75", + "version_value": "041562ebc475" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.7", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.9", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/041562ebc4759c9932b59a06527f8753b86da365", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/041562ebc4759c9932b59a06527f8753b86da365" + }, + { + "url": "https://git.kernel.org/stable/c/959043afe53ae80633e810416cee6076da6e91c6", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/959043afe53ae80633e810416cee6076da6e91c6" + } + ] + }, + "generator": { + "engine": "bippy-e0c11145c45e" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26807.json b/2024/26xxx/CVE-2024-26807.json index 1869b6c2c38..ba4a5598e07 100644 --- a/2024/26xxx/CVE-2024-26807.json +++ b/2024/26xxx/CVE-2024-26807.json @@ -1,18 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26807", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-qspi: fix pointer reference in runtime PM hooks\n\ndev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI\ncontroller. Neither embed the other; this lead to memory corruption.\n\nOn a given platform (Mobileye EyeQ5) the memory corruption is hidden\ninside cqspi->f_pdata. Also, this uninitialised memory is used as a\nmutex (ctlr->bus_lock_mutex) by spi_controller_suspend()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2087e85bb66e", + "version_value": "03f1573c9587" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.4", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.4", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.21", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.9", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61" + }, + { + "url": "https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03" + }, + { + "url": "https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc" + } + ] + }, + "generator": { + "engine": "bippy-e0c11145c45e" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26808.json b/2024/26xxx/CVE-2024-26808.json index 69626b4215c..4ea809f2886 100644 --- a/2024/26xxx/CVE-2024-26808.json +++ b/2024/26xxx/CVE-2024-26808.json @@ -1,18 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-26808", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain\n\nRemove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER\nevent is reported, otherwise a stale reference to netdevice remains in\nthe hook list." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "60a3815da702", + "version_value": "9489e214ea8f" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.10", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.10", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.210", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.149", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.76", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.15", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.3", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/9489e214ea8f2a90345516016aa51f2db3a8cc2f", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9489e214ea8f2a90345516016aa51f2db3a8cc2f" + }, + { + "url": "https://git.kernel.org/stable/c/70f17b48c86622217a58d5099d29242fc9adac58", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/70f17b48c86622217a58d5099d29242fc9adac58" + }, + { + "url": "https://git.kernel.org/stable/c/af149a46890e8285d1618bd68b8d159bdb87fdb3", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/af149a46890e8285d1618bd68b8d159bdb87fdb3" + }, + { + "url": "https://git.kernel.org/stable/c/e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4" + }, + { + "url": "https://git.kernel.org/stable/c/36a0a80f32209238469deb481967d777a3d539ee", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/36a0a80f32209238469deb481967d777a3d539ee" + }, + { + "url": "https://git.kernel.org/stable/c/01acb2e8666a6529697141a6017edbf206921913", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/01acb2e8666a6529697141a6017edbf206921913" + } + ] + }, + "generator": { + "engine": "bippy-e0c11145c45e" } } \ No newline at end of file diff --git a/2024/27xxx/CVE-2024-27231.json b/2024/27xxx/CVE-2024-27231.json index 7a9561912c2..b434895f102 100644 --- a/2024/27xxx/CVE-2024-27231.json +++ b/2024/27xxx/CVE-2024-27231.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27231", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2024-04-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2024-04-01" } ] } diff --git a/2024/27xxx/CVE-2024-27232.json b/2024/27xxx/CVE-2024-27232.json index e6a6efd8eb9..baf7bc4c367 100644 --- a/2024/27xxx/CVE-2024-27232.json +++ b/2024/27xxx/CVE-2024-27232.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27232", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2024-04-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2024-04-01" } ] } diff --git a/2024/27xxx/CVE-2024-27460.json b/2024/27xxx/CVE-2024-27460.json new file mode 100644 index 00000000000..c5b16b0f7a1 --- /dev/null +++ b/2024/27xxx/CVE-2024-27460.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-27460", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/28xxx/CVE-2024-28065.json b/2024/28xxx/CVE-2024-28065.json index c4fd98f547e..7acb8ce1662 100644 --- a/2024/28xxx/CVE-2024-28065.json +++ b/2024/28xxx/CVE-2024-28065.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-28065", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-28065", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://syss.de", + "refsource": "MISC", + "name": "https://syss.de" + }, + { + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-007.txt", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-007.txt" } ] } diff --git a/2024/28xxx/CVE-2024-28888.json b/2024/28xxx/CVE-2024-28888.json new file mode 100644 index 00000000000..ad98d68f03d --- /dev/null +++ b/2024/28xxx/CVE-2024-28888.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-28888", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29080.json b/2024/29xxx/CVE-2024-29080.json new file mode 100644 index 00000000000..526b15ecd72 --- /dev/null +++ b/2024/29xxx/CVE-2024-29080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-29080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/29xxx/CVE-2024-29192.json b/2024/29xxx/CVE-2024-29192.json index e0b56d6e93b..9b6da034e56 100644 --- a/2024/29xxx/CVE-2024-29192.json +++ b/2024/29xxx/CVE-2024-29192.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29192", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The `/api/config` endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an attacker may be able to achieve that depending on how go2rtc is set up on the upstream application, and given that this endpoint is not protected against CSRF, it allows requests from any origin (e.g. a \"drive-by\" attack) . The `exec` handler allows for any stream to execute arbitrary commands. An attacker may add a custom stream through `api/config`, which may lead to arbitrary command execution. In the event of a victim visiting the server in question, their browser will execute the requests against the go2rtc instance. Commit 8793c3636493c5efdda08f3b5ed5c6e1ea594fd9 adds a warning about secure API access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AlexxIT", + "product": { + "product_data": [ + { + "product_name": "go2rtc", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 1.8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://securitylab.github.com/advisories/GHSL-2023-205_GHSL-2023-207_go2rtc/", + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2023-205_GHSL-2023-207_go2rtc/" + }, + { + "url": "https://github.com/AlexxIT/go2rtc/commit/8793c3636493c5efdda08f3b5ed5c6e1ea594fd9", + "refsource": "MISC", + "name": "https://github.com/AlexxIT/go2rtc/commit/8793c3636493c5efdda08f3b5ed5c6e1ea594fd9" + } + ] + }, + "source": { + "advisory": "GHSA-qgj8-g9q4-7f2p", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29193.json b/2024/29xxx/CVE-2024-29193.json index 290ed5b6db4..15037351e2e 100644 --- a/2024/29xxx/CVE-2024-29193.json +++ b/2024/29xxx/CVE-2024-29193.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29193", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (`index.html`) shows the available streams by fetching the API (`[0]`) in the client side. Then, it uses `Object.entries` to iterate over the result (`[1]`) whose first item (`name`) gets appended using `innerHTML` (`[2]`). In the event of a victim visiting the server in question, their browser will execute the request against the go2rtc instance. After the request, the browser will be redirected to go2rtc, in which the XSS would be executed in the context of go2rtc\u2019s origin. As of time of publication, no patch is available." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AlexxIT", + "product": { + "product_data": [ + { + "product_name": "go2rtc", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 1.8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://securitylab.github.com/advisories/GHSL-2023-205_GHSL-2023-207_go2rtc/", + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2023-205_GHSL-2023-207_go2rtc/" + } + ] + }, + "source": { + "advisory": "GHSA-rh4r-f7f7-r99m", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/29xxx/CVE-2024-29738.json b/2024/29xxx/CVE-2024-29738.json index 93b16a2a483..350d62fbd9b 100644 --- a/2024/29xxx/CVE-2024-29738.json +++ b/2024/29xxx/CVE-2024-29738.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29738", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In gov_init, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2024-04-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2024-04-01" } ] } diff --git a/2024/29xxx/CVE-2024-29739.json b/2024/29xxx/CVE-2024-29739.json index e5b75ff3500..75e5c38c367 100644 --- a/2024/29xxx/CVE-2024-29739.json +++ b/2024/29xxx/CVE-2024-29739.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29739", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In tmu_get_temp_lut of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2024-04-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2024-04-01" } ] } diff --git a/2024/2xxx/CVE-2024-2312.json b/2024/2xxx/CVE-2024-2312.json index 34d6350fa03..fcd5b39e932 100644 --- a/2024/2xxx/CVE-2024-2312.json +++ b/2024/2xxx/CVE-2024-2312.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2312", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@ubuntu.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Debian", + "product": { + "product_data": [ + { + "product_name": "Debian based GNU GRUB", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.12-1ubuntu5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127" + }, + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312", + "refsource": "MISC", + "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Mate Kukri" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/30xxx/CVE-2024-30249.json b/2024/30xxx/CVE-2024-30249.json index a970c3e5b45..e26ec411c08 100644 --- a/2024/30xxx/CVE-2024-30249.json +++ b/2024/30xxx/CVE-2024-30249.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30249", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR1-20240330.101522-15` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to use Network as an amplification vector for a UDP denial of service attack against a third party or as an attempt to trigger service suspension of the host. All consumers of the library should upgrade to at least version `1.0.0.CR1-20240330.101522-15` to receive a fix. There are no known workarounds beyond updating the library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CloudburstMC", + "product": { + "product_data": [ + { + "product_name": "Network", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.0.0.CR1-20240330.101522-15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh", + "refsource": "MISC", + "name": "https://github.com/CloudburstMC/Network/security/advisories/GHSA-6h3m-c6fv-8hvh" + } + ] + }, + "source": { + "advisory": "GHSA-6h3m-c6fv-8hvh", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30252.json b/2024/30xxx/CVE-2024-30252.json index 3f2b1d23aef..7d74540cd69 100644 --- a/2024/30xxx/CVE-2024-30252.json +++ b/2024/30xxx/CVE-2024-30252.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30252", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the extension to send an authenticated GET request to an arbitrary URL. An authenticated request is a request where the cookies of the browser are sent along with the request. The `subscribe.js` script uses the first parameter from the current URL location as the URL of the RSS feed to subscribe to and checks that the RSS feed is valid XML. `subscribe.js` is accessible by an attacker website due to its use in `subscribe.html`, an HTML page that is declared as a `web_accessible_resource` in `manifest.json`. This issue may lead to `Privilege Escalation`. A CSRF breaks the integrity of servers running on a private network. A user of the browser extension may have a private server with dangerous functionality, which is assumed to be safe due to network segmentation. Upon receiving an authenticated request instantiated from an attacker, this integrity is broken. Version 3.7 fixes this issue by removing subscribe.html from `web_accessible_resources`.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nt1m", + "product": { + "product_data": [ + { + "product_name": "livemarks", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nt1m/livemarks/security/advisories/GHSA-3gg9-w4fm-jjcg", + "refsource": "MISC", + "name": "https://github.com/nt1m/livemarks/security/advisories/GHSA-3gg9-w4fm-jjcg" + }, + { + "url": "https://github.com/nt1m/livemarks/commit/1bcf39f6e91f7352301013f8feac6d488719450f", + "refsource": "MISC", + "name": "https://github.com/nt1m/livemarks/commit/1bcf39f6e91f7352301013f8feac6d488719450f" + }, + { + "url": "https://github.com/nt1m/livemarks/blob/9c5233c82aa2f7c8bac348a08ff52881b00c4f95/manifest.json#L4", + "refsource": "MISC", + "name": "https://github.com/nt1m/livemarks/blob/9c5233c82aa2f7c8bac348a08ff52881b00c4f95/manifest.json#L4" + }, + { + "url": "https://github.com/nt1m/livemarks/blob/9c5233c82aa2f7c8bac348a08ff52881b00c4f95/pages/subscribe/subscribe.js#L52", + "refsource": "MISC", + "name": "https://github.com/nt1m/livemarks/blob/9c5233c82aa2f7c8bac348a08ff52881b00c4f95/pages/subscribe/subscribe.js#L52" + }, + { + "url": "https://github.com/nt1m/livemarks/blob/9c5233c82aa2f7c8bac348a08ff52881b00c4f95/shared/feed-parser.js#L5", + "refsource": "MISC", + "name": "https://github.com/nt1m/livemarks/blob/9c5233c82aa2f7c8bac348a08ff52881b00c4f95/shared/feed-parser.js#L5" + } + ] + }, + "source": { + "advisory": "GHSA-3gg9-w4fm-jjcg", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 2.6, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30254.json b/2024/30xxx/CVE-2024-30254.json index 852df3f6f25..297a44988ab 100644 --- a/2024/30xxx/CVE-2024-30254.json +++ b/2024/30xxx/CVE-2024-30254.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30254", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MesonLSP is an unofficial, unendorsed language server for meson written in C++. A vulnerability in versions prior to 4.1.4 allows overwriting arbitrary files if the attacker can make the victim either run the language server within a specific crafted project or `mesonlsp --full`. Version 4.1.4 contains a patch for this issue. As a workaround, avoid running `mesonlsp --full` and set the language server option `others.neverDownloadAutomatically` to `true`.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JCWasmx86", + "product": { + "product_data": [ + { + "product_name": "mesonlsp", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JCWasmx86/mesonlsp/security/advisories/GHSA-48c5-35fh-846h", + "refsource": "MISC", + "name": "https://github.com/JCWasmx86/mesonlsp/security/advisories/GHSA-48c5-35fh-846h" + }, + { + "url": "https://github.com/JCWasmx86/mesonlsp/commit/594b6334061371911cd59389124ab8af30ce0a3a", + "refsource": "MISC", + "name": "https://github.com/JCWasmx86/mesonlsp/commit/594b6334061371911cd59389124ab8af30ce0a3a" + } + ] + }, + "source": { + "advisory": "GHSA-48c5-35fh-846h", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/31xxx/CVE-2024-31705.json b/2024/31xxx/CVE-2024-31705.json new file mode 100644 index 00000000000..391a52f048d --- /dev/null +++ b/2024/31xxx/CVE-2024-31705.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31705", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31706.json b/2024/31xxx/CVE-2024-31706.json new file mode 100644 index 00000000000..71a9218d682 --- /dev/null +++ b/2024/31xxx/CVE-2024-31706.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31706", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31707.json b/2024/31xxx/CVE-2024-31707.json new file mode 100644 index 00000000000..1aa170b8590 --- /dev/null +++ b/2024/31xxx/CVE-2024-31707.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31707", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31708.json b/2024/31xxx/CVE-2024-31708.json new file mode 100644 index 00000000000..b034113c96d --- /dev/null +++ b/2024/31xxx/CVE-2024-31708.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31708", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31709.json b/2024/31xxx/CVE-2024-31709.json new file mode 100644 index 00000000000..385295e2923 --- /dev/null +++ b/2024/31xxx/CVE-2024-31709.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31709", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31710.json b/2024/31xxx/CVE-2024-31710.json new file mode 100644 index 00000000000..00b9c1acb38 --- /dev/null +++ b/2024/31xxx/CVE-2024-31710.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31710", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31711.json b/2024/31xxx/CVE-2024-31711.json new file mode 100644 index 00000000000..80a068483b6 --- /dev/null +++ b/2024/31xxx/CVE-2024-31711.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31711", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31712.json b/2024/31xxx/CVE-2024-31712.json new file mode 100644 index 00000000000..114bb86e8dd --- /dev/null +++ b/2024/31xxx/CVE-2024-31712.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31712", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31713.json b/2024/31xxx/CVE-2024-31713.json new file mode 100644 index 00000000000..53c0a603a55 --- /dev/null +++ b/2024/31xxx/CVE-2024-31713.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31713", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31714.json b/2024/31xxx/CVE-2024-31714.json new file mode 100644 index 00000000000..a2b1360105d --- /dev/null +++ b/2024/31xxx/CVE-2024-31714.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31714", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31715.json b/2024/31xxx/CVE-2024-31715.json new file mode 100644 index 00000000000..4d67a152c80 --- /dev/null +++ b/2024/31xxx/CVE-2024-31715.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31715", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31716.json b/2024/31xxx/CVE-2024-31716.json new file mode 100644 index 00000000000..ae1264e18a8 --- /dev/null +++ b/2024/31xxx/CVE-2024-31716.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31716", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31717.json b/2024/31xxx/CVE-2024-31717.json new file mode 100644 index 00000000000..81066e9d104 --- /dev/null +++ b/2024/31xxx/CVE-2024-31717.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31717", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31718.json b/2024/31xxx/CVE-2024-31718.json new file mode 100644 index 00000000000..67e4985fe65 --- /dev/null +++ b/2024/31xxx/CVE-2024-31718.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31718", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31719.json b/2024/31xxx/CVE-2024-31719.json new file mode 100644 index 00000000000..8654f24045d --- /dev/null +++ b/2024/31xxx/CVE-2024-31719.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31719", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31720.json b/2024/31xxx/CVE-2024-31720.json new file mode 100644 index 00000000000..18ebaa700a1 --- /dev/null +++ b/2024/31xxx/CVE-2024-31720.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31720", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31721.json b/2024/31xxx/CVE-2024-31721.json new file mode 100644 index 00000000000..8309464b294 --- /dev/null +++ b/2024/31xxx/CVE-2024-31721.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31721", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31722.json b/2024/31xxx/CVE-2024-31722.json new file mode 100644 index 00000000000..861529761e9 --- /dev/null +++ b/2024/31xxx/CVE-2024-31722.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31722", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31723.json b/2024/31xxx/CVE-2024-31723.json new file mode 100644 index 00000000000..77f89976abe --- /dev/null +++ b/2024/31xxx/CVE-2024-31723.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31723", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31724.json b/2024/31xxx/CVE-2024-31724.json new file mode 100644 index 00000000000..b131de587b7 --- /dev/null +++ b/2024/31xxx/CVE-2024-31724.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31724", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31725.json b/2024/31xxx/CVE-2024-31725.json new file mode 100644 index 00000000000..1ca4c189b73 --- /dev/null +++ b/2024/31xxx/CVE-2024-31725.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31725", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31726.json b/2024/31xxx/CVE-2024-31726.json new file mode 100644 index 00000000000..768462b4221 --- /dev/null +++ b/2024/31xxx/CVE-2024-31726.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31726", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31727.json b/2024/31xxx/CVE-2024-31727.json new file mode 100644 index 00000000000..77e021ef1bd --- /dev/null +++ b/2024/31xxx/CVE-2024-31727.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31727", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31728.json b/2024/31xxx/CVE-2024-31728.json new file mode 100644 index 00000000000..2d5e1343e4c --- /dev/null +++ b/2024/31xxx/CVE-2024-31728.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31728", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31729.json b/2024/31xxx/CVE-2024-31729.json new file mode 100644 index 00000000000..7e73405c2ad --- /dev/null +++ b/2024/31xxx/CVE-2024-31729.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31729", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31730.json b/2024/31xxx/CVE-2024-31730.json new file mode 100644 index 00000000000..ed5eaabd494 --- /dev/null +++ b/2024/31xxx/CVE-2024-31730.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31730", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31731.json b/2024/31xxx/CVE-2024-31731.json new file mode 100644 index 00000000000..4e9e248ad02 --- /dev/null +++ b/2024/31xxx/CVE-2024-31731.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31731", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31732.json b/2024/31xxx/CVE-2024-31732.json new file mode 100644 index 00000000000..70741e4ba1b --- /dev/null +++ b/2024/31xxx/CVE-2024-31732.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31732", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31733.json b/2024/31xxx/CVE-2024-31733.json new file mode 100644 index 00000000000..954f995d155 --- /dev/null +++ b/2024/31xxx/CVE-2024-31733.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31733", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31734.json b/2024/31xxx/CVE-2024-31734.json new file mode 100644 index 00000000000..27164bf89ff --- /dev/null +++ b/2024/31xxx/CVE-2024-31734.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31734", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31735.json b/2024/31xxx/CVE-2024-31735.json new file mode 100644 index 00000000000..08a0de031dd --- /dev/null +++ b/2024/31xxx/CVE-2024-31735.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31735", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31736.json b/2024/31xxx/CVE-2024-31736.json new file mode 100644 index 00000000000..db7bbcab4ad --- /dev/null +++ b/2024/31xxx/CVE-2024-31736.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31736", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31737.json b/2024/31xxx/CVE-2024-31737.json new file mode 100644 index 00000000000..5f1b8e53547 --- /dev/null +++ b/2024/31xxx/CVE-2024-31737.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31737", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31851.json b/2024/31xxx/CVE-2024-31851.json new file mode 100644 index 00000000000..f29c23f776c --- /dev/null +++ b/2024/31xxx/CVE-2024-31851.json @@ -0,0 +1,89 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-31851", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CData", + "product": { + "product_data": [ + { + "product_name": "Sync", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "23.4.8843" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2024-09", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2024-09" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31855.json b/2024/31xxx/CVE-2024-31855.json new file mode 100644 index 00000000000..38394a0d4f3 --- /dev/null +++ b/2024/31xxx/CVE-2024-31855.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-31855", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3262.json b/2024/3xxx/CVE-2024-3262.json index ba05530e156..27a7e46e2fe 100644 --- a/2024/3xxx/CVE-2024-3262.json +++ b/2024/3xxx/CVE-2024-3262.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3262", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Best Practical Solutions", + "product": { + "product_data": [ + { + "product_name": "Request Tracker", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt", + "refsource": "MISC", + "name": "https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-exposicion-de-informacion-en-request-tracker-rt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Vulnerability fixed by applying the following patches: https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a.patch and https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe.patch. In future versions of RT, this solution will be included as a configurable option of the tool." + } + ], + "value": "Vulnerability fixed by applying the following patches: https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a.patch and https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe.patch . In future versions of RT, this solution will be included as a configurable option of the tool." + } + ], + "credits": [ + { + "lang": "en", + "value": "Javier Garcia Ant\u00f3n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3297.json b/2024/3xxx/CVE-2024-3297.json new file mode 100644 index 00000000000..f99e2a3da13 --- /dev/null +++ b/2024/3xxx/CVE-2024-3297.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3297", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3298.json b/2024/3xxx/CVE-2024-3298.json index e45cd12c66a..04b21eaca9b 100644 --- a/2024/3xxx/CVE-2024-3298.json +++ b/2024/3xxx/CVE-2024-3298.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3298", - "ASSIGNER": "3DS.Information-Security@3ds.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. NOTE: this vulnerability was SPLIT from CVE-2024-1847." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787 Out-of-bounds Write", - "cweId": "CWE-787" - } - ] - }, - { - "description": [ - { - "lang": "eng", - "value": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')", - "cweId": "CWE-843" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Dassault Syst\u00e8mes", - "product": { - "product_data": [ - { - "product_name": "eDrawings", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "Release SOLIDWORKS 2023 SP0", - "version_value": "Release SOLIDWORKS 2023 SP5" - }, - { - "version_affected": "<=", - "version_name": "Release SOLIDWORKS 2024 SP0", - "version_value": "Release SOLIDWORKS 2024 SP1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.3ds.com/vulnerability/advisories", - "refsource": "MISC", - "name": "https://www.3ds.com/vulnerability/advisories" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Mat Powell of Trend Micro Zero Day Initiative" - }, - { - "lang": "en", - "value": "Mat Powell & Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseSeverity": "HIGH", - "baseScore": 7.8, - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3299.json b/2024/3xxx/CVE-2024-3299.json index ce56ab623d7..adad00f79d7 100644 --- a/2024/3xxx/CVE-2024-3299.json +++ b/2024/3xxx/CVE-2024-3299.json @@ -1,117 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3299", - "ASSIGNER": "3DS.Information-Security@3ds.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted SLDDRW or SLDPRT file. NOTE: this vulnerability was SPLIT from CVE-2024-1847." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416 Use After Free", - "cweId": "CWE-416" - } - ] - }, - { - "description": [ - { - "lang": "eng", - "value": "CWE-787 Out-of-bounds Write", - "cweId": "CWE-787" - } - ] - }, - { - "description": [ - { - "lang": "eng", - "value": "CWE-908 Use of Uninitialized Resource", - "cweId": "CWE-908" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Dassault Syst\u00e8mes", - "product": { - "product_data": [ - { - "product_name": "eDrawings", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "Release SOLIDWORKS 2023 SP0", - "version_value": "Release SOLIDWORKS 2023 SP5" - }, - { - "version_affected": "<=", - "version_name": "Release SOLIDWORKS 2024 SP0", - "version_value": "Release SOLIDWORKS 2024 SP1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.3ds.com/vulnerability/advisories", - "refsource": "MISC", - "name": "https://www.3ds.com/vulnerability/advisories" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Mat Powell of Trend Micro Zero Day Initiative" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseSeverity": "HIGH", - "baseScore": 7.8, - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3300.json b/2024/3xxx/CVE-2024-3300.json new file mode 100644 index 00000000000..2d5b2750f2f --- /dev/null +++ b/2024/3xxx/CVE-2024-3300.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3300", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3301.json b/2024/3xxx/CVE-2024-3301.json new file mode 100644 index 00000000000..1ca384318a1 --- /dev/null +++ b/2024/3xxx/CVE-2024-3301.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3301", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3336.json b/2024/3xxx/CVE-2024-3336.json new file mode 100644 index 00000000000..33d5bff8238 --- /dev/null +++ b/2024/3xxx/CVE-2024-3336.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3336", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3351.json b/2024/3xxx/CVE-2024-3351.json new file mode 100644 index 00000000000..9fc89d985c3 --- /dev/null +++ b/2024/3xxx/CVE-2024-3351.json @@ -0,0 +1,110 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-3351", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This affects an unknown part of the file admin/mod_roomtype/index.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259455." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 gefunden. Es betrifft eine unbekannte Funktion der Datei admin/mod_roomtype/index.php. Durch das Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Aplaya Beach Resort Online Reservation System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259455", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259455" + }, + { + "url": "https://vuldb.com/?ctiid.259455", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259455" + }, + { + "url": "https://vuldb.com/?submit.310219", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.310219" + }, + { + "url": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-04", + "refsource": "MISC", + "name": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-04" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "qianzui1004 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3352.json b/2024/3xxx/CVE-2024-3352.json new file mode 100644 index 00000000000..dfc65a49bd9 --- /dev/null +++ b/2024/3xxx/CVE-2024-3352.json @@ -0,0 +1,110 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-3352", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/mod_comments/index.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259456." + }, + { + "lang": "deu", + "value": "In SourceCodester Aplaya Beach Resort Online Reservation System 1.0 wurde eine kritische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei admin/mod_comments/index.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Aplaya Beach Resort Online Reservation System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259456", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259456" + }, + { + "url": "https://vuldb.com/?ctiid.259456", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259456" + }, + { + "url": "https://vuldb.com/?submit.310220", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.310220" + }, + { + "url": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-05", + "refsource": "MISC", + "name": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-05" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "qianzui1004 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3353.json b/2024/3xxx/CVE-2024-3353.json new file mode 100644 index 00000000000..42e158a56cb --- /dev/null +++ b/2024/3xxx/CVE-2024-3353.json @@ -0,0 +1,110 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-3353", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/mod_reports/index.php. The manipulation of the argument categ/end leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259457 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 gefunden. Dies betrifft einen unbekannten Teil der Datei admin/mod_reports/index.php. Dank der Manipulation des Arguments categ/end mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Aplaya Beach Resort Online Reservation System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259457", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259457" + }, + { + "url": "https://vuldb.com/?ctiid.259457", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259457" + }, + { + "url": "https://vuldb.com/?submit.310221", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.310221" + }, + { + "url": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-06", + "refsource": "MISC", + "name": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-06" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "qianzui1004 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3354.json b/2024/3xxx/CVE-2024-3354.json new file mode 100644 index 00000000000..0f70841c770 --- /dev/null +++ b/2024/3xxx/CVE-2024-3354.json @@ -0,0 +1,110 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-3354", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been classified as critical. Affected is an unknown function of the file admin/mod_users/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259458 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei admin/mod_users/index.php. Dank Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Aplaya Beach Resort Online Reservation System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259458", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259458" + }, + { + "url": "https://vuldb.com/?ctiid.259458", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259458" + }, + { + "url": "https://vuldb.com/?submit.310222", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.310222" + }, + { + "url": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-07", + "refsource": "MISC", + "name": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-07" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "qianzui1004 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3398.json b/2024/3xxx/CVE-2024-3398.json new file mode 100644 index 00000000000..1a038e7272a --- /dev/null +++ b/2024/3xxx/CVE-2024-3398.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3398", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3399.json b/2024/3xxx/CVE-2024-3399.json new file mode 100644 index 00000000000..7f00e3abb34 --- /dev/null +++ b/2024/3xxx/CVE-2024-3399.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3399", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3400.json b/2024/3xxx/CVE-2024-3400.json new file mode 100644 index 00000000000..5c66e351f6f --- /dev/null +++ b/2024/3xxx/CVE-2024-3400.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3400", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3401.json b/2024/3xxx/CVE-2024-3401.json new file mode 100644 index 00000000000..3580b6de56d --- /dev/null +++ b/2024/3xxx/CVE-2024-3401.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3401", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3402.json b/2024/3xxx/CVE-2024-3402.json new file mode 100644 index 00000000000..7cf86d4397d --- /dev/null +++ b/2024/3xxx/CVE-2024-3402.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3402", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3403.json b/2024/3xxx/CVE-2024-3403.json new file mode 100644 index 00000000000..38e1028eac9 --- /dev/null +++ b/2024/3xxx/CVE-2024-3403.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3403", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3404.json b/2024/3xxx/CVE-2024-3404.json new file mode 100644 index 00000000000..b19bfe6a201 --- /dev/null +++ b/2024/3xxx/CVE-2024-3404.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3404", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3405.json b/2024/3xxx/CVE-2024-3405.json new file mode 100644 index 00000000000..1b2cfbc4e53 --- /dev/null +++ b/2024/3xxx/CVE-2024-3405.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3405", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3406.json b/2024/3xxx/CVE-2024-3406.json new file mode 100644 index 00000000000..ebf64bf58e3 --- /dev/null +++ b/2024/3xxx/CVE-2024-3406.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3406", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3407.json b/2024/3xxx/CVE-2024-3407.json new file mode 100644 index 00000000000..584c6356a94 --- /dev/null +++ b/2024/3xxx/CVE-2024-3407.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3407", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3408.json b/2024/3xxx/CVE-2024-3408.json new file mode 100644 index 00000000000..025e0bf2d15 --- /dev/null +++ b/2024/3xxx/CVE-2024-3408.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3408", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file