From 4bca38a257253c22575c84dc01d5383ebc33cb03 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 5 Feb 2024 06:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/51xxx/CVE-2023-51504.json | 113 +++++++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5677.json | 77 ++++++++++++++++++++-- 2023/5xxx/CVE-2023-5800.json | 77 ++++++++++++++++++++-- 2024/20xxx/CVE-2024-20001.json | 53 ++++++++++++++-- 2024/20xxx/CVE-2024-20002.json | 53 ++++++++++++++-- 2024/20xxx/CVE-2024-20003.json | 53 ++++++++++++++-- 2024/20xxx/CVE-2024-20004.json | 53 ++++++++++++++-- 2024/20xxx/CVE-2024-20006.json | 53 ++++++++++++++-- 2024/20xxx/CVE-2024-20007.json | 53 ++++++++++++++-- 2024/20xxx/CVE-2024-20009.json | 53 ++++++++++++++-- 2024/20xxx/CVE-2024-20010.json | 53 ++++++++++++++-- 2024/20xxx/CVE-2024-20011.json | 53 ++++++++++++++-- 2024/20xxx/CVE-2024-20012.json | 53 ++++++++++++++-- 2024/20xxx/CVE-2024-20013.json | 53 ++++++++++++++-- 2024/20xxx/CVE-2024-20015.json | 53 ++++++++++++++-- 2024/20xxx/CVE-2024-20016.json | 53 ++++++++++++++-- 2024/24xxx/CVE-2024-24870.json | 113 +++++++++++++++++++++++++++++++-- 17 files changed, 1001 insertions(+), 68 deletions(-) diff --git a/2023/51xxx/CVE-2023-51504.json b/2023/51xxx/CVE-2023-51504.json index 73f9f33a8e9..6033446795b 100644 --- a/2023/51xxx/CVE-2023-51504.json +++ b/2023/51xxx/CVE-2023-51504.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-51504", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dan Dulaney", + "product": { + "product_data": [ + { + "product_name": "Dan's Embedder for Google Calendar", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/dans-gcal/wordpress-dan-s-embedder-for-google-calendar-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/dans-gcal/wordpress-dan-s-embedder-for-google-calendar-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.3 or a higher version." + } + ], + "value": "Update to\u00a01.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "NG\u00d4 THI\u00caN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5677.json b/2023/5xxx/CVE-2023-5677.json index e1645c33f71..1734a863e72 100644 --- a/2023/5xxx/CVE-2023-5677.json +++ b/2023/5xxx/CVE-2023-5677.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5677", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@axis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Brandon\nRothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi\ndid not have a sufficient input validation allowing for a possible remote code\nexecution. This flaw can only be exploited after authenticating with an\noperator- or administrator-privileged service account. The impact of exploiting\nthis vulnerability is lower with operator-privileges compared to\nadministrator-privileges service accounts. Axis has released patched AXIS OS\nversions for the highlighted flaw. Please refer to the Axis security advisory\nfor more information and solution. \n\n\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Axis Communications AB", + "product": { + "product_data": [ + { + "product_name": "AXIS OS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "AXIS OS 5.51" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.axis.com/dam/public/a9/dd/f1/cve-2023-5677-en-US-424335.pdf", + "refsource": "MISC", + "name": "https://www.axis.com/dam/public/a9/dd/f1/cve-2023-5677-en-US-424335.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5800.json b/2023/5xxx/CVE-2023-5800.json index 263490eb67e..bc7dfabfb59 100644 --- a/2023/5xxx/CVE-2023-5800.json +++ b/2023/5xxx/CVE-2023-5800.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@axis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vintage,\nmember of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi\ndid not have a sufficient input validation allowing for a possible remote code\nexecution. This flaw can only be exploited after authenticating with an\noperator- or administrator-privileged service account. Axis has released patched AXIS OS\nversions for the highlighted flaw. Please refer to the Axis security advisory\nfor more information and solution.\n\n\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Axis Communications AB", + "product": { + "product_data": [ + { + "product_name": "AXIS OS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "AXIS OS 11.8, 10.12, 9.80, 8.40, 6.50" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.axis.com/dam/public/89/d9/99/cve-2023-5800-en-US-424339.pdf", + "refsource": "MISC", + "name": "https://www.axis.com/dam/public/89/d9/99/cve-2023-5800-en-US-424339.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/20xxx/CVE-2024-20001.json b/2024/20xxx/CVE-2024-20001.json index fe67a4f8cfe..9b0b03d4fef 100644 --- a/2024/20xxx/CVE-2024-20001.json +++ b/2024/20xxx/CVE-2024-20001.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20001", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT5583, MT5586, MT5691, MT5695, MT5696, MT9010, MT9011, MT9012, MT9015, MT9016, MT9020, MT9021, MT9022, MT9025, MT9026, MT9216, MT9218, MT9220, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9286, MT9288, MT9602, MT9603, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9618, MT9629, MT9630, MT9631, MT9632, MT9633, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9660, MT9666, MT9667, MT9669, MT9671, MT9675, MT9679, MT9685, MT9686, MT9688, MT9689", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 11.0, 12.0, 13.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/February-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20002.json b/2024/20xxx/CVE-2024-20002.json index 69ac2686ec2..30b6a44fbbc 100644 --- a/2024/20xxx/CVE-2024-20002.json +++ b/2024/20xxx/CVE-2024-20002.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT5583, MT5586, MT5691, MT5695, MT5696, MT9010, MT9011, MT9012, MT9015, MT9016, MT9020, MT9021, MT9022, MT9025, MT9026, MT9216, MT9218, MT9220, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9286, MT9288, MT9602, MT9603, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9618, MT9629, MT9630, MT9631, MT9632, MT9633, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9660, MT9666, MT9667, MT9669, MT9671, MT9675, MT9679, MT9685, MT9686, MT9688, MT9689", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 11.0, 12.0, 13.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/February-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20003.json b/2024/20xxx/CVE-2024-20003.json index 537efb7cb26..d1312ab2933 100644 --- a/2024/20xxx/CVE-2024-20003.json +++ b/2024/20xxx/CVE-2024-20003.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20003", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2735, MT6297, MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8791, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Modem NR15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/February-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20004.json b/2024/20xxx/CVE-2024-20004.json index 1ff432b1ad5..fad5a46c9ad 100644 --- a/2024/20xxx/CVE-2024-20004.json +++ b/2024/20xxx/CVE-2024-20004.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2735, MT6297, MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8791, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Modem NR15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/February-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20006.json b/2024/20xxx/CVE-2024-20006.json index 06858f78663..0e173ed0e84 100644 --- a/2024/20xxx/CVE-2024-20006.json +++ b/2024/20xxx/CVE-2024-20006.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20006", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2713, MT6781, MT6880, MT6890, MT8188T", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 11.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/February-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20007.json b/2024/20xxx/CVE-2024-20007.json index 6edcf5582d9..9ce86edc56e 100644 --- a/2024/20xxx/CVE-2024-20007.json +++ b/2024/20xxx/CVE-2024-20007.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6739, MT6761, MT6762, MT6765, MT6779, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8321, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/February-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20009.json b/2024/20xxx/CVE-2024-20009.json index 36896ca494b..45679bf63f2 100644 --- a/2024/20xxx/CVE-2024-20009.json +++ b/2024/20xxx/CVE-2024-20009.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20009", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6739, MT6761, MT6762, MT6765, MT6779, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8185, MT8188, MT8188T", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/February-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20010.json b/2024/20xxx/CVE-2024-20010.json index a418627259b..46117f35214 100644 --- a/2024/20xxx/CVE-2024-20010.json +++ b/2024/20xxx/CVE-2024-20010.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20010", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 11.0, 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/February-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20011.json b/2024/20xxx/CVE-2024-20011.json index 2da894fa1e8..76248c4b31c 100644 --- a/2024/20xxx/CVE-2024-20011.json +++ b/2024/20xxx/CVE-2024-20011.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20011", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6985, MT8127, MT8135, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8185, MT8188, MT8188T, MT8195, MT8195Z, MT8312C, MT8312D", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 11.0, 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/February-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20012.json b/2024/20xxx/CVE-2024-20012.json index eb1388fb2f6..e5a82634c2e 100644 --- a/2024/20xxx/CVE-2024-20012.json +++ b/2024/20xxx/CVE-2024-20012.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20012", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6895, MT6983, MT6985, MT8321, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/February-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20013.json b/2024/20xxx/CVE-2024-20013.json index 223a35c1c72..7082ac5e59f 100644 --- a/2024/20xxx/CVE-2024-20013.json +++ b/2024/20xxx/CVE-2024-20013.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20013", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 11.0, 12.0, 13.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/February-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20015.json b/2024/20xxx/CVE-2024-20015.json index 8d206748c09..52eb0b0fbd5 100644 --- a/2024/20xxx/CVE-2024-20015.json +++ b/2024/20xxx/CVE-2024-20015.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6739, MT6753, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6781, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8321, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/February-2024" } ] } diff --git a/2024/20xxx/CVE-2024-20016.json b/2024/20xxx/CVE-2024-20016.json index ddd0ea2560e..d283a49cb0a 100644 --- a/2024/20xxx/CVE-2024-20016.json +++ b/2024/20xxx/CVE-2024-20016.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-20016", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6735, MT6737, MT6739, MT6753, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8183, MT8188, MT8195, MT8765, MT8766, MT8768, MT8791, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 11.0, 12.0, 13.0, 14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/February-2024", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/February-2024" } ] } diff --git a/2024/24xxx/CVE-2024-24870.json b/2024/24xxx/CVE-2024-24870.json index 513ae11bce4..e181ff4aa6a 100644 --- a/2024/24xxx/CVE-2024-24870.json +++ b/2024/24xxx/CVE-2024-24870.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24870", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Michael Dempfle", + "product": { + "product_data": [ + { + "product_name": "Advanced iFrame", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2024.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2023.10", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/advanced-iframe/wordpress-advanced-iframe-plugin-2023-10-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/advanced-iframe/wordpress-advanced-iframe-plugin-2023-10-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2024.0 or a higher version." + } + ], + "value": "Update to\u00a02024.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "LVT-tholv2k (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] }