admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-16 18:00:33 +00:00
parent b4381e1638
commit 4df1b61fdf
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
27 changed files with 903 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/3xxx/CVE-2021-3773.json
View File

@ -53,6 +53,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"refsource": "MISC",
"name": "https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/",
"url": "https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/"
}
]
},

61
2023/31xxx/CVE-2023-31456.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31456",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, where the server can be forced to make arbitrary requests to internal and external resources by an authenticated user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://antidot.net/blog/",
"refsource": "MISC",
"name": "https://antidot.net/blog/"
},
{
"refsource": "CONFIRM",
"name": "https://doc.fluidtopics.com/r/Fluid-Topics-Release-Notes/June-10th-2024",
"url": "https://doc.fluidtopics.com/r/Fluid-Topics-Release-Notes/June-10th-2024"
}
]
}

56
2024/33xxx/CVE-2024-33181.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33181",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-33181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceMac parameter at ip/goform/addWifiMacFilter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://palm-vertebra-fe9.notion.site/addWifiMacFilter_2-0f7fab42d4254867b46fe92b25dc7c40",
"url": "https://palm-vertebra-fe9.notion.site/addWifiMacFilter_2-0f7fab42d4254867b46fe92b25dc7c40"
}
]
}

81
2024/39xxx/CVE-2024-39700.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39700",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. Users who made changes to `update-integration-tests.yml`, accept overwriting of this file and re-apply your changes later. Users may wish to temporarily disable GitHub Actions while working on the upgrade. We recommend rebasing all open pull requests from untrusted users as actions may run using the version from the `main` branch at the time when the pull request was created. Users who are upgrading from template version prior to 4.3.0 may wish to leave out proposed changes to the release workflow for now as it requires additional configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jupyterlab",
"product": {
"product_data": [
{
"product_name": "extension-template",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.3.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/jupyterlab/extension-template/security/advisories/GHSA-45gq-v5wm-82wg",
"refsource": "MISC",
"name": "https://github.com/jupyterlab/extension-template/security/advisories/GHSA-45gq-v5wm-82wg"
},
{
"url": "https://github.com/jupyterlab/extension-template/commit/035e78c1c65bcedee97c95bb683abe59c96bc4e6",
"refsource": "MISC",
"name": "https://github.com/jupyterlab/extension-template/commit/035e78c1c65bcedee97c95bb683abe59c96bc4e6"
}
]
},
"source": {
"advisory": "GHSA-45gq-v5wm-82wg",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

81
2024/39xxx/CVE-2024-39908.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39908",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": " REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ruby",
"product": {
"product_data": [
{
"product_name": "rexml",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8",
"refsource": "MISC",
"name": "https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8"
},
{
"url": "https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908",
"refsource": "MISC",
"name": "https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908"
}
]
},
"source": {
"advisory": "GHSA-4xqq-m2hx-25v8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

114
2024/3xxx/CVE-2024-3232.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3232",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"cweId": "CWE-1236"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenable",
"product": {
"product_data": [
{
"product_name": "Tenable Identity Exposure",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"version": "Tenable Identity Exposure 3.42"
},
{
"status": "affected",
"version": "Tenable Identity Exposure 3.29"
},
{
"status": "affected",
"version": "Tenable Identity Exposure 3.19"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.tenable.com/security/tns-2024-04",
"refsource": "MISC",
"name": "https://www.tenable.com/security/tns-2024-04"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "tns-2024-04",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nTenable has released Tenable Identity Exposure Version 3.59.4 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/identity-exposure\">https://www.tenable.com/downloads/identity-exposure</a>\n\n<br>"
}
],
"value": "Tenable has released Tenable Identity Exposure Version 3.59.4 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/identity-exposure"
}
],
"credits": [
{
"lang": "en",
"value": "Ammarit Thongthua and Sarun Pornjarungsak from Secure D Research team"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

56
2024/40xxx/CVE-2024-40425.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40425",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-40425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://gist.github.com/J1rrY-learn/26524d4714a81cf2d64583069e96f765",
"url": "https://gist.github.com/J1rrY-learn/26524d4714a81cf2d64583069e96f765"
}
]
}

76
2024/40xxx/CVE-2024-40626.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40626",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror\u2019s rendering process that leads to a Stored Cross-Site Scripting (XSS) vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other users view this document, the malicious Javascript can execute in the origin of Outline. Outline includes CSP rules to prevent third-party code execution, however in the case of self-hosting and having your file storage on the same domain as Outline a malicious payload can be uploaded as a file attachment and bypass those CSP restrictions. This issue has been addressed in release version 0.77.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "outline",
"product": {
"product_data": [
{
"product_name": "outline",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.77.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/outline/outline/security/advisories/GHSA-888c-mvg8-v6wh",
"refsource": "MISC",
"name": "https://github.com/outline/outline/security/advisories/GHSA-888c-mvg8-v6wh"
}
]
},
"source": {
"advisory": "GHSA-888c-mvg8-v6wh",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

6
2024/5xxx/CVE-2024-5154.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in cri-o. A malicious container can create a symbolic link pointing to an arbitrary directory or file on the host via directory traversal (\u201c../\u201c). This flaw allows the container to read and write to arbitrary files on the host system."
"value": "A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (\u201c../\u201c). This flaw allows the container to read and write to arbitrary files on the host system."
}
]
},
@ -65,7 +65,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.27.7-3.rhaos4.14.git674563e.el8",
"version": "0:1.27.7-3.rhaos4.14.git674563e.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
@ -86,7 +86,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.28.7-2.rhaos4.15.git111aec5.el8",
"version": "0:1.28.7-2.rhaos4.15.git111aec5.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"

76
2024/6xxx/CVE-2024-6089.json
View File

@ -1,18 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6089",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An input validation vulnerability exists in the Rockwell Automation\u00a05015 - AENFTXT\u00a0when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "5015 - AENFTXT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v2.011"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html",
"refsource": "MISC",
"name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SD1680",
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>Customers using the affected software are encouraged to apply the risk mitigations, if possible.</p><ul><li><p>Update to the corrected firmware revision, v2.012.</p></li></ul><ul><li><p>For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">security best practices</a>&nbsp;to minimize the risk of the vulnerability.</p></li></ul>"
}
],
"value": "Customers using the affected software are encouraged to apply the risk mitigations, if possible.\n\n * Update to the corrected firmware revision, v2.012.\n\n\n\n\n * For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability."
}
]
}

24
2024/6xxx/CVE-2024-6600.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13."
"value": "Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.13"
}
]
}
}
]
}
@ -80,6 +92,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-30/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-30/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-31/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-31/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

24
2024/6xxx/CVE-2024-6601.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13."
"value": "A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.13"
}
]
}
}
]
}
@ -80,6 +92,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-30/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-30/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-31/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-31/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

24
2024/6xxx/CVE-2024-6602.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A mismatch between allocator and deallocator could have lead to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13."
"value": "A mismatch between allocator and deallocator could have lead to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.13"
}
]
}
}
]
}
@ -80,6 +92,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-30/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-30/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-31/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-31/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

24
2024/6xxx/CVE-2024-6603.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13."
"value": "In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128."
}
]
},
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.13"
}
]
}
}
]
}
@ -80,6 +92,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-30/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-30/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-31/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-31/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

26
2024/6xxx/CVE-2024-6604.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13."
"value": "Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13"
"value": "Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird 115.13"
}
]
}
@ -57,6 +57,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "115.13"
}
]
}
}
]
}
@ -80,6 +92,16 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-30/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-30/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-31/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-31/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

19
2024/6xxx/CVE-2024-6606.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox < 128."
"value": "Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128."
}
]
},
@ -45,6 +45,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128"
}
]
}
}
]
}
@ -63,6 +75,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-29/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-29/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

19
2024/6xxx/CVE-2024-6607.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `&lt;select&gt;` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128."
"value": "It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `&lt;select&gt;` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128."
}
]
},
@ -45,6 +45,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128"
}
]
}
}
]
}
@ -63,6 +75,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-29/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-29/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

19
2024/6xxx/CVE-2024-6608.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128."
"value": "It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128."
}
]
},
@ -45,6 +45,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128"
}
]
}
}
]
}
@ -63,6 +75,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-29/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-29/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

19
2024/6xxx/CVE-2024-6609.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128."
"value": "When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128."
}
]
},
@ -45,6 +45,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128"
}
]
}
}
]
}
@ -63,6 +75,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-29/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-29/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

19
2024/6xxx/CVE-2024-6610.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128."
"value": "Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128."
}
]
},
@ -45,6 +45,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128"
}
]
}
}
]
}
@ -63,6 +75,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-29/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-29/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

19
2024/6xxx/CVE-2024-6611.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128."
"value": "A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128."
}
]
},
@ -45,6 +45,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128"
}
]
}
}
]
}
@ -63,6 +75,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-29/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-29/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

19
2024/6xxx/CVE-2024-6612.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128."
"value": "CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128."
}
]
},
@ -45,6 +45,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128"
}
]
}
}
]
}
@ -63,6 +75,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-29/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-29/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

19
2024/6xxx/CVE-2024-6613.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128."
"value": "The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128."
}
]
},
@ -45,6 +45,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128"
}
]
}
}
]
}
@ -63,6 +75,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-29/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-29/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

19
2024/6xxx/CVE-2024-6614.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128."
"value": "The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128."
}
]
},
@ -45,6 +45,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128"
}
]
}
}
]
}
@ -63,6 +75,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-29/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-29/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

21
2024/6xxx/CVE-2024-6615.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs present in Firefox 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128."
"value": "Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Thunderbird < 128."
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 128"
"value": "Memory safety bugs fixed in Firefox 128 and Thunderbird 128"
}
]
}
@ -45,6 +45,18 @@
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "128"
}
]
}
}
]
}
@ -63,6 +75,11 @@
"url": "https://www.mozilla.org/security/advisories/mfsa2024-29/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-29/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-32/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2024-32/"
}
]
},

18
2024/6xxx/CVE-2024-6795.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6795",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/6xxx/CVE-2024-6796.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6796",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}