admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-07 22:00:38 +00:00
parent aa4aa29538
commit 53116d182a
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
24 changed files with 1358 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
2023/21xxx/CVE-2023-21267.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
"value": "In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
@ -38,6 +38,10 @@
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
@ -49,10 +53,6 @@
{
"version_affected": "=",
"version_value": "12"
},
{
"version_affected": "=",
"version_value": "11"
}
]
}
@ -66,14 +66,24 @@
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/d18d8b350756b0e89e051736c1f28744ed31e93a",
"url": "https://android.googlesource.com/platform/frameworks/base/+/cecddcd865f72d76f7aacb1cf4479365847299f9",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/d18d8b350756b0e89e051736c1f28744ed31e93a"
"name": "https://android.googlesource.com/platform/frameworks/base/+/cecddcd865f72d76f7aacb1cf4479365847299f9"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"url": "https://android.googlesource.com/platform/frameworks/base/+/cb7e9c7549a2a076ec00db15e3da0d21b31b0b1c",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2023-08-01"
"name": "https://android.googlesource.com/platform/frameworks/base/+/cb7e9c7549a2a076ec00db15e3da0d21b31b0b1c"
},
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/e205cd30e91d8eeadf562140c34c306ebf7d6394",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/e205cd30e91d8eeadf562140c34c306ebf7d6394"
},
{
"url": "https://source.android.com/security/bulletin/2024-04-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-04-01"
}
]
}

84
2023/40xxx/CVE-2023-40694.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40694",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Watson CP4D Data Stores",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "4.0.0",
"version_value": "4.8.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7150286",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7150286"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264838",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264838"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

20
2023/6xxx/CVE-2023-6507.json
View File

@ -60,11 +60,6 @@
},
"references": {
"reference_data": [
{
"url": "https://github.com/python/cpython/pull/112617",
"refsource": "MISC",
"name": "https://github.com/python/cpython/pull/112617"
},
{
"url": "https://github.com/python/cpython/issues/112334",
"refsource": "MISC",
@ -74,6 +69,21 @@
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/",
"refsource": "MISC",
"name": "https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/"
},
{
"url": "https://github.com/python/cpython/commit/9fe7655c6ce0b8e9adc229daf681b6d30e6b1610",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/9fe7655c6ce0b8e9adc229daf681b6d30e6b1610"
},
{
"url": "https://github.com/python/cpython/commit/10e9bb13b8dcaa414645b9bd10718d8f7179e82b",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/10e9bb13b8dcaa414645b9bd10718d8f7179e82b"
},
{
"url": "https://github.com/python/cpython/commit/85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06"
}
]
},

62
2024/0xxx/CVE-2024-0022.json
View File

@ -1,17 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0022",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/bdf1cce569c9700965ff6baee8efd3fb1e8269e8",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/bdf1cce569c9700965ff6baee8efd3fb1e8269e8"
},
{
"url": "https://source.android.com/security/bulletin/2024-04-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-04-01"
}
]
}

70
2024/0xxx/CVE-2024-0024.json
View File

@ -1,17 +1,79 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0024",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/6a9250ec7fc9801a883cedd7860076f42fb518ac",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/6a9250ec7fc9801a883cedd7860076f42fb518ac"
},
{
"url": "https://source.android.com/security/bulletin/2024-05-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-05-01"
}
]
}

70
2024/0xxx/CVE-2024-0025.json
View File

@ -1,17 +1,79 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0025",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/d49662560e366dbf69bf7d59d00e73905d03e6d5",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/d49662560e366dbf69bf7d59d00e73905d03e6d5"
},
{
"url": "https://source.android.com/security/bulletin/2024-05-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-05-01"
}
]
}

70
2024/0xxx/CVE-2024-0026.json
View File

@ -1,17 +1,79 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/a8fb9fe93efdebc4145e00934f42c91742f328de",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/a8fb9fe93efdebc4145e00934f42c91742f328de"
},
{
"url": "https://source.android.com/security/bulletin/2024-04-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-04-01"
}
]
}

70
2024/0xxx/CVE-2024-0027.json
View File

@ -1,17 +1,79 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/a8fb9fe93efdebc4145e00934f42c91742f328de",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/a8fb9fe93efdebc4145e00934f42c91742f328de"
},
{
"url": "https://source.android.com/security/bulletin/2024-04-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-04-01"
}
]
}

53
2024/0xxx/CVE-2024-0042.json
View File

@ -1,17 +1,62 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0042",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unknown"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/security/bulletin/2024-04-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-04-01"
}
]
}

70
2024/0xxx/CVE-2024-0043.json
View File

@ -1,17 +1,79 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0043",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Permission/+/8141e8f4dd77b9f8fb485e23ddf028c57fcd4fca",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/packages/modules/Permission/+/8141e8f4dd77b9f8fb485e23ddf028c57fcd4fca"
},
{
"url": "https://source.android.com/security/bulletin/2024-05-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-05-01"
}
]
}

5
2024/0xxx/CVE-2024-0450.json
View File

@ -134,6 +134,11 @@
"url": "http://www.openwall.com/lists/oss-security/2024/03/20/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
},
{
"url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675"
}
]
},

78
2024/23xxx/CVE-2024-23551.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23551",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Database scanning using username and password stores the credentials in\u00a0plaintext or encoded format within files at the endpoint. This has been identified as a significant\u00a0security risk. This will lead to exposure of sensitive information for unauthorized access,\u00a0potentially leading to severe consequences such as data breaches, unauthorized data\u00a0manipulation, and compromised system integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HCL Software",
"product": {
"product_data": [
{
"product_name": "BigFix Compliance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v9.x, v10.x, v11.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963",
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112963"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

62
2024/23xxx/CVE-2024-23704.json
View File

@ -1,17 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23704",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/2e90322bab7de1deaf3c82e207bf4404b92743d7",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/packages/apps/Settings/+/2e90322bab7de1deaf3c82e207bf4404b92743d7"
},
{
"url": "https://source.android.com/security/bulletin/2024-04-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-04-01"
}
]
}

70
2024/23xxx/CVE-2024-23705.json
View File

@ -1,17 +1,79 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23705",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/032bee6dc118ce1cc3fde92463b2954c1450f2e8",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/032bee6dc118ce1cc3fde92463b2954c1450f2e8"
},
{
"url": "https://source.android.com/security/bulletin/2024-05-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-05-01"
}
]
}

58
2024/23xxx/CVE-2024-23706.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23706",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/6e6896c3fd8139779ff8d51a99ee06667e849d87",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/6e6896c3fd8139779ff8d51a99ee06667e849d87"
},
{
"url": "https://source.android.com/security/bulletin/2024-05-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-05-01"
}
]
}

58
2024/23xxx/CVE-2024-23707.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23707",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/f1d0079c91734168c150f839168544f407b17b06",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/packages/apps/Settings/+/f1d0079c91734168c150f839168544f407b17b06"
},
{
"url": "https://source.android.com/security/bulletin/2024-05-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-05-01"
}
]
}

70
2024/23xxx/CVE-2024-23708.json
View File

@ -1,17 +1,79 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23708",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/0c095c365ede36257e829769194f9596a598e560",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/0c095c365ede36257e829769194f9596a598e560"
},
{
"url": "https://source.android.com/security/bulletin/2024-05-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-05-01"
}
]
}

70
2024/23xxx/CVE-2024-23709.json
View File

@ -1,17 +1,79 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23709",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/external/sonivox/+/3f798575d2d39cd190797427d13471d6e7ceae4c",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/external/sonivox/+/3f798575d2d39cd190797427d13471d6e7ceae4c"
},
{
"url": "https://source.android.com/security/bulletin/2024-05-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-05-01"
}
]
}

62
2024/23xxx/CVE-2024-23710.json
View File

@ -1,17 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23710",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/c7c1193ca7554fc3182ca9ab0f711bd118bdeef2",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/c7c1193ca7554fc3182ca9ab0f711bd118bdeef2"
},
{
"url": "https://source.android.com/security/bulletin/2024-04-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-04-01"
}
]
}

70
2024/23xxx/CVE-2024-23712.json
View File

@ -1,17 +1,79 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23712",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/6beb68ca17d1220f3f09a53cf0a0c541db4ead62",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/6beb68ca17d1220f3f09a53cf0a0c541db4ead62"
},
{
"url": "https://source.android.com/security/bulletin/2024-04-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-04-01"
}
]
}

70
2024/23xxx/CVE-2024-23713.json
View File

@ -1,17 +1,79 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23713",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/ffd616dc3b919fe7705dbc7a25868483ae45466b",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/ffd616dc3b919fe7705dbc7a25868483ae45466b"
},
{
"url": "https://source.android.com/security/bulletin/2024-04-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-04-01"
}
]
}

76
2024/34xxx/CVE-2024-34346.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34346",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading `/proc/self/environ` may provide access equivalent to `--allow-env`, and writing `/proc/self/mem` may provide access equivalent to `--allow-all`. Users who grant read and write access to the entire filesystem may not realize that these access to these files may have additional, unintended consequences. The documentation did not reflect that this practice should be undertaken to increase the strength of the security sandbox. Users who run code with `--allow-read` or `--allow-write` may unexpectedly end up granting additional permissions via file-system operations. Deno 1.43 and above require explicit `--allow-all` access to read or write `/etc`, `/dev` on unix platform (as well as `/proc` and `/sys` on linux platforms), and any path starting with `\\\\` on Windows.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "denoland",
"product": {
"product_data": [
{
"product_name": "deno",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.43.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/denoland/deno/security/advisories/GHSA-23rx-c3g5-hv9w",
"refsource": "MISC",
"name": "https://github.com/denoland/deno/security/advisories/GHSA-23rx-c3g5-hv9w"
}
]
},
"source": {
"advisory": "GHSA-23rx-c3g5-hv9w",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

89
2024/4xxx/CVE-2024-4030.json
View File

@ -1,18 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4030",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@python.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you\u2019re not using Windows or haven\u2019t changed the temporary directory location then you aren\u2019t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \u201c700\u201d for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Python Software Foundation",
"product": {
"product_data": [
{
"product_name": "CPython",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.13.0a1",
"version_value": "3.13.0b1"
},
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.12.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/",
"refsource": "MISC",
"name": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/"
},
{
"url": "https://github.com/python/cpython/issues/118486",
"refsource": "MISC",
"name": "https://github.com/python/cpython/issues/118486"
},
{
"url": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e"
},
{
"url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d",
"refsource": "MISC",
"name": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Aobo Wang"
}
]
}

18
2024/4xxx/CVE-2024-4630.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4630",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}