admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-29 17:00:35 +00:00
parent 998cf0d4c3
commit 5712005fbd
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
18 changed files with 745 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
2024/35xxx/CVE-2024-35133.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35133",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security Verify Access",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0",
"version_value": "10.0.8"
}
]
}
},
{
"product_name": "Security Verify Access Docker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0",
"version_value": "10.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7166712",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7166712"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/291026",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/291026"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
]
}

18
2024/35xxx/CVE-2024-35895.json
View File

@ -87,6 +87,12 @@
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.48",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.5",
"lessThanOrEqual": "6.8.*",
@ -139,6 +145,11 @@
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86"
},
{
"url": "https://git.kernel.org/stable/c/913c30f827e17d8cda1da6eeb990f350d36cb69b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/913c30f827e17d8cda1da6eeb990f350d36cb69b"
},
{
"url": "https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd",
"refsource": "MISC",
@ -148,15 +159,10 @@
"url": "https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
"engine": "bippy-c9c4e1df01b2"
}
}

15
2024/35xxx/CVE-2024-35937.json
View File

@ -41,12 +41,18 @@
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "5d7a8585fbb3"
"version_value": "9eb3bc0973d0"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.107",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.27",
"lessThanOrEqual": "6.6.*",
@ -80,6 +86,11 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e"
},
{
"url": "https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9",
"refsource": "MISC",
@ -98,6 +109,6 @@
]
},
"generator": {
"engine": "bippy-a5840b7849dd"
"engine": "bippy-c9c4e1df01b2"
}
}

13
2024/35xxx/CVE-2024-35966.json
View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "9f2c8a03fbb3",
"version_value": "4ea65e2095e9"
"version_value": "eea40d33bf93"
},
{
"version_value": "not down converted",
@ -57,6 +57,12 @@
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.107",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.47",
"lessThanOrEqual": "6.6.*",
@ -90,6 +96,11 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/eea40d33bf936a5c7fb03c190e61e0cfee00e872",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/eea40d33bf936a5c7fb03c190e61e0cfee00e872"
},
{
"url": "https://git.kernel.org/stable/c/4ea65e2095e9bd151d0469328dd7fc2858feb546",
"refsource": "MISC",

13
2024/40xxx/CVE-2024-40972.json
View File

@ -41,12 +41,18 @@
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "737fb7853acd"
"version_value": "0752e7fb549d"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.107",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.47",
"lessThanOrEqual": "6.6.*",
@ -80,6 +86,11 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/0752e7fb549d90c33b4d4186f11cfd25a556d1dd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0752e7fb549d90c33b4d4186f11cfd25a556d1dd"
},
{
"url": "https://git.kernel.org/stable/c/737fb7853acd5bc8984f6f42e4bfba3334be8ae1",
"refsource": "MISC",

22
2024/41xxx/CVE-2024-41024.json
View File

@ -63,6 +63,12 @@
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.48",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.10",
"lessThanOrEqual": "6.9.*",
@ -74,6 +80,12 @@
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
},
{
"version": "6.10.7",
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"versionType": "custom"
}
],
"defaultStatus": "affected"
@ -95,6 +107,11 @@
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5e305b5986dc52122a9368a1461f0c13e1de3fd6"
},
{
"url": "https://git.kernel.org/stable/c/ea13bd807f1cef1af375d999980a9b9794c789b6",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ea13bd807f1cef1af375d999980a9b9794c789b6"
},
{
"url": "https://git.kernel.org/stable/c/c69fd8afacebfdf2f8a1ee1ea7e0723786529874",
"refsource": "MISC",
@ -104,6 +121,11 @@
"url": "https://git.kernel.org/stable/c/bab2f5e8fd5d2f759db26b78d9db57412888f187",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bab2f5e8fd5d2f759db26b78d9db57412888f187"
},
{
"url": "https://git.kernel.org/stable/c/2eb973ee4770a26d9b5e292b58ad29822d321c7f",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2eb973ee4770a26d9b5e292b58ad29822d321c7f"
}
]
},

101
2024/41xxx/CVE-2024-41964.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41964",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the languages.* wildcard permission for a role could not have prohibited updates to existing language definitions. The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The problem has been patched in Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1, and Kirby 4.3.1. Please update to one of these or a later version to fix the vulnerability. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "getkirby",
"product": {
"product_data": [
{
"product_name": "kirby",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.6.6.6"
},
{
"version_affected": "=",
"version_value": ">= 3.7.0, < 3.7.5.5"
},
{
"version_affected": "=",
"version_value": ">= 3.8.0, < 3.8.4.4"
},
{
"version_affected": "=",
"version_value": ">= 3.9.0, < 3.9.8.2"
},
{
"version_affected": "=",
"version_value": ">= 3.10.0, < 3.10.1.1"
},
{
"version_affected": "=",
"version_value": ">= 4.0.0, < 4.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh",
"refsource": "MISC",
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh"
},
{
"url": "https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23",
"refsource": "MISC",
"name": "https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23"
}
]
},
"source": {
"advisory": "GHSA-jm9m-rqr3-wfmh",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
]
}

76
2024/43xxx/CVE-2024-43804.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43804",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functionality. User-supplied input is used without validation when constructing and executing an OS command. User supplied JSON POST data is parsed and if \"id\" JSON key does not exist, JSON value supplied via \"ip\" JSON key is assigned to the \"ip\" variable. Later on, \"ip\" variable which can be controlled by the attacker is used when constructing the cmd and cmd1 strings without any extra validation. Then, server_mod.subprocess_execute function is called on both cmd1 and cmd2. When the definition of the server_mod.subprocess_execute() function is analyzed, it can be seen that subprocess.Popen() is called on the input parameter with shell=True which results in OS Command Injection. This issue has not yet been patched. Users are advised to contact the Roxy-WI to coordinate a fix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "roxy-wi",
"product": {
"product_data": [
{
"product_name": "roxy-wi",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-qc52-vwwj-5585",
"refsource": "MISC",
"name": "https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-qc52-vwwj-5585"
}
]
},
"source": {
"advisory": "GHSA-qc52-vwwj-5585",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

114
2024/43xxx/CVE-2024-43845.json
View File

@ -1,18 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43845",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "e9109a92d2a9",
"version_value": "c996b570305e"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.3",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.3",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.107",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.44",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10.3",
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.11-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241"
},
{
"url": "https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab"
},
{
"url": "https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4"
},
{
"url": "https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c"
}
]
},
"generator": {
"engine": "bippy-c9c4e1df01b2"
}
}

35
2024/43xxx/CVE-2024-43884.json
View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "5157b8a503fa",
"version_value": "538fd3921afa"
"version_value": "5da288429232"
},
{
"version_value": "not down converted",
@ -57,6 +57,24 @@
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.107",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.48",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10.7",
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.11-rc5",
"lessThanOrEqual": "*",
@ -78,6 +96,21 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503"
},
{
"url": "https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4"
},
{
"url": "https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61"
},
{
"url": "https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2",
"refsource": "MISC",

16
2024/43xxx/CVE-2024-43897.json
View File

@ -38,6 +38,11 @@
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5b1997487a3f",
"version_value": "f01c5e335fbb"
},
{
"version_affected": "<",
"version_name": "90d41ebe0cd4",
@ -67,6 +72,12 @@
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.107",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.46",
"lessThanOrEqual": "6.6.*",
@ -100,6 +111,11 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f01c5e335fbb7fb612d40f14a3c02e2612a43d3b",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f01c5e335fbb7fb612d40f14a3c02e2612a43d3b"
},
{
"url": "https://git.kernel.org/stable/c/6772c4868a8e7ad5305957cdb834ce881793acb7",
"refsource": "MISC",

56
2024/44xxx/CVE-2024-44919.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44919",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nn0nkey/nn0nkey/blob/main/second.md",
"refsource": "MISC",
"name": "https://github.com/nn0nkey/nn0nkey/blob/main/second.md"
}
]
}

13
2024/44xxx/CVE-2024-44938.json
View File

@ -41,12 +41,18 @@
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "f650148b4394"
"version_value": "bd04a149e3a2"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.107",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.47",
"lessThanOrEqual": "6.6.*",
@ -80,6 +86,11 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e"
},
{
"url": "https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3",
"refsource": "MISC",

13
2024/44xxx/CVE-2024-44939.json
View File

@ -41,12 +41,18 @@
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "6ea10dbb1e6c"
"version_value": "53023ab11836"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.107",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.47",
"lessThanOrEqual": "6.6.*",
@ -80,6 +86,11 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9"
},
{
"url": "https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6",
"refsource": "MISC",

13
2024/44xxx/CVE-2024-44940.json
View File

@ -41,12 +41,18 @@
{
"version_affected": "<",
"version_name": "1da177e4c3f4",
"version_value": "3db4395332e7"
"version_value": "5a2e37bc648a"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.1.107",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.47",
"lessThanOrEqual": "6.6.*",
@ -80,6 +86,11 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb"
},
{
"url": "https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59",
"refsource": "MISC",

76
2024/45xxx/CVE-2024-45045.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45045",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised via this vulnerability is considered high. Non-mobile variants are not affected. Mobile variants should update to the latest version provided by the platform appstore. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-84: Improper Neutralization of Encoded URI Schemes in a Web Page",
"cweId": "CWE-84"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CollaboraOnline",
"product": {
"product_data": [
{
"product_name": "online",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Collabora Office (Android): < 24.04.6.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-78cg-rg4q-26qv",
"refsource": "MISC",
"name": "https://github.com/CollaboraOnline/online/security/advisories/GHSA-78cg-rg4q-26qv"
}
]
},
"source": {
"advisory": "GHSA-78cg-rg4q-26qv",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

81
2024/45xxx/CVE-2024-45056.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45056",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended. Thus instead of producing `roti 2^256 - 1, x` the compiler produces `rotl 2^64 - 1, x`. Analysis has shown that no contracts were affected by the date of publishing this advisory. This issue has been addressed in version 1.5.3. Users are advised to upgrade and redeploy all contracts. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-682: Incorrect Calculation",
"cweId": "CWE-682"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "matter-labs",
"product": {
"product_data": [
{
"product_name": "era-compiler-solidity",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.5.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-fpx7-8vc6-frjj",
"refsource": "MISC",
"name": "https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-fpx7-8vc6-frjj"
},
{
"url": "https://github.com/llvm/llvm-project/commit/e48237df95b49a36b8ffceb78c8a58f4be1b4344",
"refsource": "MISC",
"name": "https://github.com/llvm/llvm-project/commit/e48237df95b49a36b8ffceb78c8a58f4be1b4344"
}
]
},
"source": {
"advisory": "GHSA-fpx7-8vc6-frjj",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

18
2024/8xxx/CVE-2024-8316.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8316",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}