admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-12 01:00:54 +00:00
parent c458c62901
commit 84a831b539
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
94 changed files with 6364 additions and 891 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
2024/11xxx/CVE-2024-11872.json
View File

@ -1,17 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11872",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The product applies incorrect default permissions to a sensitive folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24329."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Epic Games",
"product": {
"product_data": [
{
"product_name": "Epic Games Launcher",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "16.6.0-33806133"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1646/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1646/"
},
{
"url": "https://trello.com/c/tcS6Jcfy/578-epic-games-launcher-1720",
"refsource": "MISC",
"name": "https://trello.com/c/tcS6Jcfy/578-epic-games-launcher-1720"
}
]
},
"source": {
"lang": "en",
"value": "Anonymous"
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

68
2024/11xxx/CVE-2024-11947.json
View File

@ -1,17 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11947",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the Core Service, which listens on TCP port 8017 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24029."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GFI",
"product": {
"product_data": [
{
"product_name": "Archiver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1670/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1670/"
}
]
},
"source": {
"lang": "en",
"value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)"
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

68
2024/11xxx/CVE-2024-11948.json
View File

@ -1,17 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11948",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Telerik Web UI. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-24041."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1395: Dependency on Vulnerable Third-Party Component",
"cweId": "CWE-1395"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GFI",
"product": {
"product_data": [
{
"product_name": "Archiver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1671/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1671/"
}
]
},
"source": {
"lang": "en",
"value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)"
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
]
}

68
2024/11xxx/CVE-2024-11949.json
View File

@ -1,17 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11949",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the Store Service, which listens on TCP port 8018 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24331."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GFI",
"product": {
"product_data": [
{
"product_name": "Archiver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1672/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1672/"
}
]
},
"source": {
"lang": "en",
"value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)"
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

68
2024/11xxx/CVE-2024-11950.json
View File

@ -1,17 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11950",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\n\nThe specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"cweId": "CWE-191"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "XnSoft",
"product": {
"product_data": [
{
"product_name": "XnView Classic",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.51.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1640/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-24-1640/"
}
]
},
"source": {
"lang": "en",
"value": "Im Junhyuk, Jeong Soeun, Im Seongmin, Lee Jinhyeok, Hyun Chae-eul, Lee Hyungyu"
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

117
2024/12xxx/CVE-2024-12480.json
View File

@ -1,17 +1,126 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12480",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been classified as critical. Affected is the function searchTopic of the file wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\TopicDao.java. The manipulation of the argument con leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in cjbi wetech-cms 1.0/1.1/1.2 ausgemacht. Es geht dabei um die Funktion searchTopic der Datei wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\TopicDao.java. Durch die Manipulation des Arguments con mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cjbi",
"product": {
"product_data": [
{
"product_name": "wetech-cms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.287862",
"refsource": "MISC",
"name": "https://vuldb.com/?id.287862"
},
{
"url": "https://vuldb.com/?ctiid.287862",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.287862"
},
{
"url": "https://vuldb.com/?submit.458851",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.458851"
},
{
"url": "https://github.com/hadagaga/vuln/blob/master/wetech-cms/sql-2/SQL_injection_vulnerability.md",
"refsource": "MISC",
"name": "https://github.com/hadagaga/vuln/blob/master/wetech-cms/sql-2/SQL_injection_vulnerability.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "hadagaga (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

117
2024/12xxx/CVE-2024-12481.json
View File

@ -1,17 +1,126 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12481",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been declared as critical. Affected by this vulnerability is the function findUser of the file wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\UserDao.java. The manipulation of the argument searchValue/gId/rId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In cjbi wetech-cms 1.0/1.1/1.2 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um die Funktion findUser der Datei wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\UserDao.java. Durch Manipulation des Arguments searchValue/gId/rId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cjbi",
"product": {
"product_data": [
{
"product_name": "wetech-cms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.287863",
"refsource": "MISC",
"name": "https://vuldb.com/?id.287863"
},
{
"url": "https://vuldb.com/?ctiid.287863",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.287863"
},
{
"url": "https://vuldb.com/?submit.458852",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.458852"
},
{
"url": "https://github.com/hadagaga/vuln/blob/master/wetech-cms/sql-3/SQL_injection_vulnerability.md",
"refsource": "MISC",
"name": "https://github.com/hadagaga/vuln/blob/master/wetech-cms/sql-3/SQL_injection_vulnerability.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "hadagaga (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

117
2024/12xxx/CVE-2024-12482.json
View File

@ -1,17 +1,126 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12482",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\\wetech-basic-common\\src\\main\\java\\tech\\wetech\\basic\\util\\BackupFileUtil.java of the component Database Backup Handler. The manipulation of the argument name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in cjbi wetech-cms 1.0/1.1/1.2 ausgemacht. Hierbei geht es um die Funktion backup der Datei wetech-cms-master\\wetech-basic-common\\src\\main\\java\\tech\\wetech\\basic\\util\\BackupFileUtil.java der Komponente Database Backup Handler. Mittels dem Manipulieren des Arguments name mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal: '../filedir'",
"cweId": "CWE-24"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Relative Path Traversal",
"cweId": "CWE-23"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cjbi",
"product": {
"product_data": [
{
"product_name": "wetech-cms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.287864",
"refsource": "MISC",
"name": "https://vuldb.com/?id.287864"
},
{
"url": "https://vuldb.com/?ctiid.287864",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.287864"
},
{
"url": "https://vuldb.com/?submit.458853",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.458853"
},
{
"url": "https://github.com/hadagaga/vuln/blob/master/wetech-cms/Catalog_penetration/Catalog_penetration.md",
"refsource": "MISC",
"name": "https://github.com/hadagaga/vuln/blob/master/wetech-cms/Catalog_penetration/Catalog_penetration.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "hadagaga (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"
}
]
}

121
2024/12xxx/CVE-2024-12483.json
View File

@ -1,17 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12483",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Dromara UJCMS bis 9.6.3 entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /users/id der Komponente User ID Handler. Mittels Manipulieren mit unbekannten Daten kann eine authorization bypass-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass",
"cweId": "CWE-639"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dromara",
"product": {
"product_data": [
{
"product_name": "UJCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.6.0"
},
{
"version_affected": "=",
"version_value": "9.6.1"
},
{
"version_affected": "=",
"version_value": "9.6.2"
},
{
"version_affected": "=",
"version_value": "9.6.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.287865",
"refsource": "MISC",
"name": "https://vuldb.com/?id.287865"
},
{
"url": "https://vuldb.com/?ctiid.287865",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.287865"
},
{
"url": "https://vuldb.com/?submit.458895",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.458895"
},
{
"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/ujcms/IDOR-UsernameEnumeration.md",
"refsource": "MISC",
"name": "https://github.com/cydtseng/Vulnerability-Research/blob/main/ujcms/IDOR-UsernameEnumeration.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "vastzero (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.7,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"
}
]
}

109
2024/12xxx/CVE-2024-12484.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12484",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0. This vulnerability affects unknown code of the file /signuppost.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
},
{
"lang": "deu",
"value": "In Codezips Technical Discussion Forum 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /signuppost.php. Durch das Manipulieren des Arguments Username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Codezips",
"product": {
"product_data": [
{
"product_name": "Technical Discussion Forum",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.287866",
"refsource": "MISC",
"name": "https://vuldb.com/?id.287866"
},
{
"url": "https://vuldb.com/?ctiid.287866",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.287866"
},
{
"url": "https://vuldb.com/?submit.459076",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.459076"
},
{
"url": "https://github.com/LiChaser/CVE/",
"refsource": "MISC",
"name": "https://github.com/LiChaser/CVE/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Licharse (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

114
2024/12xxx/CVE-2024-12485.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12485",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in code-projects Online Class and Exam Scheduling System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /pages/department.php. Durch Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "code-projects",
"product": {
"product_data": [
{
"product_name": "Online Class and Exam Scheduling System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.287867",
"refsource": "MISC",
"name": "https://vuldb.com/?id.287867"
},
{
"url": "https://vuldb.com/?ctiid.287867",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.287867"
},
{
"url": "https://vuldb.com/?submit.459077",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.459077"
},
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_department_php.docx",
"refsource": "MISC",
"name": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_department_php.docx"
},
{
"url": "https://code-projects.org/",
"refsource": "MISC",
"name": "https://code-projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "T123 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

114
2024/12xxx/CVE-2024-12486.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12486",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/rank_update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in code-projects Online Class and Exam Scheduling System 1.0 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /pages/rank_update.php. Durch das Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "code-projects",
"product": {
"product_data": [
{
"product_name": "Online Class and Exam Scheduling System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.287868",
"refsource": "MISC",
"name": "https://vuldb.com/?id.287868"
},
{
"url": "https://vuldb.com/?ctiid.287868",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.287868"
},
{
"url": "https://vuldb.com/?submit.459081",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.459081"
},
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_rank_update_php.docx",
"refsource": "MISC",
"name": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_rank_update_php.docx"
},
{
"url": "https://code-projects.org/",
"refsource": "MISC",
"name": "https://code-projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "T123 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

114
2024/12xxx/CVE-2024-12487.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12487",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/room_update.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In code-projects Online Class and Exam Scheduling System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /pages/room_update.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "code-projects",
"product": {
"product_data": [
{
"product_name": "Online Class and Exam Scheduling System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.287869",
"refsource": "MISC",
"name": "https://vuldb.com/?id.287869"
},
{
"url": "https://vuldb.com/?ctiid.287869",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.287869"
},
{
"url": "https://vuldb.com/?submit.459083",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.459083"
},
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_room_update_php.docx",
"refsource": "MISC",
"name": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_room_update_php.docx"
},
{
"url": "https://code-projects.org/",
"refsource": "MISC",
"name": "https://code-projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "T123 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

114
2024/12xxx/CVE-2024-12488.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12488",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/subject_update.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in code-projects Online Class and Exam Scheduling System 1.0 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /pages/subject_update.php. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "code-projects",
"product": {
"product_data": [
{
"product_name": "Online Class and Exam Scheduling System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.287870",
"refsource": "MISC",
"name": "https://vuldb.com/?id.287870"
},
{
"url": "https://vuldb.com/?ctiid.287870",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.287870"
},
{
"url": "https://vuldb.com/?submit.459097",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.459097"
},
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_subject_update_php%20.docx",
"refsource": "MISC",
"name": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_subject_update_php%20.docx"
},
{
"url": "https://code-projects.org/",
"refsource": "MISC",
"name": "https://code-projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "T123 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

114
2024/12xxx/CVE-2024-12489.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12489",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in code-projects Online Class and Exam Scheduling System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /pages/term.php. Dank Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "code-projects",
"product": {
"product_data": [
{
"product_name": "Online Class and Exam Scheduling System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.287871",
"refsource": "MISC",
"name": "https://vuldb.com/?id.287871"
},
{
"url": "https://vuldb.com/?ctiid.287871",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.287871"
},
{
"url": "https://vuldb.com/?submit.459113",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.459113"
},
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_term_php%20.docx",
"refsource": "MISC",
"name": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_term_php%20.docx"
},
{
"url": "https://code-projects.org/",
"refsource": "MISC",
"name": "https://code-projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "T123 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

114
2024/12xxx/CVE-2024-12490.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12490",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /pages/teacher_save.php. The manipulation of the argument salut leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
},
{
"lang": "deu",
"value": "In code-projects Online Class and Exam Scheduling System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /pages/teacher_save.php. Mit der Manipulation des Arguments salut mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "code-projects",
"product": {
"product_data": [
{
"product_name": "Online Class and Exam Scheduling System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.287872",
"refsource": "MISC",
"name": "https://vuldb.com/?id.287872"
},
{
"url": "https://vuldb.com/?ctiid.287872",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.287872"
},
{
"url": "https://vuldb.com/?submit.459116",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.459116"
},
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_teacher_save_php.docx",
"refsource": "MISC",
"name": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_teacher_save_php.docx"
},
{
"url": "https://code-projects.org/",
"refsource": "MISC",
"name": "https://code-projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "T123 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

114
2024/12xxx/CVE-2024-12492.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12492",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in code-projects Farmacia 1.0. It has been rated as critical. This issue affects some unknown processing of the file /visualizar-usuario.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in code-projects Farmacia 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /visualizar-usuario.php. Durch die Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "code-projects",
"product": {
"product_data": [
{
"product_name": "Farmacia",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.287873",
"refsource": "MISC",
"name": "https://vuldb.com/?id.287873"
},
{
"url": "https://vuldb.com/?ctiid.287873",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.287873"
},
{
"url": "https://vuldb.com/?submit.459115",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.459115"
},
{
"url": "https://github.com/A1ph4D3v1l/cve/blob/main/sql-x.md",
"refsource": "MISC",
"name": "https://github.com/A1ph4D3v1l/cve/blob/main/sql-x.md"
},
{
"url": "https://code-projects.org/",
"refsource": "MISC",
"name": "https://code-projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "hello vuldb (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

114
2024/12xxx/CVE-2024-12497.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12497",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected is an unknown function of the file /admin/check_admin_login.php. The manipulation of the argument admin_user_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in 1000 Projects Attendance Tracking Management System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/check_admin_login.php. Durch Manipulation des Arguments admin_user_name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "1000 Projects",
"product": {
"product_data": [
{
"product_name": "Attendance Tracking Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.287874",
"refsource": "MISC",
"name": "https://vuldb.com/?id.287874"
},
{
"url": "https://vuldb.com/?ctiid.287874",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.287874"
},
{
"url": "https://vuldb.com/?submit.459239",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.459239"
},
{
"url": "https://github.com/Ta0k1a/CVE/issues/1",
"refsource": "MISC",
"name": "https://github.com/Ta0k1a/CVE/issues/1"
},
{
"url": "https://1000projects.org/",
"refsource": "MISC",
"name": "https://1000projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Ta0k1a (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

109
2024/12xxx/CVE-2024-12503.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In ClassCMS 4.8 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /index.php/admin der Komponente Model Management Page. Mittels dem Manipulieren des Arguments URL mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ClassCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.287875",
"refsource": "MISC",
"name": "https://vuldb.com/?id.287875"
},
{
"url": "https://vuldb.com/?ctiid.287875",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.287875"
},
{
"url": "https://vuldb.com/?submit.461085",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.461085"
},
{
"url": "https://github.com/Jack-Black-13/blob/blob/main/classCMS_v4.8_model_xss.md",
"refsource": "MISC",
"name": "https://github.com/Jack-Black-13/blob/blob/main/classCMS_v4.8_model_xss.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "vulbox (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}

18
2024/12xxx/CVE-2024-12539.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12539",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12540.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12540",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12541.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12541",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12542.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12542",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12543.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12543",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12544.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12544",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12545.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12545",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12546.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12546",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12547.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12547",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12548.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12548",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12549.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12549",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12550.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12550",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12551.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12551",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12552.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12552",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12553.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12553",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12554.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12554",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12555.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12555",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12556.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12556",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12557.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12557",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12558.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12558",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12559.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12559",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

54
2024/44xxx/CVE-2024-44200.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44200",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to read sensitive location information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An app may be able to read sensitive location information"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121563",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121563"
}
]
}

93
2024/44xxx/CVE-2024-44201.json
View File

@ -1,17 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44201",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, macOS Ventura 13.7.2, iOS 18.1 and iPadOS 18.1, macOS Sonoma 14.7.2. Processing a malicious crafted file may lead to a denial-of-service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing a malicious crafted file may lead to a denial-of-service"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "13.7"
}
]
}
},
{
"product_name": "iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "17.7"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121842",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121842"
},
{
"url": "https://support.apple.com/en-us/121838",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121838"
},
{
"url": "https://support.apple.com/en-us/121840",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121840"
},
{
"url": "https://support.apple.com/en-us/121563",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121563"
}
]
}

122
2024/44xxx/CVE-2024-44212.json
View File

@ -1,17 +1,131 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44212",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cookies belonging to one origin may be sent to another origin"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "visionOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.1"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.1"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.1"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "11.1"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121566",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121566"
},
{
"url": "https://support.apple.com/en-us/121571",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121571"
},
{
"url": "https://support.apple.com/en-us/121569",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121569"
},
{
"url": "https://support.apple.com/en-us/121565",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121565"
},
{
"url": "https://support.apple.com/en-us/121563",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121563"
}
]
}

59
2024/44xxx/CVE-2024-44220.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44220",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Parsing a maliciously crafted video file may lead to unexpected system termination"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121839",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121839"
},
{
"url": "https://support.apple.com/en-us/121840",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121840"
}
]
}

64
2024/44xxx/CVE-2024-44224.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44224",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious app may be able to gain root privileges"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121839",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121839"
},
{
"url": "https://support.apple.com/en-us/121842",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121842"
},
{
"url": "https://support.apple.com/en-us/121840",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121840"
}
]
}

132
2024/44xxx/CVE-2024-44225.json
View File

@ -1,17 +1,141 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44225",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logic issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An app may be able to gain elevated privileges"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "11.2"
}
]
}
},
{
"product_name": "iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "17.7"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121844",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121844"
},
{
"url": "https://support.apple.com/en-us/121839",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121839"
},
{
"url": "https://support.apple.com/en-us/121842",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121842"
},
{
"url": "https://support.apple.com/en-us/121843",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121843"
},
{
"url": "https://support.apple.com/en-us/121838",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121838"
},
{
"url": "https://support.apple.com/en-us/121837",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121837"
},
{
"url": "https://support.apple.com/en-us/121840",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121840"
}
]
}

54
2024/44xxx/CVE-2024-44241.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44241",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121563",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121563"
}
]
}

54
2024/44xxx/CVE-2024-44242.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44242",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121563",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121563"
}
]
}

54
2024/44xxx/CVE-2024-44243.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44243",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An app may be able to modify protected parts of the file system"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121839",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121839"
}
]
}

110
2024/44xxx/CVE-2024-44245.json
View File

@ -1,17 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44245",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, visionOS 2.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2. An app may be able to cause unexpected system termination or corrupt kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An app may be able to cause unexpected system termination or corrupt kernel memory"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "visionOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.2"
}
]
}
},
{
"product_name": "iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "17.7"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121845",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121845"
},
{
"url": "https://support.apple.com/en-us/121839",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121839"
},
{
"url": "https://support.apple.com/en-us/121838",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121838"
},
{
"url": "https://support.apple.com/en-us/121837",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121837"
},
{
"url": "https://support.apple.com/en-us/121840",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121840"
}
]
}

105
2024/44xxx/CVE-2024-44246.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44246",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, Safari 18.2, iPadOS 17.7.3. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.2"
}
]
}
},
{
"product_name": "iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "17.7"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.2"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121839",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121839"
},
{
"url": "https://support.apple.com/en-us/121838",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121838"
},
{
"url": "https://support.apple.com/en-us/121837",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121837"
},
{
"url": "https://support.apple.com/en-us/121846",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121846"
}
]
}

59
2024/44xxx/CVE-2024-44248.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44248",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A user with screen sharing access may be able to view another user's screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A user with screen sharing access may be able to view another user's screen"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "13.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121842",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121842"
},
{
"url": "https://support.apple.com/en-us/121840",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121840"
}
]
}

71
2024/44xxx/CVE-2024-44290.json
View File

@ -1,17 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44290",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1. An app may be able to determine a user\u2019s current location."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An app may be able to determine a user\u2019s current location"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "11.1"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121565",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121565"
},
{
"url": "https://support.apple.com/en-us/121563",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121563"
}
]
}

64
2024/44xxx/CVE-2024-44291.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44291",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious app may be able to gain root privileges"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121839",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121839"
},
{
"url": "https://support.apple.com/en-us/121842",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121842"
},
{
"url": "https://support.apple.com/en-us/121840",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121840"
}
]
}

54
2024/44xxx/CVE-2024-44299.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44299",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121563",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121563"
}
]
}

64
2024/44xxx/CVE-2024-44300.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44300",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access protected user data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An app may be able to access protected user data"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121839",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121839"
},
{
"url": "https://support.apple.com/en-us/121842",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121842"
},
{
"url": "https://support.apple.com/en-us/121840",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121840"
}
]
}

76
2024/45xxx/CVE-2024-45404.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45404",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the account. This is because the otpLogin mutation does not implement One Time Password rate limiting. As of time of publication, it is unknown whether a patch is available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenCTI-Platform",
"product": {
"product_data": [
{
"product_name": "opencti",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 6.2.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-hg56-r6hh-56j7",
"refsource": "MISC",
"name": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-hg56-r6hh-56j7"
}
]
},
"source": {
"advisory": "GHSA-hg56-r6hh-56j7",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

68
2024/47xxx/CVE-2024-47546.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47546",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"cweId": "CWE-191"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-243_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-243_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0013.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0013.html"
}
]
},
"source": {
"advisory": "GHSA-8mrc-f6w6-gpph",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47596.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47596",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-244_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-244_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0015.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0015.html"
}
]
},
"source": {
"advisory": "GHSA-g338-pff2-5x8w",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47597.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47597",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-245_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-245_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0012.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0012.html"
}
]
},
"source": {
"advisory": "GHSA-22m6-44pv-4cgj",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47598.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn\u2019t properly checked before reading stts_duration, allowing the program to read 4 bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-246_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-246_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0006.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0006.html"
}
]
},
"source": {
"advisory": "GHSA-xgf3-8jmm-49hf",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47599.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-247_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-247_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0016.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0016.html"
}
]
},
"source": {
"advisory": "GHSA-p5ff-v9j8-327r",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47600.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0018.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0018.html"
}
]
},
"source": {
"advisory": "GHSA-fg6q-9rhh-fmh7",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47601.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47601",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-249_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-249_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0020.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0020.html"
}
]
},
"source": {
"advisory": "GHSA-fgw2-8jw2-ph33",
"discovery": "UNKNOWN"
}
}

77
2024/47xxx/CVE-2024-47602.json
View File

@ -1,18 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47602",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0019.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0019.html"
}
]
},
"source": {
"advisory": "GHSA-m48f-764w-83c6",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47603.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47603",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-251_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-251_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0021.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0021.html"
}
]
},
"source": {
"advisory": "GHSA-gqcc-q947-jv78",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47606.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47606",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0014.html"
}
]
},
"source": {
"advisory": "GHSA-j7pq-xcp8-8qxx",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47607.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47607",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0024.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0024.html"
}
]
},
"source": {
"advisory": "GHSA-xwp8-xrwj-765c",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47613.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47613",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0025.html"
}
]
},
"source": {
"advisory": "GHSA-qvwm-8ff7-8p2v",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47615.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47615",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0026.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0026.html"
}
]
},
"source": {
"advisory": "GHSA-c8rj-v4q3-38cx",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47774.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47774",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-262_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-262_Gstreamer/"
},
{
"url": "https://github.com/github/securitylab-vulnerabilities/issues/1826",
"refsource": "MISC",
"name": "https://github.com/github/securitylab-vulnerabilities/issues/1826"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043.patch"
}
]
},
"source": {
"advisory": "GHSA-qjr8-gwp5-24w7",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47775.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47775",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-261_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-261_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html"
}
]
},
"source": {
"advisory": "GHSA-hxxw-2g39-jv2p",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47776.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47776",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-260_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-260_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html"
}
]
},
"source": {
"advisory": "GHSA-qw5m-vfj2-xrx9",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47777.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47777",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-259_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-259_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html"
}
]
},
"source": {
"advisory": "GHSA-p29q-wv55-9qfv",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47778.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47778",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-258_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-258_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0027.html"
}
]
},
"source": {
"advisory": "GHSA-g5r2-cgcp-4228",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47834.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47834",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-280_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-280_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0030.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0030.html"
}
]
},
"source": {
"advisory": "GHSA-35x4-mx8h-fgm8",
"discovery": "UNKNOWN"
}
}

68
2024/47xxx/CVE-2024-47835.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47835",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gstreamer",
"product": {
"product_data": [
{
"product_name": "gstreamer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/"
},
{
"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039.patch",
"refsource": "MISC",
"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039.patch"
},
{
"url": "https://gstreamer.freedesktop.org/security/sa-2024-0029.html",
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2024-0029.html"
}
]
},
"source": {
"advisory": "GHSA-85h4-wm84-x659",
"discovery": "UNKNOWN"
}
}

212
2024/47xxx/CVE-2024-47967.json
View File

@ -39,24 +39,32 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "JCV1NX93"
},
{
"version_affected": "=",
"version_value": "JCV1NP93"
},
{
"version_affected": "=",
"version_value": "JCV1NQ93"
},
{
"version_affected": "=",
"version_value": "JCV10400"
},
{
"version_affected": "=",
"version_value": "JCV10404"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "JCV1NX93"
},
{
"status": "unaffected",
"version": "JCV1NP93"
},
{
"status": "unaffected",
"version": "JCV1NQ93"
},
{
"status": "unaffected",
"version": "JCV10400"
},
{
"status": "unaffected",
"version": "JCV10404"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -66,28 +74,36 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV1AP18"
},
{
"version_affected": "=",
"version_value": "9CV10314"
},
{
"version_affected": "=",
"version_value": "9CV10410"
},
{
"version_affected": "=",
"version_value": "4IAAHPK5"
},
{
"version_affected": "=",
"version_value": "9CV1MA70"
},
{
"version_affected": "=",
"version_value": "9CV1R410"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV1AP18"
},
{
"status": "unaffected",
"version": "9CV10314"
},
{
"status": "unaffected",
"version": "9CV10410"
},
{
"status": "unaffected",
"version": "4IAAHPK5"
},
{
"status": "unaffected",
"version": "9CV1MA70"
},
{
"status": "unaffected",
"version": "9CV1R410"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -97,20 +113,28 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV1AP18"
},
{
"version_affected": "=",
"version_value": "1.0.0-9CV10314"
},
{
"version_affected": "=",
"version_value": "9CV10410"
},
{
"version_affected": "=",
"version_value": "4IAAHPK5"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV1AP18"
},
{
"status": "unaffected",
"version": "1.0.0-9CV10314"
},
{
"status": "unaffected",
"version": "9CV10410"
},
{
"status": "unaffected",
"version": "4IAAHPK5"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -120,24 +144,32 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CV10C034"
},
{
"version_affected": "=",
"version_value": "1.3.0-2CV10300"
},
{
"version_affected": "=",
"version_value": "2CV1L031"
},
{
"version_affected": "=",
"version_value": "2CV1RC53"
},
{
"version_affected": "=",
"version_value": "2CV10300"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "2CV10C034"
},
{
"status": "unaffected",
"version": "1.3.0-2CV10300"
},
{
"status": "unaffected",
"version": "2CV1L031"
},
{
"status": "unaffected",
"version": "2CV1RC53"
},
{
"status": "unaffected",
"version": "2CV10300"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -147,20 +179,28 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CV10C034"
},
{
"version_affected": "=",
"version_value": "1.3.0-2CV10300"
},
{
"version_affected": "=",
"version_value": "2CV1L031"
},
{
"version_affected": "=",
"version_value": "2CV10300"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "2CV10C034"
},
{
"status": "unaffected",
"version": "1.3.0-2CV10300"
},
{
"status": "unaffected",
"version": "2CV1L031"
},
{
"status": "unaffected",
"version": "2CV10300"
}
],
"defaultStatus": "unaffected"
}
}
]
}

140
2024/47xxx/CVE-2024-47968.json
View File

@ -39,16 +39,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VDV10194"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VCV10394"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VCV10394"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -58,16 +66,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VDV10194"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VCV10394"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VCV10394"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -77,16 +93,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VDV10194"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VCV10394"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VCV10394"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -96,16 +120,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VDV10194"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VCV10394"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VCV10394"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -115,16 +147,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VDV10194"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VCV10394"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VCV10394"
}
],
"defaultStatus": "unaffected"
}
}
]
}

312
2024/47xxx/CVE-2024-47969.json
View File

@ -39,12 +39,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8DV10564"
},
{
"version_affected": "=",
"version_value": "3DV10132"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -54,12 +58,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3DV10132"
},
{
"version_affected": "=",
"version_value": "8DV10564"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -69,12 +77,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3DV10132"
},
{
"version_affected": "=",
"version_value": "8DV10564"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -84,12 +96,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3DV10132"
},
{
"version_affected": "=",
"version_value": "8DV10564"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -99,12 +115,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3DV10132"
},
{
"version_affected": "=",
"version_value": "8DV10564"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -114,12 +134,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3DV10132"
},
{
"version_affected": "=",
"version_value": "8DV10564"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -129,24 +153,32 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "JCV10400"
},
{
"version_affected": "=",
"version_value": "JCV10404"
},
{
"version_affected": "=",
"version_value": "JCV1NX93"
},
{
"version_affected": "=",
"version_value": "JCV1NP93"
},
{
"version_affected": "=",
"version_value": "JCV1NQ93"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "JCV10400"
},
{
"status": "unaffected",
"version": "JCV10404"
},
{
"status": "unaffected",
"version": "JCV1NX93"
},
{
"status": "unaffected",
"version": "JCV1NP93"
},
{
"status": "unaffected",
"version": "JCV1NQ93"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -156,8 +188,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "YCV10200"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "YCV10200"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -167,16 +207,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "ACV10340"
},
{
"version_affected": "=",
"version_value": "ACV1MA14"
},
{
"version_affected": "=",
"version_value": "ACV1R360"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ACV10340"
},
{
"status": "unaffected",
"version": "ACV1MA14"
},
{
"status": "unaffected",
"version": "ACV1R360"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -186,16 +234,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.2.0-9CV10410"
},
{
"version_affected": "=",
"version_value": "4IAAHPK5"
},
{
"version_affected": "=",
"version_value": "9CV1R450"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "1.2.0-9CV10410"
},
{
"status": "unaffected",
"version": "4IAAHPK5"
},
{
"status": "unaffected",
"version": "9CV1R450"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -205,12 +261,20 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4IAAHPK5"
},
{
"version_affected": "=",
"version_value": "1.2.0-9CV10410"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "4IAAHPK5"
},
{
"status": "unaffected",
"version": "1.2.0-9CV10410"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -220,8 +284,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV1R450"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV1R450"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -231,20 +303,28 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CV10300"
},
{
"version_affected": "=",
"version_value": "2CV10C034"
},
{
"version_affected": "=",
"version_value": "2CV1L031"
},
{
"version_affected": "=",
"version_value": "2CV1RC53"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "2CV10300"
},
{
"status": "unaffected",
"version": "2CV10C034"
},
{
"status": "unaffected",
"version": "2CV1L031"
},
{
"status": "unaffected",
"version": "2CV1RC53"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -254,20 +334,28 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CV10300"
},
{
"version_affected": "=",
"version_value": "2CV10C034"
},
{
"version_affected": "=",
"version_value": "2CV1L031"
},
{
"version_affected": "=",
"version_value": "2CV1RC53"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "2CV10300"
},
{
"status": "unaffected",
"version": "2CV10C034"
},
{
"status": "unaffected",
"version": "2CV1L031"
},
{
"status": "unaffected",
"version": "2CV1RC53"
}
],
"defaultStatus": "unaffected"
}
}
]
}

52
2024/47xxx/CVE-2024-47971.json
View File

@ -39,12 +39,20 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "ACV10340"
},
{
"version_affected": "=",
"version_value": "ACV1MA10"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ACV10340"
},
{
"status": "unaffected",
"version": "ACV1MA10"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -54,12 +62,20 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV10410"
},
{
"version_affected": "=",
"version_value": "9CV1MA70"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV10410"
},
{
"status": "unaffected",
"version": "9CV1MA70"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -69,8 +85,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV10410"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV10410"
}
],
"defaultStatus": "unaffected"
}
}
]
}

36
2024/47xxx/CVE-2024-47972.json
View File

@ -39,8 +39,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "JCV10300"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "JCV10300"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -61,8 +69,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV10410"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV10410"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -72,8 +88,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV10410"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV10410"
}
],
"defaultStatus": "unaffected"
}
}
]
}

268
2024/47xxx/CVE-2024-47973.json
View File

@ -39,28 +39,36 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV1AP18"
},
{
"version_affected": "=",
"version_value": "0.0.25-9CV10220"
},
{
"version_affected": "=",
"version_value": "9CV10410"
},
{
"version_affected": "=",
"version_value": "4IAAHPK5"
},
{
"version_affected": "=",
"version_value": "9CV1MA70"
},
{
"version_affected": "=",
"version_value": "9CV1R410"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV1AP18"
},
{
"status": "unaffected",
"version": "0.0.25-9CV10220"
},
{
"status": "unaffected",
"version": "9CV10410"
},
{
"status": "unaffected",
"version": "4IAAHPK5"
},
{
"status": "unaffected",
"version": "9CV1MA70"
},
{
"status": "unaffected",
"version": "9CV1R410"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -70,20 +78,28 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV1AP18"
},
{
"version_affected": "=",
"version_value": "0.0.25-9CV10220"
},
{
"version_affected": "=",
"version_value": "9CV10410"
},
{
"version_affected": "=",
"version_value": "4IAAHPK5"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV1AP18"
},
{
"status": "unaffected",
"version": "0.0.25-9CV10220"
},
{
"status": "unaffected",
"version": "9CV10410"
},
{
"status": "unaffected",
"version": "4IAAHPK5"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -93,12 +109,20 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "XCV10151"
},
{
"version_affected": "=",
"version_value": "XC311151"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "XCV10151"
},
{
"status": "unaffected",
"version": "XC311151"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -108,12 +132,20 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "XC311151"
},
{
"version_affected": "=",
"version_value": "XCV10151"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "XC311151"
},
{
"status": "unaffected",
"version": "XCV10151"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -123,28 +155,36 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7CV1MD73"
},
{
"version_affected": "=",
"version_value": "7CV1CS02"
},
{
"version_affected": "=",
"version_value": "7CV1DL73"
},
{
"version_affected": "=",
"version_value": "7CV10111"
},
{
"version_affected": "=",
"version_value": "4IYYHPG2"
},
{
"version_affected": "=",
"version_value": "7CV1LR14"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "7CV1MD73"
},
{
"status": "unaffected",
"version": "7CV1CS02"
},
{
"status": "unaffected",
"version": "7CV1DL73"
},
{
"status": "unaffected",
"version": "7CV10111"
},
{
"status": "unaffected",
"version": "4IYYHPG2"
},
{
"status": "unaffected",
"version": "7CV1LR14"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -154,28 +194,36 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7CV1MD73"
},
{
"version_affected": "=",
"version_value": "7CV1CS02"
},
{
"version_affected": "=",
"version_value": "7CV1DL73"
},
{
"version_affected": "=",
"version_value": "7CV10111"
},
{
"version_affected": "=",
"version_value": "4IYYHPG2"
},
{
"version_affected": "=",
"version_value": "7CV1LR14"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "7CV1MD73"
},
{
"status": "unaffected",
"version": "7CV1CS02"
},
{
"status": "unaffected",
"version": "7CV1DL73"
},
{
"status": "unaffected",
"version": "7CV10111"
},
{
"status": "unaffected",
"version": "4IYYHPG2"
},
{
"status": "unaffected",
"version": "7CV1LR14"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -185,20 +233,28 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.0-ACV10062"
},
{
"version_affected": "=",
"version_value": "ACV10340"
},
{
"version_affected": "=",
"version_value": "ACV1MA10"
},
{
"version_affected": "=",
"version_value": "ACV1R330"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "1.1.0-ACV10062"
},
{
"status": "unaffected",
"version": "ACV10340"
},
{
"status": "unaffected",
"version": "ACV1MA10"
},
{
"status": "unaffected",
"version": "ACV1R330"
}
],
"defaultStatus": "unaffected"
}
}
]
}

204
2024/47xxx/CVE-2024-47974.json
View File

@ -39,20 +39,28 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "JCV1NX93"
},
{
"version_affected": "=",
"version_value": "JCV1NP93"
},
{
"version_affected": "=",
"version_value": "JCV1NQ93"
},
{
"version_affected": "=",
"version_value": "JCV10400"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "JCV1NX93"
},
{
"status": "unaffected",
"version": "JCV1NP93"
},
{
"status": "unaffected",
"version": "JCV1NQ93"
},
{
"status": "unaffected",
"version": "JCV10400"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -62,24 +70,32 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV1AP18"
},
{
"version_affected": "=",
"version_value": "1.0.0-9CV10314"
},
{
"version_affected": "=",
"version_value": "9CV10410"
},
{
"version_affected": "=",
"version_value": "4IAAHPK5"
},
{
"version_affected": "=",
"version_value": "9CV1MA70"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV1AP18"
},
{
"status": "unaffected",
"version": "1.0.0-9CV10314"
},
{
"status": "unaffected",
"version": "9CV10410"
},
{
"status": "unaffected",
"version": "4IAAHPK5"
},
{
"status": "unaffected",
"version": "9CV1MA70"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -89,24 +105,32 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV1AP18"
},
{
"version_affected": "=",
"version_value": "1.0.0-9CV10314"
},
{
"version_affected": "=",
"version_value": "9CV10410"
},
{
"version_affected": "=",
"version_value": "4IAAHPK5"
},
{
"version_affected": "=",
"version_value": "9CV1MA70"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV1AP18"
},
{
"status": "unaffected",
"version": "1.0.0-9CV10314"
},
{
"status": "unaffected",
"version": "9CV10410"
},
{
"status": "unaffected",
"version": "4IAAHPK5"
},
{
"status": "unaffected",
"version": "9CV1MA70"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -116,24 +140,32 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CV10C034"
},
{
"version_affected": "=",
"version_value": "1.3.0-2CV10300"
},
{
"version_affected": "=",
"version_value": "2CV1L031"
},
{
"version_affected": "=",
"version_value": "2CV1RC53"
},
{
"version_affected": "=",
"version_value": "2CV10300"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "2CV10C034"
},
{
"status": "unaffected",
"version": "1.3.0-2CV10300"
},
{
"status": "unaffected",
"version": "2CV1L031"
},
{
"status": "unaffected",
"version": "2CV1RC53"
},
{
"status": "unaffected",
"version": "2CV10300"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -143,20 +175,28 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CV10C034"
},
{
"version_affected": "=",
"version_value": "1.3.0-2CV10300"
},
{
"version_affected": "=",
"version_value": "2CV1L031"
},
{
"version_affected": "=",
"version_value": "2CV10300"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "2CV10C034"
},
{
"status": "unaffected",
"version": "1.3.0-2CV10300"
},
{
"status": "unaffected",
"version": "2CV1L031"
},
{
"status": "unaffected",
"version": "2CV10300"
}
],
"defaultStatus": "unaffected"
}
}
]
}

296
2024/47xxx/CVE-2024-47975.json
View File

@ -39,8 +39,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.0-2CV10300"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "1.3.0-2CV10300"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -50,12 +58,20 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CV10C034"
},
{
"version_affected": "=",
"version_value": "1.3.0-2CV10300"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "2CV10C034"
},
{
"status": "unaffected",
"version": "1.3.0-2CV10300"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -65,16 +81,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.4-ACV10060"
},
{
"version_affected": "=",
"version_value": "ACV1MA10"
},
{
"version_affected": "=",
"version_value": "ACV1R330"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "1.0.4-ACV10060"
},
{
"status": "unaffected",
"version": "ACV1MA10"
},
{
"status": "unaffected",
"version": "ACV1R330"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -84,20 +108,28 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.0.25-9CV10220"
},
{
"version_affected": "=",
"version_value": "9CV10410"
},
{
"version_affected": "=",
"version_value": "9CV1MA70"
},
{
"version_affected": "=",
"version_value": "9CV1R410"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "0.0.25-9CV10220"
},
{
"status": "unaffected",
"version": "9CV10410"
},
{
"status": "unaffected",
"version": "9CV1MA70"
},
{
"status": "unaffected",
"version": "9CV1R410"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -107,12 +139,20 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.0.25-9CV10220"
},
{
"version_affected": "=",
"version_value": "9CV10410"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "0.0.25-9CV10220"
},
{
"status": "unaffected",
"version": "9CV10410"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -122,8 +162,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV1R410"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV1R410"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -133,16 +181,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VDV10194"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VCV10394"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VCV10394"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -152,28 +208,44 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VDV10194"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VCV10394"
}
],
"defaultStatus": "unaffected"
}
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VCV10394"
},
{
"version_affected": "=",
"version_value": "VDV10194"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VCV10394"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VCV10394"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -183,16 +255,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VDV10194"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VCV10394"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VCV10394"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -202,16 +282,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VDV10194"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VCV10394"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VCV10394"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -221,16 +309,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VDV10194"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VCV10394"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VCV10394"
}
],
"defaultStatus": "unaffected"
}
}
]
}

272
2024/47xxx/CVE-2024-47976.json
View File

@ -39,16 +39,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VDV10194"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VCV10394"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VCV10394"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -58,16 +66,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VCV10394"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VDV10194"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VCV10394"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VDV10194"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -77,8 +93,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CV10C034"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "2CV10C034"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -88,8 +112,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2CV10C034"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "2CV10C034"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -99,16 +131,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "ACV1R330"
},
{
"version_affected": "=",
"version_value": "ACV1MA10"
},
{
"version_affected": "=",
"version_value": "ACV10340"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "ACV1R330"
},
{
"status": "unaffected",
"version": "ACV1MA10"
},
{
"status": "unaffected",
"version": "ACV10340"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -118,20 +158,28 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV1R410"
},
{
"version_affected": "=",
"version_value": "9CV1MA70"
},
{
"version_affected": "=",
"version_value": "9CV10410"
},
{
"version_affected": "=",
"version_value": "0.0.25-9CV10220"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV1R410"
},
{
"status": "unaffected",
"version": "9CV1MA70"
},
{
"status": "unaffected",
"version": "9CV10410"
},
{
"status": "unaffected",
"version": "0.0.25-9CV10220"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -141,12 +189,20 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV10410"
},
{
"version_affected": "=",
"version_value": "0.0.25-9CV10220"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV10410"
},
{
"status": "unaffected",
"version": "0.0.25-9CV10220"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -156,16 +212,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VDV10194"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VCV10394"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VCV10394"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -175,16 +239,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VDV10194"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VCV10394"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VDV10194"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VCV10394"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -194,16 +266,24 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VCV10394"
},
{
"version_affected": "=",
"version_value": "VEV10294"
},
{
"version_affected": "=",
"version_value": "VDV10194"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "VCV10394"
},
{
"status": "unaffected",
"version": "VEV10294"
},
{
"status": "unaffected",
"version": "VDV10194"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -213,8 +293,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "JCV10404"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "JCV10404"
}
],
"defaultStatus": "unaffected"
}
}
]
}
@ -224,8 +312,16 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9CV1R410"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "9CV1R410"
}
],
"defaultStatus": "unaffected"
}
}
]
}

18
2024/48xxx/CVE-2024-48877.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48877",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

63
2024/53xxx/CVE-2024-53272.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53272",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `login` and `social media` function in `RegisterLoginReset.vue` contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim\u2019s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HabitRPG",
"product": {
"product_data": [
{
"product_name": "habatica",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 5.28.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-109_GHSL-2024-111_habitica/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-109_GHSL-2024-111_habitica/"
},
{
"url": "https://github.com/HabitRPG/habitica/commit/946ade5da1f52a804ef2ba76d49416c43e8166bf",
"refsource": "MISC",
"name": "https://github.com/HabitRPG/habitica/commit/946ade5da1f52a804ef2ba76d49416c43e8166bf"
}
]
},
"source": {
"advisory": "GHSA-gx92-46gx-mgrv",
"discovery": "UNKNOWN"
}
}

63
2024/53xxx/CVE-2024-53273.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53273",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `RegisterLoginReset.vue` contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim\u2019s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HabitRPG",
"product": {
"product_data": [
{
"product_name": "habatica",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 5.28.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-109_GHSL-2024-111_habitica/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-109_GHSL-2024-111_habitica/"
},
{
"url": "https://github.com/HabitRPG/habitica/commit/946ade5da1f52a804ef2ba76d49416c43e8166bf",
"refsource": "MISC",
"name": "https://github.com/HabitRPG/habitica/commit/946ade5da1f52a804ef2ba76d49416c43e8166bf"
}
]
},
"source": {
"advisory": "GHSA-6ff6-w7xc-c2p8",
"discovery": "UNKNOWN"
}
}

63
2024/53xxx/CVE-2024-53274.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53274",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability. Arbitrary javascript can be executed by the attacker in the context of the victim\u2019s session. Version 5.28.5 contains a patch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HabitRPG",
"product": {
"product_data": [
{
"product_name": "habatica",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 5.28.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-109_GHSL-2024-111_habitica/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-109_GHSL-2024-111_habitica/"
},
{
"url": "https://github.com/HabitRPG/habitica/commit/946ade5da1f52a804ef2ba76d49416c43e8166bf",
"refsource": "MISC",
"name": "https://github.com/HabitRPG/habitica/commit/946ade5da1f52a804ef2ba76d49416c43e8166bf"
}
]
},
"source": {
"advisory": "GHSA-fg8h-qqm8-5wpr",
"discovery": "UNKNOWN"
}
}

119
2024/53xxx/CVE-2024-53845.json
View File

@ -1,18 +1,129 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53845",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant throughout the product's lifetime. In AES/CBC mode, if the IV is not properly initialized, the encrypted output becomes deterministic, leading to potential data leakage. To address the aforementioned issues, the application generates a random IV when activating the AES key starting in versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. This IV is then transmitted along with the provision data to the provision device. The provision device has also been equipped with a parser for the AES IV. The upgrade is applicable for all applications and users of ESPTouch v2 component from ESP-IDF. As it is implemented in the ESP Wi-Fi stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"cweId": "CWE-327"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-909: Missing Initialization of Resource",
"cweId": "CWE-909"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "espressif",
"product": {
"product_data": [
{
"product_name": "esp-idf",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 5.3.0, < 5.3.2"
},
{
"version_affected": "=",
"version_value": ">= 5.2.0, < 5.2.4"
},
{
"version_affected": "=",
"version_value": ">= 5.1.0, < 5.1.6"
},
{
"version_affected": "=",
"version_value": "< 5.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/espressif/esp-idf/security/advisories/GHSA-wm57-466g-mhrr",
"refsource": "MISC",
"name": "https://github.com/espressif/esp-idf/security/advisories/GHSA-wm57-466g-mhrr"
},
{
"url": "https://github.com/espressif/esp-idf/commit/4f85a2726e04b737c8646d865b44ddd837b703db",
"refsource": "MISC",
"name": "https://github.com/espressif/esp-idf/commit/4f85a2726e04b737c8646d865b44ddd837b703db"
},
{
"url": "https://github.com/espressif/esp-idf/commit/8fb28dcedcc49916a5206456a3a61022d4302cd8",
"refsource": "MISC",
"name": "https://github.com/espressif/esp-idf/commit/8fb28dcedcc49916a5206456a3a61022d4302cd8"
},
{
"url": "https://github.com/espressif/esp-idf/commit/d47ed7d6f814e21c5bc8997ab0bc68e2360e5cb2",
"refsource": "MISC",
"name": "https://github.com/espressif/esp-idf/commit/d47ed7d6f814e21c5bc8997ab0bc68e2360e5cb2"
},
{
"url": "https://github.com/espressif/esp-idf/commit/de69895f38d563e22228f5ba23fffa02feabc3a9",
"refsource": "MISC",
"name": "https://github.com/espressif/esp-idf/commit/de69895f38d563e22228f5ba23fffa02feabc3a9"
},
{
"url": "https://github.com/espressif/esp-idf/commit/fd224e83bbf133833638b277c767be7f7cdd97c7",
"refsource": "MISC",
"name": "https://github.com/espressif/esp-idf/commit/fd224e83bbf133833638b277c767be7f7cdd97c7"
},
{
"url": "https://github.com/EspressifApp/EsptouchForAndroid/tree/master/esptouch-v2",
"refsource": "MISC",
"name": "https://github.com/EspressifApp/EsptouchForAndroid/tree/master/esptouch-v2"
},
{
"url": "https://github.com/EspressifApp/EsptouchForIOS/tree/master/EspTouchDemo/ESPTouchV2",
"refsource": "MISC",
"name": "https://github.com/EspressifApp/EsptouchForIOS/tree/master/EspTouchDemo/ESPTouchV2"
},
{
"url": "https://github.com/espressif/esp-idf/tree/master/components/esp_wifi",
"refsource": "MISC",
"name": "https://github.com/espressif/esp-idf/tree/master/components/esp_wifi"
}
]
},
"source": {
"advisory": "GHSA-wm57-466g-mhrr",
"discovery": "UNKNOWN"
}
}

2
2024/55xxx/CVE-2024-55586.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method."
"value": "** DISPUTED ** Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior."
}
]
},

66
2024/55xxx/CVE-2024-55587.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55587",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-55587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/smartfile/python-libarchive/blob/c7677411bfc4ab5701d343bc6ebd9e35c990e80e/libarchive/zip.py#L107",
"refsource": "MISC",
"name": "https://github.com/smartfile/python-libarchive/blob/c7677411bfc4ab5701d343bc6ebd9e35c990e80e/libarchive/zip.py#L107"
},
{
"refsource": "MISC",
"name": "https://github.com/smartfile/python-libarchive/issues/42",
"url": "https://github.com/smartfile/python-libarchive/issues/42"
},
{
"refsource": "MISC",
"name": "https://github.com/smartfile/python-libarchive/pull/41",
"url": "https://github.com/smartfile/python-libarchive/pull/41"
}
]
}

86
2024/55xxx/CVE-2024-55884.json Normal file
View File

@ -0,0 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-55884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://x41-dsec.de/news/2024/12/11/mullvad/",
"refsource": "MISC",
"name": "https://x41-dsec.de/news/2024/12/11/mullvad/"
},
{
"url": "https://news.ycombinator.com/item?id=42390768",
"refsource": "MISC",
"name": "https://news.ycombinator.com/item?id=42390768"
},
{
"url": "https://github.com/mullvad/mullvadvpn-app/commit/ef6c862071b26023802b00d6e1dc6ca53d1ab3e6",
"refsource": "MISC",
"name": "https://github.com/mullvad/mullvadvpn-app/commit/ef6c862071b26023802b00d6e1dc6ca53d1ab3e6"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.1"
}
}
}