admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-05 04:00:32 +00:00
parent c2a99a9b32
commit 9e41b0a157
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
3 changed files with 247 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
2024/41xxx/CVE-2024-41928.json
View File

@ -1,18 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41928",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"cweId": "CWE-1285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1-RELEASE",
"version_value": "p4"
},
{
"version_affected": "<",
"version_name": "14.0-RELEASE",
"version_value": "p10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:10.bhyve.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-24:10.bhyve.asc"
}
]
},
"credits": [
{
"lang": "en",
"value": "Synacktiv"
},
{
"lang": "en",
"value": "The FreeBSD Foundation"
},
{
"lang": "en",
"value": "The Alpha-Omega Project"
}
]
}

86
2024/45xxx/CVE-2024-45287.json
View File

@ -1,18 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45287",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-131 Incorrect Calculation of Buffer Size",
"cweId": "CWE-131"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1-RELEASE",
"version_value": "p4"
},
{
"version_affected": "<",
"version_name": "14.0-RELEASE",
"version_value": "p10"
},
{
"version_affected": "<",
"version_name": "13.3-RELEASE",
"version_value": "p6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:09.libnv.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-24:09.libnv.asc"
}
]
},
"credits": [
{
"lang": "en",
"value": "Synacktiv"
},
{
"lang": "en",
"value": "Taylor R Campbell (NetBSD)"
}
]
}

82
2024/45xxx/CVE-2024-45288.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45288",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-170: Improper Null Termination",
"cweId": "CWE-170"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1-RELEASE",
"version_value": "p4"
},
{
"version_affected": "<",
"version_name": "14.0-RELEASE",
"version_value": "p10"
},
{
"version_affected": "<",
"version_name": "13.3-RELEASE",
"version_value": "p6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:09.libnv.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-24:09.libnv.asc"
}
]
},
"credits": [
{
"lang": "en",
"value": "Synacktiv"
}
]
}