admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-02 15:00:32 +00:00
parent 3b12752ede
commit a4e56845a2
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
4 changed files with 259 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
2024/44xxx/CVE-2024-44097.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44097",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "dsap-vuln-management@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "According to the researcher: \"The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "unknown"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.google.com/product-documentation/answer/14950962?sjid=9489879942601373169-NA",
"refsource": "MISC",
"name": "https://support.google.com/product-documentation/answer/14950962?sjid=9489879942601373169-NA"
}
]
}

54
2024/44xxx/CVE-2024-44193.json
View File

@ -1,17 +1,63 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44193",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A local attacker may be able to elevate their privileges"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "12.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/121328",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/121328"
}
]
}

72
2024/47xxx/CVE-2024-47611.json
View File

@ -1,18 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47611",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters (for example, filenames) that don't exist in the current legacy code page, the characters are converted to similar-looking characters with best-fit mapping. Some best-fit mappings result in ASCII characters that change the meaning of the command line, which can be exploited with malicious filenames to do argument injection or directory traversal attacks. This vulnerability is fixed in 5.6.3. Command line tools built for Cygwin or MSYS2 are unaffected. liblzma is unaffected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')",
"cweId": "CWE-88"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-176: Improper Handling of Unicode Encoding",
"cweId": "CWE-176"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tukaani-project",
"product": {
"product_data": [
{
"product_name": "xz",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 5.6.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/tukaani-project/xz/security/advisories/GHSA-m538-c5qw-3cg4",
"refsource": "MISC",
"name": "https://github.com/tukaani-project/xz/security/advisories/GHSA-m538-c5qw-3cg4"
},
{
"url": "https://github.com/tukaani-project/xz/commit/bf518b9ba446327a062ddfe67e7e0a5baed2394f",
"refsource": "MISC",
"name": "https://github.com/tukaani-project/xz/commit/bf518b9ba446327a062ddfe67e7e0a5baed2394f"
}
]
},
"source": {
"advisory": "GHSA-m538-c5qw-3cg4",
"discovery": "UNKNOWN"
}
}

95
2024/47xxx/CVE-2024-47612.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47612",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-failed)). If these messages are edited (which requires the (editinterface) right by default), anyone who can view Special:DataDump (which requires the (view-dump) right by default) can be XSSed. This vulnerability is fixed with 601688ee8e8808a23b102fa305b178f27cbd226d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "miraheze",
"product": {
"product_data": [
{
"product_name": "DataDump",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 601688ee8e8808a23b102fa305b178f27cbd226d"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/miraheze/DataDump/security/advisories/GHSA-h8x8-24c7-r2rj",
"refsource": "MISC",
"name": "https://github.com/miraheze/DataDump/security/advisories/GHSA-h8x8-24c7-r2rj"
},
{
"url": "https://github.com/miraheze/DataDump/commit/601688ee8e8808a23b102fa305b178f27cbd226d.patch",
"refsource": "MISC",
"name": "https://github.com/miraheze/DataDump/commit/601688ee8e8808a23b102fa305b178f27cbd226d.patch"
},
{
"url": "https://issue-tracker.miraheze.org/T12670",
"refsource": "MISC",
"name": "https://issue-tracker.miraheze.org/T12670"
}
]
},
"source": {
"advisory": "GHSA-h8x8-24c7-r2rj",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}