diff --git a/2022/23xxx/CVE-2022-23084.json b/2022/23xxx/CVE-2022-23084.json index b256103ea6f..0e2b68493e6 100644 --- a/2022/23xxx/CVE-2022-23084.json +++ b/2022/23xxx/CVE-2022-23084.json @@ -1,18 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23084", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption.\n\nOn systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeBSD", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.1-RC1", + "version_value": "p1" + }, + { + "version_affected": "<", + "version_name": "13.0-RELEASE", + "version_value": "p11" + }, + { + "version_affected": "<", + "version_name": "12.3-RELEASE", + "version_value": "p5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc", + "refsource": "MISC", + "name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Reno Robert" + }, + { + "lang": "en", + "value": "Lucas Leong (@_wmliang_)" + }, + { + "lang": "en", + "value": "Trend Micro Zero Day Initiative" + } + ] } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23085.json b/2022/23xxx/CVE-2022-23085.json index 22618dc2e64..612cde94898 100644 --- a/2022/23xxx/CVE-2022-23085.json +++ b/2022/23xxx/CVE-2022-23085.json @@ -1,18 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23085", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption.\n\nOn systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeBSD", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.1-RC1", + "version_value": "p1" + }, + { + "version_affected": "<", + "version_name": "13.0-RELEASE", + "version_value": "p11" + }, + { + "version_affected": "<", + "version_name": "12.3-RELEASE", + "version_value": "p5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc", + "refsource": "MISC", + "name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Reno Robert" + }, + { + "lang": "en", + "value": "Lucas Leong (@_wmliang_)" + }, + { + "lang": "en", + "value": "Trend Micro Zero Day Initiative" + } + ] } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23086.json b/2022/23xxx/CVE-2022-23086.json index 10a73422631..c98fe49ba2c 100644 --- a/2022/23xxx/CVE-2022-23086.json +++ b/2022/23xxx/CVE-2022-23086.json @@ -1,18 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-23086", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small.\n\nUsers with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeBSD", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.1-RC1", + "version_value": "p1" + }, + { + "version_affected": "<", + "version_name": "13.0-RELEASE", + "version_value": "p11" + }, + { + "version_affected": "<", + "version_name": "12.3-RELEASE", + "version_value": "p5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:06.ioctl.asc", + "refsource": "MISC", + "name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:06.ioctl.asc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Lucas Leong (@_wmliang_)" + }, + { + "lang": "en", + "value": "Trend Micro Zero Day Initiative" + } + ] } \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25559.json b/2024/25xxx/CVE-2024-25559.json index 97ab03a1393..536355568a4 100644 --- a/2024/25xxx/CVE-2024-25559.json +++ b/2024/25xxx/CVE-2024-25559.json @@ -1,17 +1,67 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "User Interface (UI) Misrepresentation of Critical Information" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "appleple inc.", + "product": { + "product_data": [ + { + "product_name": "a-blog cms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Ver.3.1.0 to Ver.3.1.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.a-blogcms.jp/blog/news/JVN-48966481.html", + "refsource": "MISC", + "name": "https://developer.a-blogcms.jp/blog/news/JVN-48966481.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN48966481/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN48966481/" } ] } diff --git a/2024/25xxx/CVE-2024-25940.json b/2024/25xxx/CVE-2024-25940.json index 80d6dbdce6d..76582a6a767 100644 --- a/2024/25xxx/CVE-2024-25940.json +++ b/2024/25xxx/CVE-2024-25940.json @@ -1,18 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25940", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "`bhyveload -h ` may be used to grant loader access to the directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to , allowing the loader to read any file the host user has access to.\u00a0In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeBSD", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0-RELEASE", + "version_value": "p5" + }, + { + "version_affected": "<", + "version_name": "13.2-RELEASE", + "version_value": "p10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:01.bhyveload.asc", + "refsource": "MISC", + "name": "https://security.freebsd.org/advisories/FreeBSD-SA-24:01.bhyveload.asc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "The water cooler. (Note, this is the requested credit)" + } + ] } \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25941.json b/2024/25xxx/CVE-2024-25941.json index 96d5e47ea98..0c87b37bd66 100644 --- a/2024/25xxx/CVE-2024-25941.json +++ b/2024/25xxx/CVE-2024-25941.json @@ -1,18 +1,81 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-25941", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail.\n\nAttacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by \"pstat -t\" may be leaked." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FreeBSD", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0-RELEASE", + "version_value": "p5" + }, + { + "version_affected": "<", + "version_name": "13.2-RELEASE", + "version_value": "p10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc", + "refsource": "MISC", + "name": "https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Pawel Jakub Dawidek" + } + ] } \ No newline at end of file