From d048201b7570fc015eb56cd9b65e30d36e53f3aa Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 2 Dec 2024 22:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/9xxx/CVE-2018-9413.json | 83 ++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9414.json | 91 +++++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9418.json | 83 ++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9423.json | 83 ++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9426.json | 83 ++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9429.json | 67 ++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9430.json | 91 +++++++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9431.json | 71 +++++++++++++++++++++++--- 2024/12xxx/CVE-2024-12063.json | 18 +++++++ 2024/12xxx/CVE-2024-12064.json | 18 +++++++ 2024/12xxx/CVE-2024-12065.json | 18 +++++++ 2024/12xxx/CVE-2024-12066.json | 18 +++++++ 2024/12xxx/CVE-2024-12067.json | 18 +++++++ 2024/12xxx/CVE-2024-12068.json | 18 +++++++ 2024/12xxx/CVE-2024-12069.json | 18 +++++++ 2024/12xxx/CVE-2024-12070.json | 18 +++++++ 2024/12xxx/CVE-2024-12071.json | 18 +++++++ 2024/12xxx/CVE-2024-12072.json | 18 +++++++ 2024/12xxx/CVE-2024-12073.json | 18 +++++++ 2024/12xxx/CVE-2024-12074.json | 18 +++++++ 2024/12xxx/CVE-2024-12075.json | 18 +++++++ 2024/53xxx/CVE-2024-53477.json | 61 ++++++++++++++++++++--- 2024/53xxx/CVE-2024-53985.json | 68 +++++++++++++++++++++++-- 2024/53xxx/CVE-2024-53986.json | 63 +++++++++++++++++++++-- 2024/53xxx/CVE-2024-53987.json | 63 +++++++++++++++++++++-- 2024/53xxx/CVE-2024-53988.json | 63 +++++++++++++++++++++-- 2024/53xxx/CVE-2024-53989.json | 63 +++++++++++++++++++++-- 27 files changed, 1177 insertions(+), 90 deletions(-) create mode 100644 2024/12xxx/CVE-2024-12063.json create mode 100644 2024/12xxx/CVE-2024-12064.json create mode 100644 2024/12xxx/CVE-2024-12065.json create mode 100644 2024/12xxx/CVE-2024-12066.json create mode 100644 2024/12xxx/CVE-2024-12067.json create mode 100644 2024/12xxx/CVE-2024-12068.json create mode 100644 2024/12xxx/CVE-2024-12069.json create mode 100644 2024/12xxx/CVE-2024-12070.json create mode 100644 2024/12xxx/CVE-2024-12071.json create mode 100644 2024/12xxx/CVE-2024-12072.json create mode 100644 2024/12xxx/CVE-2024-12073.json create mode 100644 2024/12xxx/CVE-2024-12074.json create mode 100644 2024/12xxx/CVE-2024-12075.json diff --git a/2018/9xxx/CVE-2018-9413.json b/2018/9xxx/CVE-2018-9413.json index 38ef9f66956..82a9d620217 100644 --- a/2018/9xxx/CVE-2018-9413.json +++ b/2018/9xxx/CVE-2018-9413.json @@ -1,18 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9413", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9413", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In handle_notification_response of btif_rc.cc, there is a possible out of\u00a0bounds write due to a missing bounds check. This could lead to remote code\u00a0execution with no additional execution privileges needed. User interaction\u00a0is needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.1.2" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9414.json b/2018/9xxx/CVE-2018-9414.json index 34ad73340b4..d06808c3fa1 100644 --- a/2018/9xxx/CVE-2018-9414.json +++ b/2018/9xxx/CVE-2018-9414.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9414", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9414", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is\u00a0a possible out of bounds stack write due to a missing bounds check. This\u00a0could lead to local escalation of privilege with User execution privileges\u00a0needed. User interaction is not needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6" + }, + { + "version_affected": "=", + "version_value": "6.0.1" + }, + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.1.2" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9418.json b/2018/9xxx/CVE-2018-9418.json index f016e63dd24..e22532c6861 100644 --- a/2018/9xxx/CVE-2018-9418.json +++ b/2018/9xxx/CVE-2018-9418.json @@ -1,18 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9418", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9418", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack\u00a0buffer overflow due to a missing bounds check. This could lead to remote\u00a0code execution with no additional execution privileges needed. User\u00a0interaction is not needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.1.2" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9423.json b/2018/9xxx/CVE-2018-9423.json index fb14a618a97..4061ed27f1c 100644 --- a/2018/9xxx/CVE-2018-9423.json +++ b/2018/9xxx/CVE-2018-9423.json @@ -1,18 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9423", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9423", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.1.2" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9426.json b/2018/9xxx/CVE-2018-9426.json index e10125ff7c0..efaea611e41 100644 --- a/2018/9xxx/CVE-2018-9426.json +++ b/2018/9xxx/CVE-2018-9426.json @@ -1,18 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9426", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9426", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In \u00a0RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java,\u00a0an incorrect implementation could cause weak RSA key pairs being generated.\u00a0This could lead to crypto vulnerability with no additional execution\u00a0privileges needed. User interaction is not needed for exploitation.\u00a0Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.1.2" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9429.json b/2018/9xxx/CVE-2018-9429.json index 92e4978ed1b..bc2e3c74862 100644 --- a/2018/9xxx/CVE-2018-9429.json +++ b/2018/9xxx/CVE-2018-9429.json @@ -1,18 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9429", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9429", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9430.json b/2018/9xxx/CVE-2018-9430.json index 687c8b964b9..323de194b7d 100644 --- a/2018/9xxx/CVE-2018-9430.json +++ b/2018/9xxx/CVE-2018-9430.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9430", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9430", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In prop2cfg of btif_storage.cc, there is a possible out of bounds write due\u00a0to an incorrect bounds check. This could lead to remote code execution with\u00a0no additional execution privileges needed. User interaction is not needed\u00a0for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6" + }, + { + "version_affected": "=", + "version_value": "6.0.1" + }, + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "7.1.1" + }, + { + "version_affected": "=", + "version_value": "7.1.2" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9431.json b/2018/9xxx/CVE-2018-9431.json index 5f4f47e38c4..5057c04576a 100644 --- a/2018/9xxx/CVE-2018-9431.json +++ b/2018/9xxx/CVE-2018-9431.json @@ -1,18 +1,73 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9431", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9431", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due\u00a0to improper input validation. This could lead to local escalation of\u00a0privilege with no additional execution privileges needed. User interaction\u00a0is not needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12063.json b/2024/12xxx/CVE-2024-12063.json new file mode 100644 index 00000000000..acf12af3920 --- /dev/null +++ b/2024/12xxx/CVE-2024-12063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12064.json b/2024/12xxx/CVE-2024-12064.json new file mode 100644 index 00000000000..aac3ad722b3 --- /dev/null +++ b/2024/12xxx/CVE-2024-12064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12065.json b/2024/12xxx/CVE-2024-12065.json new file mode 100644 index 00000000000..63a8f799886 --- /dev/null +++ b/2024/12xxx/CVE-2024-12065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12066.json b/2024/12xxx/CVE-2024-12066.json new file mode 100644 index 00000000000..c6b6cc2c0b1 --- /dev/null +++ b/2024/12xxx/CVE-2024-12066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12067.json b/2024/12xxx/CVE-2024-12067.json new file mode 100644 index 00000000000..868405806a8 --- /dev/null +++ b/2024/12xxx/CVE-2024-12067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12068.json b/2024/12xxx/CVE-2024-12068.json new file mode 100644 index 00000000000..3cb25de7434 --- /dev/null +++ b/2024/12xxx/CVE-2024-12068.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12068", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12069.json b/2024/12xxx/CVE-2024-12069.json new file mode 100644 index 00000000000..14555a01bd0 --- /dev/null +++ b/2024/12xxx/CVE-2024-12069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12070.json b/2024/12xxx/CVE-2024-12070.json new file mode 100644 index 00000000000..31c15065c4a --- /dev/null +++ b/2024/12xxx/CVE-2024-12070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12071.json b/2024/12xxx/CVE-2024-12071.json new file mode 100644 index 00000000000..28dd75f0a0a --- /dev/null +++ b/2024/12xxx/CVE-2024-12071.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12071", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12072.json b/2024/12xxx/CVE-2024-12072.json new file mode 100644 index 00000000000..9100fc6d3e9 --- /dev/null +++ b/2024/12xxx/CVE-2024-12072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12073.json b/2024/12xxx/CVE-2024-12073.json new file mode 100644 index 00000000000..581647afff3 --- /dev/null +++ b/2024/12xxx/CVE-2024-12073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12074.json b/2024/12xxx/CVE-2024-12074.json new file mode 100644 index 00000000000..ff96b280635 --- /dev/null +++ b/2024/12xxx/CVE-2024-12074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/12xxx/CVE-2024-12075.json b/2024/12xxx/CVE-2024-12075.json new file mode 100644 index 00000000000..632304ec556 --- /dev/null +++ b/2024/12xxx/CVE-2024-12075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53477.json b/2024/53xxx/CVE-2024-53477.json index a5f0f1f227e..65876f86e52 100644 --- a/2024/53xxx/CVE-2024-53477.json +++ b/2024/53xxx/CVE-2024-53477.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53477", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53477", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jflyfox/jfinal_cms/releases/tag/v5.1.0", + "refsource": "MISC", + "name": "https://github.com/jflyfox/jfinal_cms/releases/tag/v5.1.0" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/kaoniniang2/c2deceea281fcd0aec5a8165183be3c1", + "url": "https://gist.github.com/kaoniniang2/c2deceea281fcd0aec5a8165183be3c1" } ] } diff --git a/2024/53xxx/CVE-2024-53985.json b/2024/53xxx/CVE-2024-53985.json index 82c2d2fa2e5..4a0197f2b4a 100644 --- a/2024/53xxx/CVE-2024-53985.json +++ b/2024/53xxx/CVE-2024-53985.json @@ -1,18 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags with both \"math\" and \"style\" elements or both both \"svg\" and \"style\" elements. This vulnerability is fixed in 1.6.1." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rails", + "product": { + "product_data": [ + { + "product_name": "rails-html-sanitizer", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.6.0, < 1.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x" + }, + { + "url": "https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1" + }, + { + "url": "https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505" + } + ] + }, + "source": { + "advisory": "GHSA-w8gc-x259-rc7x", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53986.json b/2024/53xxx/CVE-2024-53986.json index 685a9b8b7f6..844108d01ce 100644 --- a/2024/53xxx/CVE-2024-53986.json +++ b/2024/53xxx/CVE-2024-53986.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53986", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the \"math\" and \"style\" elements are both explicitly allowed. This vulnerability is fixed in 1.6.1." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rails", + "product": { + "product_data": [ + { + "product_name": "rails-html-sanitizer", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.6.0, < 1.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-638j-pmjw-jq48", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-638j-pmjw-jq48" + }, + { + "url": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e" + } + ] + }, + "source": { + "advisory": "GHSA-638j-pmjw-jq48", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53987.json b/2024/53xxx/CVE-2024-53987.json index 61a4e369616..178e1758876 100644 --- a/2024/53xxx/CVE-2024-53987.json +++ b/2024/53xxx/CVE-2024-53987.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53987", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the \"style\" element is explicitly allowed and the \"svg\" or \"math\" element is not allowed. This vulnerability is fixed in 1.6.1." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rails", + "product": { + "product_data": [ + { + "product_name": "rails-html-sanitizer", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.6.0, < 1.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-2x5m-9ch4-qgrr", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-2x5m-9ch4-qgrr" + }, + { + "url": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e" + } + ] + }, + "source": { + "advisory": "GHSA-2x5m-9ch4-qgrr", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53988.json b/2024/53xxx/CVE-2024-53988.json index e7bcce619f4..e71db28f9c7 100644 --- a/2024/53xxx/CVE-2024-53988.json +++ b/2024/53xxx/CVE-2024-53988.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53988", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the \"math\", \"mtext\", \"table\", and \"style\" elements are allowed and either either \"mglyph\" or \"malignmark\" are allowed. This vulnerability is fixed in 1.6.1." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rails", + "product": { + "product_data": [ + { + "product_name": "rails-html-sanitizer", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.6.0, < 1.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5" + }, + { + "url": "https://github.com/rails/rails-html-sanitizer/commit/a0a3e8b76b696446ffc6bffcff3bc7b7c6393c72", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/commit/a0a3e8b76b696446ffc6bffcff3bc7b7c6393c72" + } + ] + }, + "source": { + "advisory": "GHSA-cfjx-w229-hgx5", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53989.json b/2024/53xxx/CVE-2024-53989.json index d6baa572bda..a217f0de887 100644 --- a/2024/53xxx/CVE-2024-53989.json +++ b/2024/53xxx/CVE-2024-53989.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53989", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags for the the \"noscript\" element. This vulnerability is fixed in 1.6.1." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rails", + "product": { + "product_data": [ + { + "product_name": "rails-html-sanitizer", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.6.0, < 1.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rxv5-gxqc-xx8g", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rxv5-gxqc-xx8g" + }, + { + "url": "https://github.com/rails/rails-html-sanitizer/commit/16251735e36ebdc302e2f90f2a39cad56879414f", + "refsource": "MISC", + "name": "https://github.com/rails/rails-html-sanitizer/commit/16251735e36ebdc302e2f90f2a39cad56879414f" + } + ] + }, + "source": { + "advisory": "GHSA-rxv5-gxqc-xx8g", + "discovery": "UNKNOWN" } } \ No newline at end of file