admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-02 22:00:31 +00:00
parent 930ccdc7ec
commit d048201b75
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
27 changed files with 1177 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
2018/9xxx/CVE-2018-9413.json
View File

@ -1,18 +1,85 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9413",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-9413",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In handle_notification_response of btif_rc.cc, there is a possible out of\u00a0bounds write due to a missing bounds check. This could lead to remote code\u00a0execution with no additional execution privileges needed. User interaction\u00a0is needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01",
"refsource": "MISC",
"name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

91
2018/9xxx/CVE-2018-9414.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9414",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-9414",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is\u00a0a possible out of bounds stack write due to a missing bounds check. This\u00a0could lead to local escalation of privilege with User execution privileges\u00a0needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6"
},
{
"version_affected": "=",
"version_value": "6.0.1"
},
{
"version_affected": "=",
"version_value": "7"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01",
"refsource": "MISC",
"name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

83
2018/9xxx/CVE-2018-9418.json
View File

@ -1,18 +1,85 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9418",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-9418",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack\u00a0buffer overflow due to a missing bounds check. This could lead to remote\u00a0code execution with no additional execution privileges needed. User\u00a0interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01",
"refsource": "MISC",
"name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

83
2018/9xxx/CVE-2018-9423.json
View File

@ -1,18 +1,85 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9423",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-9423",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01",
"refsource": "MISC",
"name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

83
2018/9xxx/CVE-2018-9426.json
View File

@ -1,18 +1,85 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9426",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-9426",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In \u00a0RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java,\u00a0an incorrect implementation could cause weak RSA key pairs being generated.\u00a0This could lead to crypto vulnerability with no additional execution\u00a0privileges needed. User interaction is not needed for exploitation.\u00a0Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01",
"refsource": "MISC",
"name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

67
2018/9xxx/CVE-2018-9429.json
View File

@ -1,18 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9429",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-9429",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01",
"refsource": "MISC",
"name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

91
2018/9xxx/CVE-2018-9430.json
View File

@ -1,18 +1,93 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9430",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-9430",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In prop2cfg of btif_storage.cc, there is a possible out of bounds write due\u00a0to an incorrect bounds check. This could lead to remote code execution with\u00a0no additional execution privileges needed. User interaction is not needed\u00a0for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6"
},
{
"version_affected": "=",
"version_value": "6.0.1"
},
{
"version_affected": "=",
"version_value": "7"
},
{
"version_affected": "=",
"version_value": "7.1.1"
},
{
"version_affected": "=",
"version_value": "7.1.2"
},
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01",
"refsource": "MISC",
"name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

71
2018/9xxx/CVE-2018-9431.json
View File

@ -1,18 +1,73 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9431",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-9431",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due\u00a0to improper input validation. This could lead to local escalation of\u00a0privilege with no additional execution privileges needed. User interaction\u00a0is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01",
"refsource": "MISC",
"name": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

18
2024/12xxx/CVE-2024-12063.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12063",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12064.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12064",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12065.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12065",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12066.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12066",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12067.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12067",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12068.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12068",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12069.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12069",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12070.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12070",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12071.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12071",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12072.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12072",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12073.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12073",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12074.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12074",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/12xxx/CVE-2024-12075.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12075",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

61
2024/53xxx/CVE-2024-53477.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53477",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-53477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/jflyfox/jfinal_cms/releases/tag/v5.1.0",
"refsource": "MISC",
"name": "https://github.com/jflyfox/jfinal_cms/releases/tag/v5.1.0"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/kaoniniang2/c2deceea281fcd0aec5a8165183be3c1",
"url": "https://gist.github.com/kaoniniang2/c2deceea281fcd0aec5a8165183be3c1"
}
]
}

68
2024/53xxx/CVE-2024-53985.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53985",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags with both \"math\" and \"style\" elements or both both \"svg\" and \"style\" elements. This vulnerability is fixed in 1.6.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rails",
"product": {
"product_data": [
{
"product_name": "rails-html-sanitizer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.6.0, < 1.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x",
"refsource": "MISC",
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x"
},
{
"url": "https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1",
"refsource": "MISC",
"name": "https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1"
},
{
"url": "https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505",
"refsource": "MISC",
"name": "https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505"
}
]
},
"source": {
"advisory": "GHSA-w8gc-x259-rc7x",
"discovery": "UNKNOWN"
}
}

63
2024/53xxx/CVE-2024-53986.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53986",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the \"math\" and \"style\" elements are both explicitly allowed. This vulnerability is fixed in 1.6.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rails",
"product": {
"product_data": [
{
"product_name": "rails-html-sanitizer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.6.0, < 1.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-638j-pmjw-jq48",
"refsource": "MISC",
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-638j-pmjw-jq48"
},
{
"url": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e",
"refsource": "MISC",
"name": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e"
}
]
},
"source": {
"advisory": "GHSA-638j-pmjw-jq48",
"discovery": "UNKNOWN"
}
}

63
2024/53xxx/CVE-2024-53987.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53987",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the \"style\" element is explicitly allowed and the \"svg\" or \"math\" element is not allowed. This vulnerability is fixed in 1.6.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rails",
"product": {
"product_data": [
{
"product_name": "rails-html-sanitizer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.6.0, < 1.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-2x5m-9ch4-qgrr",
"refsource": "MISC",
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-2x5m-9ch4-qgrr"
},
{
"url": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e",
"refsource": "MISC",
"name": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e"
}
]
},
"source": {
"advisory": "GHSA-2x5m-9ch4-qgrr",
"discovery": "UNKNOWN"
}
}

63
2024/53xxx/CVE-2024-53988.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53988",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the \"math\", \"mtext\", \"table\", and \"style\" elements are allowed and either either \"mglyph\" or \"malignmark\" are allowed. This vulnerability is fixed in 1.6.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rails",
"product": {
"product_data": [
{
"product_name": "rails-html-sanitizer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.6.0, < 1.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5",
"refsource": "MISC",
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5"
},
{
"url": "https://github.com/rails/rails-html-sanitizer/commit/a0a3e8b76b696446ffc6bffcff3bc7b7c6393c72",
"refsource": "MISC",
"name": "https://github.com/rails/rails-html-sanitizer/commit/a0a3e8b76b696446ffc6bffcff3bc7b7c6393c72"
}
]
},
"source": {
"advisory": "GHSA-cfjx-w229-hgx5",
"discovery": "UNKNOWN"
}
}

63
2024/53xxx/CVE-2024-53989.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53989",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags for the the \"noscript\" element. This vulnerability is fixed in 1.6.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rails",
"product": {
"product_data": [
{
"product_name": "rails-html-sanitizer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.6.0, < 1.6.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rxv5-gxqc-xx8g",
"refsource": "MISC",
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rxv5-gxqc-xx8g"
},
{
"url": "https://github.com/rails/rails-html-sanitizer/commit/16251735e36ebdc302e2f90f2a39cad56879414f",
"refsource": "MISC",
"name": "https://github.com/rails/rails-html-sanitizer/commit/16251735e36ebdc302e2f90f2a39cad56879414f"
}
]
},
"source": {
"advisory": "GHSA-rxv5-gxqc-xx8g",
"discovery": "UNKNOWN"
}
}