admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-28 22:00:35 +00:00
parent 7d27fbbded
commit db9dbb8b56
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 397 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
2024/29xxx/CVE-2024-29040.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29040",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This \nissue has been patched in version 4.1.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tpm2-software",
"product": {
"product_data": [
{
"product_name": "tpm2-tss",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-837m-jw3m-h9p6",
"refsource": "MISC",
"name": "https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-837m-jw3m-h9p6"
},
{
"url": "https://github.com/tpm2-software/tpm2-tss/releases/tag/4.1.0",
"refsource": "MISC",
"name": "https://github.com/tpm2-software/tpm2-tss/releases/tag/4.1.0"
}
]
},
"source": {
"advisory": "GHSA-837m-jw3m-h9p6",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

90
2024/38xxx/CVE-2024-38525.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38525",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the `nlohmann` JSON library. However, due to the way the JSON library is invoked, it throws an uncaught exception, which results in a crash. This vulnerability has been patched in version 0.2.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception",
"cweId": "CWE-248"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "DataDog",
"product": {
"product_data": [
{
"product_name": "dd-trace-cpp",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.1.12, < 0.2.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/DataDog/dd-trace-cpp/security/advisories/GHSA-rf3p-mg22-qv6w",
"refsource": "MISC",
"name": "https://github.com/DataDog/dd-trace-cpp/security/advisories/GHSA-rf3p-mg22-qv6w"
},
{
"url": "https://github.com/DataDog/dd-trace-cpp/releases/tag/v0.2.2",
"refsource": "MISC",
"name": "https://github.com/DataDog/dd-trace-cpp/releases/tag/v0.2.2"
}
]
},
"source": {
"advisory": "GHSA-rf3p-mg22-qv6w",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

81
2024/38xxx/CVE-2024-38532.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38532",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs\u00b9 that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcp_tool reference implementation included in the repository selected the test key, regardless of its `-t` argument. This issue has been patched in commit 26a7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321: Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "usbarmory",
"product": {
"product_data": [
{
"product_name": "mxs-dcp",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= commit 6151, < commit 26a7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/usbarmory/mxs-dcp/security/advisories/GHSA-g85c-rh49-p8cq",
"refsource": "MISC",
"name": "https://github.com/usbarmory/mxs-dcp/security/advisories/GHSA-g85c-rh49-p8cq"
},
{
"url": "https://github.com/usbarmory/mxs-dcp/commit/e5a99cb3d9429e6145495da7d01525c75af426a7",
"refsource": "MISC",
"name": "https://github.com/usbarmory/mxs-dcp/commit/e5a99cb3d9429e6145495da7d01525c75af426a7"
}
]
},
"source": {
"advisory": "GHSA-g85c-rh49-p8cq",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
]
}

76
2024/38xxx/CVE-2024-38533.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38533",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "matter-labs",
"product": {
"product_data": [
{
"product_name": "era-compiler-vyper",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/matter-labs/era-compiler-vyper/security/advisories/GHSA-q7pg-6jh9-87gv",
"refsource": "MISC",
"name": "https://github.com/matter-labs/era-compiler-vyper/security/advisories/GHSA-q7pg-6jh9-87gv"
}
]
},
"source": {
"advisory": "GHSA-q7pg-6jh9-87gv",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

67
2024/39xxx/CVE-2024-39828.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-39828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ggod2/sandboxels_xss_test",
"refsource": "MISC",
"name": "https://github.com/ggod2/sandboxels_xss_test"
},
{
"url": "https://sandboxels.r74n.com/changelog",
"refsource": "MISC",
"name": "https://sandboxels.r74n.com/changelog"
}
]
}
}

18
2024/6xxx/CVE-2024-6413.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6413",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}