From f3a1eb6316dd462e32ef76bdb149a86c3aba94e5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 19 Nov 2024 22:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/9xxx/CVE-2018-9410.json | 71 +++++++++++++++++++--- 2018/9xxx/CVE-2018-9411.json | 75 +++++++++++++++++++++--- 2018/9xxx/CVE-2018-9412.json | 91 ++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9417.json | 67 ++++++++++++++++++--- 2018/9xxx/CVE-2018-9419.json | 83 +++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9420.json | 91 ++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9421.json | 91 ++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9424.json | 71 +++++++++++++++++++--- 2018/9xxx/CVE-2018-9428.json | 67 ++++++++++++++++++--- 2018/9xxx/CVE-2018-9432.json | 91 ++++++++++++++++++++++++++--- 2018/9xxx/CVE-2018-9433.json | 83 +++++++++++++++++++++++--- 2023/27xxx/CVE-2023-27609.json | 85 +++++++++++++++++++++++++-- 2024/11xxx/CVE-2024-11400.json | 76 ++++++++++++++++++++++-- 2024/11xxx/CVE-2024-11467.json | 18 ++++++ 2024/11xxx/CVE-2024-11468.json | 18 ++++++ 2024/11xxx/CVE-2024-11469.json | 18 ++++++ 2024/11xxx/CVE-2024-11470.json | 18 ++++++ 2024/11xxx/CVE-2024-11471.json | 18 ++++++ 2024/52xxx/CVE-2024-52595.json | 104 +++++++++++++++++++++++++++++++-- 19 files changed, 1136 insertions(+), 100 deletions(-) create mode 100644 2024/11xxx/CVE-2024-11467.json create mode 100644 2024/11xxx/CVE-2024-11468.json create mode 100644 2024/11xxx/CVE-2024-11469.json create mode 100644 2024/11xxx/CVE-2024-11470.json create mode 100644 2024/11xxx/CVE-2024-11471.json diff --git a/2018/9xxx/CVE-2018-9410.json b/2018/9xxx/CVE-2018-9410.json index f3fd350f758..a4231d6bba8 100644 --- a/2018/9xxx/CVE-2018-9410.json +++ b/2018/9xxx/CVE-2018-9410.json @@ -1,18 +1,73 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9410", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9410", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9411.json b/2018/9xxx/CVE-2018-9411.json index d5017762fd2..68483379f05 100644 --- a/2018/9xxx/CVE-2018-9411.json +++ b/2018/9xxx/CVE-2018-9411.json @@ -1,18 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9411", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9411", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + }, + { + "version_affected": "=", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9412.json b/2018/9xxx/CVE-2018-9412.json index adf737a8151..c638017669c 100644 --- a/2018/9xxx/CVE-2018-9412.json +++ b/2018/9xxx/CVE-2018-9412.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9412", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9412", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6" + }, + { + "version_affected": "=", + "version_value": "6.0.1" + }, + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + }, + { + "version_affected": "=", + "version_value": "nyc-mr1-dev" + }, + { + "version_affected": "=", + "version_value": "nyc-mr2-dev" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9417.json b/2018/9xxx/CVE-2018-9417.json index 5c18107b688..45006bf6f20 100644 --- a/2018/9xxx/CVE-2018-9417.json +++ b/2018/9xxx/CVE-2018-9417.json @@ -1,18 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9417", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9417", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9419.json b/2018/9xxx/CVE-2018-9419.json index 3fccc031052..634472b43c2 100644 --- a/2018/9xxx/CVE-2018-9419.json +++ b/2018/9xxx/CVE-2018-9419.json @@ -1,18 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9419", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9419", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + }, + { + "version_affected": "=", + "version_value": "nyc-mr1-dev" + }, + { + "version_affected": "=", + "version_value": "nyc-mr2-dev" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9420.json b/2018/9xxx/CVE-2018-9420.json index b57788e7271..1b047a5cf8b 100644 --- a/2018/9xxx/CVE-2018-9420.json +++ b/2018/9xxx/CVE-2018-9420.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9420", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9420", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6" + }, + { + "version_affected": "=", + "version_value": "6.0.1" + }, + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + }, + { + "version_affected": "=", + "version_value": "nyc-mr1-dev" + }, + { + "version_affected": "=", + "version_value": "nyc-mr2-dev" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9421.json b/2018/9xxx/CVE-2018-9421.json index c95a7839bc0..d6f8b0007e2 100644 --- a/2018/9xxx/CVE-2018-9421.json +++ b/2018/9xxx/CVE-2018-9421.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9421", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9421", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6" + }, + { + "version_affected": "=", + "version_value": "6.0.1" + }, + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + }, + { + "version_affected": "=", + "version_value": "nyc-mr1-dev" + }, + { + "version_affected": "=", + "version_value": "nyc-mr2-dev" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9424.json b/2018/9xxx/CVE-2018-9424.json index 3381c44ee1c..775de6473a8 100644 --- a/2018/9xxx/CVE-2018-9424.json +++ b/2018/9xxx/CVE-2018-9424.json @@ -1,18 +1,73 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9424", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9424", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9428.json b/2018/9xxx/CVE-2018-9428.json index 6cdda24e90d..77c70088398 100644 --- a/2018/9xxx/CVE-2018-9428.json +++ b/2018/9xxx/CVE-2018-9428.json @@ -1,18 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9428", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9428", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/2018-07-01" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9432.json b/2018/9xxx/CVE-2018-9432.json index 6d58342f157..86470977a8b 100644 --- a/2018/9xxx/CVE-2018-9432.json +++ b/2018/9xxx/CVE-2018-9432.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9432", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9432", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional execution privileges needed. User interaction is needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6" + }, + { + "version_affected": "=", + "version_value": "6.0.1" + }, + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "8" + }, + { + "version_affected": "=", + "version_value": "8.1" + }, + { + "version_affected": "=", + "version_value": "nyc-mr1-dev" + }, + { + "version_affected": "=", + "version_value": "nyc-mr2-dev" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9433.json b/2018/9xxx/CVE-2018-9433.json index 289bb8bebc9..1a5816d5895 100644 --- a/2018/9xxx/CVE-2018-9433.json +++ b/2018/9xxx/CVE-2018-9433.json @@ -1,18 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-9433", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2018-9433", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6" + }, + { + "version_affected": "=", + "version_value": "6.0.1" + }, + { + "version_affected": "=", + "version_value": "7" + }, + { + "version_affected": "=", + "version_value": "nyc-mr1-dev" + }, + { + "version_affected": "=", + "version_value": "nyc-mr2-dev" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2018-07-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/27xxx/CVE-2023-27609.json b/2023/27xxx/CVE-2023-27609.json index 57252837331..e7a71f4f042 100644 --- a/2023/27xxx/CVE-2023-27609.json +++ b/2023/27xxx/CVE-2023-27609.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-27609", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NetTantra WP Roles at Registration allows Stored XSS.This issue affects WP Roles at Registration: from n/a through 0.23." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NetTantra", + "product": { + "product_data": [ + { + "product_name": "WP Roles at Registration", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "0.23" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-roles-at-registration/wordpress-wp-roles-at-registration-plugin-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-roles-at-registration/wordpress-wp-roles-at-registration-plugin-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Pavak Tiwari (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/11xxx/CVE-2024-11400.json b/2024/11xxx/CVE-2024-11400.json index c4a31e30aeb..a21530604b7 100644 --- a/2024/11xxx/CVE-2024-11400.json +++ b/2024/11xxx/CVE-2024-11400.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11400", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HUSKY \u2013 Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the really_curr_tax parameter in all versions up to, and including, 1.3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "realmag777", + "product": { + "product_data": [ + { + "product_name": "HUSKY \u2013 Products Filter Professional for WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.3.6.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3158e77-39b3-4151-8f10-5824000a585a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3158e77-39b3-4151-8f10-5824000a585a?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3186438/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3186438/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Scheidt" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/11xxx/CVE-2024-11467.json b/2024/11xxx/CVE-2024-11467.json new file mode 100644 index 00000000000..4a54265a755 --- /dev/null +++ b/2024/11xxx/CVE-2024-11467.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11467", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11468.json b/2024/11xxx/CVE-2024-11468.json new file mode 100644 index 00000000000..d696bd8fa9c --- /dev/null +++ b/2024/11xxx/CVE-2024-11468.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11468", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11469.json b/2024/11xxx/CVE-2024-11469.json new file mode 100644 index 00000000000..e9c252aac0d --- /dev/null +++ b/2024/11xxx/CVE-2024-11469.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11469", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11470.json b/2024/11xxx/CVE-2024-11470.json new file mode 100644 index 00000000000..7d4aadfd4db --- /dev/null +++ b/2024/11xxx/CVE-2024-11470.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11470", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11471.json b/2024/11xxx/CVE-2024-11471.json new file mode 100644 index 00000000000..f8d663de2a7 --- /dev/null +++ b/2024/11xxx/CVE-2024-11471.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-11471", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/52xxx/CVE-2024-52595.json b/2024/52xxx/CVE-2024-52595.json index b11900b459a..4dfbd690d28 100644 --- a/2024/52xxx/CVE-2024-52595.json +++ b/2024/52xxx/CVE-2024-52595.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as ``, `` and `