admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-28 20:00:55 +00:00
parent 39b6386e0c
commit f566d42880
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
19 changed files with 894 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
2024/0xxx/CVE-2024-0044.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
"value": "In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
@ -38,6 +38,10 @@
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15"
},
{
"version_affected": "=",
"version_value": "14"
@ -66,31 +70,20 @@
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792",
"url": "https://android.googlesource.com/platform/frameworks/base/+/954b2874b85b6cd0d6bb12cd677cdf22e5dbd77b",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792"
"name": "https://android.googlesource.com/platform/frameworks/base/+/954b2874b85b6cd0d6bb12cd677cdf22e5dbd77b"
},
{
"url": "https://source.android.com/security/bulletin/2024-03-01",
"url": "https://android.googlesource.com/platform/frameworks/base/+/836750619a8bce0bf78fe0549f9990e294671563",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-03-01"
"name": "https://android.googlesource.com/platform/frameworks/base/+/836750619a8bce0bf78fe0549f9990e294671563"
},
{
"url": "https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html",
"url": "https://source.android.com/security/bulletin/2024-10-01",
"refsource": "MISC",
"name": "https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html"
},
{
"url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2",
"refsource": "MISC",
"name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2"
"name": "https://source.android.com/security/bulletin/2024-10-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
}
}

18
2024/13xxx/CVE-2024-13776.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13776",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/13xxx/CVE-2024-13777.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13777",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

25
2024/23xxx/CVE-2024-23139.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.3.0 and prior may lead to code execution or information disclosure through maliciously crafted ActionScript Byte Code \u201cABC\u201d files. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.\n"
"value": "An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.3.0 and prior may lead to code execution or information disclosure through maliciously crafted ActionScript Byte Code \u201cABC\u201d files. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
}
]
},
@ -40,8 +40,9 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.5.3.0"
"version_affected": "<",
"version_name": "1.5.3.0",
"version_value": "1.5.4.0"
}
]
}
@ -66,5 +67,23 @@
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

53
2024/34xxx/CVE-2024-34732.json
View File

@ -1,17 +1,62 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34732",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-10-01"
}
]
}

53
2024/34xxx/CVE-2024-34733.json
View File

@ -1,17 +1,62 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34733",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-10-01"
}
]
}

53
2024/34xxx/CVE-2024-34748.json
View File

@ -1,17 +1,62 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34748",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-10-01"
}
]
}

58
2024/38xxx/CVE-2024-38998.json
View File

@ -1,61 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-38998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38998",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a",
"refsource": "MISC",
"name": "https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

53
2024/40xxx/CVE-2024-40649.json
View File

@ -1,17 +1,62 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40649",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-10-01"
}
]
}

53
2024/40xxx/CVE-2024-40651.json
View File

@ -1,17 +1,62 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-10-01"
}
]
}

53
2024/40xxx/CVE-2024-40669.json
View File

@ -1,17 +1,62 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-10-01"
}
]
}

53
2024/40xxx/CVE-2024-40670.json
View File

@ -1,17 +1,62 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40670",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-10-01"
}
]
}

70
2024/40xxx/CVE-2024-40672.json
View File

@ -1,17 +1,79 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40672",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727"
},
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-10-01"
}
]
}

70
2024/40xxx/CVE-2024-40673.json
View File

@ -1,17 +1,79 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40673",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/libcore/+/b17fd2f8fe468e7d32e713b442f610cd33e4e7a9",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/libcore/+/b17fd2f8fe468e7d32e713b442f610cd33e4e7a9"
},
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-10-01"
}
]
}

58
2024/40xxx/CVE-2024-40674.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40674",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/debc548ac085ba1ab0582172b97d965e9a1ea43a",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/packages/modules/Wifi/+/debc548ac085ba1ab0582172b97d965e9a1ea43a"
},
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-10-01"
}
]
}

70
2024/40xxx/CVE-2024-40675.json
View File

@ -1,17 +1,79 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40675",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/c6b5490ec659b5854fd429f453f75de5befa6359",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/c6b5490ec659b5854fd429f453f75de5befa6359"
},
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-10-01"
}
]
}

74
2024/40xxx/CVE-2024-40676.json
View File

@ -1,17 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40676",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15"
},
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/e8a53246607b52b15269f97aef9ba7e928ba2473",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/frameworks/base/+/e8a53246607b52b15269f97aef9ba7e928ba2473"
},
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-10-01"
}
]
}

74
2024/40xxx/CVE-2024-40677.json
View File

@ -1,17 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-40677",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "15"
},
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/db26138f07db830e3fb78283d37de3c0296d93cb",
"refsource": "MISC",
"name": "https://android.googlesource.com/platform/packages/apps/Settings/+/db26138f07db830e3fb78283d37de3c0296d93cb"
},
{
"url": "https://source.android.com/security/bulletin/2024-10-01",
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2024-10-01"
}
]
}

86
2025/24xxx/CVE-2025-24480.json
View File

@ -1,18 +1,96 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24480",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Remote Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to lack of input sanitation and could allow a remote attacker to run commands or code as a high privileged user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "FactoryTalk\u00ae View Machine Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<V15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1719.html",
"refsource": "MISC",
"name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1719.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Protect network access to the device &amp; s<span style=\"background-color: var(--wht);\">trictly constrain the parameters of invoked functions</span></p>\n\n<br>"
}
],
"value": "Protect network access to the device & strictly constrain the parameters of invoked functions"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to V15.00 or apply patch in AID &nbsp;1152331, 1152332</span><br>"
}
],
"value": "Upgrade to V15.00 or apply patch in AID \u00a01152331, 1152332"
}
]
}