From f8cf1d2acfcb8c40a6385fe580fbe49d5316edf7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 5 Feb 2024 18:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/35xxx/CVE-2020-35166.json | 10 ++-- 2023/0xxx/CVE-2023-0099.json | 5 ++ 2023/35xxx/CVE-2023-35759.json | 5 ++ 2023/36xxx/CVE-2023-36085.json | 5 ++ 2023/37xxx/CVE-2023-37307.json | 5 ++ 2023/43xxx/CVE-2023-43261.json | 5 ++ 2023/49xxx/CVE-2023-49084.json | 5 ++ 2023/49xxx/CVE-2023-49085.json | 5 ++ 2023/6xxx/CVE-2023-6028.json | 105 +++++++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6874.json | 93 +++++++++++++++++++++++++++-- 2024/0xxx/CVE-2024-0953.json | 8 ++- 2024/21xxx/CVE-2024-21626.json | 5 ++ 2024/24xxx/CVE-2024-24258.json | 56 ++++++++++++++++-- 2024/24xxx/CVE-2024-24259.json | 56 ++++++++++++++++-- 2024/24xxx/CVE-2024-24260.json | 56 ++++++++++++++++-- 2024/24xxx/CVE-2024-24262.json | 56 ++++++++++++++++-- 2024/24xxx/CVE-2024-24263.json | 56 ++++++++++++++++-- 2024/24xxx/CVE-2024-24265.json | 56 ++++++++++++++++-- 2024/24xxx/CVE-2024-24266.json | 56 ++++++++++++++++-- 2024/24xxx/CVE-2024-24267.json | 56 ++++++++++++++++-- 20 files changed, 643 insertions(+), 61 deletions(-) diff --git a/2020/35xxx/CVE-2020-35166.json b/2020/35xxx/CVE-2020-35166.json index 3ce4c395edb..c817ab2214b 100644 --- a/2020/35xxx/CVE-2020-35166.json +++ b/2020/35xxx/CVE-2020-35166.json @@ -40,8 +40,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions before 4.1.5" + "version_affected": "<", + "version_name": "0", + "version_value": "4.1.5" } ] } @@ -51,8 +52,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions before 4.6" + "version_affected": "<", + "version_name": "0", + "version_value": "4.6" } ] } diff --git a/2023/0xxx/CVE-2023-0099.json b/2023/0xxx/CVE-2023-0099.json index 92eec5d3768..a2bc2e4a57d 100644 --- a/2023/0xxx/CVE-2023-0099.json +++ b/2023/0xxx/CVE-2023-0099.json @@ -58,6 +58,11 @@ "url": "https://wpscan.com/vulnerability/fd50f2d6-e420-4220-b485-73f33227e8f8", "refsource": "MISC", "name": "https://wpscan.com/vulnerability/fd50f2d6-e420-4220-b485-73f33227e8f8" + }, + { + "url": "http://packetstormsecurity.com/files/176983/WordPress-Simple-URLs-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176983/WordPress-Simple-URLs-Cross-Site-Scripting.html" } ] }, diff --git a/2023/35xxx/CVE-2023-35759.json b/2023/35xxx/CVE-2023-35759.json index 2f809997030..7aee883fed8 100644 --- a/2023/35xxx/CVE-2023-35759.json +++ b/2023/35xxx/CVE-2023-35759.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://community.progress.com/s/article/Product-Alert-Bulletin-June-2023", "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-June-2023" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176978/WhatsUp-Gold-2022-22.1.0-Build-39-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/176978/WhatsUp-Gold-2022-22.1.0-Build-39-Cross-Site-Scripting.html" } ] } diff --git a/2023/36xxx/CVE-2023-36085.json b/2023/36xxx/CVE-2023-36085.json index 44d9cae1b9a..47ec5f0516c 100644 --- a/2023/36xxx/CVE-2023-36085.json +++ b/2023/36xxx/CVE-2023-36085.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/omershaik0/Handmade_Exploits/tree/main/SISQUALWFM-Host-Header-Injection-CVE-2023-36085", "url": "https://github.com/omershaik0/Handmade_Exploits/tree/main/SISQUALWFM-Host-Header-Injection-CVE-2023-36085" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176991/SISQUAL-WFM-7.1.319.103-Host-Header-Injection.html", + "url": "http://packetstormsecurity.com/files/176991/SISQUAL-WFM-7.1.319.103-Host-Header-Injection.html" } ] } diff --git a/2023/37xxx/CVE-2023-37307.json b/2023/37xxx/CVE-2023-37307.json index 9aaa35e6c03..9370155388c 100644 --- a/2023/37xxx/CVE-2023-37307.json +++ b/2023/37xxx/CVE-2023-37307.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://zigrin.com/advisories/misp-stored-xss/", "url": "https://zigrin.com/advisories/misp-stored-xss/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html" } ] } diff --git a/2023/43xxx/CVE-2023-43261.json b/2023/43xxx/CVE-2023-43261.json index 806e41b2e36..237e6255d52 100644 --- a/2023/43xxx/CVE-2023-43261.json +++ b/2023/43xxx/CVE-2023-43261.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf", "url": "https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html", + "url": "http://packetstormsecurity.com/files/176988/Milesight-UR5X-UR32L-UR32-UR35-UR41-Credential-Leakage.html" } ] } diff --git a/2023/49xxx/CVE-2023-49084.json b/2023/49xxx/CVE-2023-49084.json index a0a501e0063..78f062138c5 100644 --- a/2023/49xxx/CVE-2023-49084.json +++ b/2023/49xxx/CVE-2023-49084.json @@ -58,6 +58,11 @@ "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp", "refsource": "MISC", "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp" + }, + { + "url": "http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html" } ] }, diff --git a/2023/49xxx/CVE-2023-49085.json b/2023/49xxx/CVE-2023-49085.json index 2f0e133d7d2..09d9f4be5f3 100644 --- a/2023/49xxx/CVE-2023-49085.json +++ b/2023/49xxx/CVE-2023-49085.json @@ -63,6 +63,11 @@ "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451", "refsource": "MISC", "name": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451" + }, + { + "url": "http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6028.json b/2023/6xxx/CVE-2023-6028.json index 82f746fab96..2e641f94241 100644 --- a/2023/6xxx/CVE-2023-6028.json +++ b/2023/6xxx/CVE-2023-6028.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6028", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@ch.abb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected\ncross-site scripting (XSS) vulnerability exists in the SVG version of System\nDiagnostics Manager of B&R Automation Runtime versions <= G4.93 that\nenables a remote attacker to execute arbitrary JavaScript code in the context\nof the attacked user\u2019s browser session.\n\n\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "B&R Industrial Automation", + "product": { + "product_data": [ + { + "product_name": "Automation Runtime", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<=G4.93" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.br-automation.com/fileadmin/SA23P018_SDM_Web_interface_vulnerable_to_XSS-1d75bee8.pdf", + "refsource": "MISC", + "name": "https://www.br-automation.com/fileadmin/SA23P018_SDM_Web_interface_vulnerable_to_XSS-1d75bee8.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "SA23P018", + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n

Do not use Hyperlinks provided by untrusted 3rd party to access the SDM. Hyperlinks may be provided via:

The use of external Web Application Firewalls (WAF) can mitigate attacks using reflected cross-site scripting.

" + } + ], + "value": "\nDo not use Hyperlinks provided by untrusted 3rd party to access the SDM. Hyperlinks may be provided via:\n\n\n\n * Emails from unknown users\n * Social media channels\n * Messaging services\n * Webpages with comment functionality\n * QR Codes\n\n\n\n\nThe use of external Web Application Firewalls (WAF) can mitigate attacks using reflected cross-site scripting.\n\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "An update is available that resolves a vulnerability in the product versions listed above." + } + ], + "value": "An update is available that resolves a vulnerability in the product versions listed above." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6874.json b/2023/6xxx/CVE-2023-6874.json index b56d892cb72..0e2f987c402 100644 --- a/2023/6xxx/CVE-2023-6874.json +++ b/2023/6xxx/CVE-2023-6874.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6874", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@silabs.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions", + "cweId": "CWE-754" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "silabs.com", + "product": { + "product_data": [ + { + "product_name": "GSDK", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "7.4.0", + "status": "affected", + "version": "0.0", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/SiliconLabs/gecko_sdk", + "refsource": "MISC", + "name": "https://github.com/SiliconLabs/gecko_sdk" + }, + { + "url": "https://community.silabs.com/069Vm000000WXaOIAW", + "refsource": "MISC", + "name": "https://community.silabs.com/069Vm000000WXaOIAW" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0953.json b/2024/0xxx/CVE-2024-0953.json index 203ae012ed8..3486f5b27d1 100644 --- a/2024/0xxx/CVE-2024-0953.json +++ b/2024/0xxx/CVE-2024-0953.json @@ -62,5 +62,11 @@ }, "source": { "discovery": "EXTERNAL" - } + }, + "credits": [ + { + "lang": "en", + "value": "Lohith Gowda M" + } + ] } \ No newline at end of file diff --git a/2024/21xxx/CVE-2024-21626.json b/2024/21xxx/CVE-2024-21626.json index c559a5fe473..2c9b3c55f6c 100644 --- a/2024/21xxx/CVE-2024-21626.json +++ b/2024/21xxx/CVE-2024-21626.json @@ -87,6 +87,11 @@ "url": "http://www.openwall.com/lists/oss-security/2024/02/02/3", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2024/02/02/3" + }, + { + "url": "http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html" } ] }, diff --git a/2024/24xxx/CVE-2024-24258.json b/2024/24xxx/CVE-2024-24258.json index 87f8edc5bcc..d00df4f9a59 100644 --- a/2024/24xxx/CVE-2024-24258.json +++ b/2024/24xxx/CVE-2024-24258.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24258", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24258", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md", + "refsource": "MISC", + "name": "https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md" } ] } diff --git a/2024/24xxx/CVE-2024-24259.json b/2024/24xxx/CVE-2024-24259.json index c90354c74c1..2d0c9cf6c3f 100644 --- a/2024/24xxx/CVE-2024-24259.json +++ b/2024/24xxx/CVE-2024-24259.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24259", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24259", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md", + "refsource": "MISC", + "name": "https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md" } ] } diff --git a/2024/24xxx/CVE-2024-24260.json b/2024/24xxx/CVE-2024-24260.json index 06d883ff422..e145bcf3283 100644 --- a/2024/24xxx/CVE-2024-24260.json +++ b/2024/24xxx/CVE-2024-24260.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24260", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24260", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yinluming13579/media-server_defects/blob/main/media-server_1.md", + "refsource": "MISC", + "name": "https://github.com/yinluming13579/media-server_defects/blob/main/media-server_1.md" } ] } diff --git a/2024/24xxx/CVE-2024-24262.json b/2024/24xxx/CVE-2024-24262.json index 8dac4e9b048..8d609ac881c 100644 --- a/2024/24xxx/CVE-2024-24262.json +++ b/2024/24xxx/CVE-2024-24262.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24262", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24262", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LuMingYinDetect/media-server_detect/blob/main/media_server_detect_1.md", + "refsource": "MISC", + "name": "https://github.com/LuMingYinDetect/media-server_detect/blob/main/media_server_detect_1.md" } ] } diff --git a/2024/24xxx/CVE-2024-24263.json b/2024/24xxx/CVE-2024-24263.json index 9389729b89d..80baf270734 100644 --- a/2024/24xxx/CVE-2024-24263.json +++ b/2024/24xxx/CVE-2024-24263.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24263", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24263", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LuMingYinDetect/lotos_detects/blob/main/lotos_detect_1.md", + "refsource": "MISC", + "name": "https://github.com/LuMingYinDetect/lotos_detects/blob/main/lotos_detect_1.md" } ] } diff --git a/2024/24xxx/CVE-2024-24265.json b/2024/24xxx/CVE-2024-24265.json index 5f84a656dd8..1aa91542847 100644 --- a/2024/24xxx/CVE-2024-24265.json +++ b/2024/24xxx/CVE-2024-24265.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24265", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24265", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yinluming13579/gpac_defects/blob/main/gpac_1.md", + "refsource": "MISC", + "name": "https://github.com/yinluming13579/gpac_defects/blob/main/gpac_1.md" } ] } diff --git a/2024/24xxx/CVE-2024-24266.json b/2024/24xxx/CVE-2024-24266.json index 4ff44eab734..c1bcb07eb03 100644 --- a/2024/24xxx/CVE-2024-24266.json +++ b/2024/24xxx/CVE-2024-24266.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24266", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24266", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md", + "refsource": "MISC", + "name": "https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md" } ] } diff --git a/2024/24xxx/CVE-2024-24267.json b/2024/24xxx/CVE-2024-24267.json index fe33409a70a..ac5e48c658c 100644 --- a/2024/24xxx/CVE-2024-24267.json +++ b/2024/24xxx/CVE-2024-24267.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-24267", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-24267", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md", + "refsource": "MISC", + "name": "https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md" } ] }