From 2b49e5b40fcb9ffebaad84429763b076755d267f Mon Sep 17 00:00:00 2001 From: cvelistV5 Github Action Date: Tue, 11 Feb 2025 22:33:18 +0000 Subject: [PATCH] 6 changes (6 new | 0 updated): - 6 new CVEs: CVE-2022-37660, CVE-2023-31342, CVE-2024-33469, CVE-2024-44336, CVE-2024-54772, CVE-2024-54916 - 0 updated CVEs: --- cves/2022/37xxx/CVE-2022-37660.json | 59 ++++ cves/2023/31xxx/CVE-2023-31342.json | 399 ++++++++++++++++++++++++++++ cves/2024/33xxx/CVE-2024-33469.json | 59 ++++ cves/2024/44xxx/CVE-2024-44336.json | 56 ++++ cves/2024/54xxx/CVE-2024-54772.json | 56 ++++ cves/2024/54xxx/CVE-2024-54916.json | 59 ++++ 6 files changed, 688 insertions(+) create mode 100644 cves/2022/37xxx/CVE-2022-37660.json create mode 100644 cves/2023/31xxx/CVE-2023-31342.json create mode 100644 cves/2024/33xxx/CVE-2024-33469.json create mode 100644 cves/2024/44xxx/CVE-2024-44336.json create mode 100644 cves/2024/54xxx/CVE-2024-54772.json create mode 100644 cves/2024/54xxx/CVE-2024-54916.json diff --git a/cves/2022/37xxx/CVE-2022-37660.json b/cves/2022/37xxx/CVE-2022-37660.json new file mode 100644 index 000000000000..feec941613ad --- /dev/null +++ b/cves/2022/37xxx/CVE-2022-37660.json @@ -0,0 +1,59 @@ +{ + "dataType": "CVE_RECORD", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2022-37660", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2025-02-11T22:25:35.931Z", + "dateReserved": "2022-08-08T00:00:00.000Z", + "datePublished": "2025-02-11T00:00:00.000Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-02-11T22:25:35.931Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4" + }, + { + "url": "https://link.springer.com/article/10.1007/s10207-025-00988-3" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + }, + "dataVersion": "5.1" +} \ No newline at end of file diff --git a/cves/2023/31xxx/CVE-2023-31342.json b/cves/2023/31xxx/CVE-2023-31342.json new file mode 100644 index 000000000000..1a6d73e244c3 --- /dev/null +++ b/cves/2023/31xxx/CVE-2023-31342.json @@ -0,0 +1,399 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-31342", + "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", + "state": "PUBLISHED", + "assignerShortName": "AMD", + "dateReserved": "2023-04-27T15:25:41.425Z", + "datePublished": "2025-02-11T22:24:02.153Z", + "dateUpdated": "2025-02-11T22:24:02.153Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "affected", + "product": "AMD EPYC™ 7003 Processors", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "MilanPI 1.0.0.C" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD EPYC™ 9004 Processors", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "GenoaPI 1.0.0.B" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Instinct™ MI300A", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "MI300API 1.0.0.5" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ 3000 Series Desktop Processors", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4v2PI 1.2.0.C" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ 5000 Series Desktop Processors", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4v2PI 1.2.0.C" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4v2PI 1.2.0.C" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ 7000 Series Desktop Processors", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "ComboAM5 1.1.0.2" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4v2PI 1.2.0.C" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "ComboAM4v2PI 1.2.0.C" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "ComboAM5 1.1.0.2" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "ChagallWSPI-sWRX8 1.0.0.7" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "Pollock-FT5 1.0.0.7" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "Picasso-FP5 1.0.1.1" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "RenoirPI-FP6 1.0.0.D" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "Cezanne-FP6 1.0.1.0" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "MendocinoPI-FT6 1.0.0.6" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "Rembrandt-FP7 1.0.0.A" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "Rembrandt-FP7 1.0.0.A" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "PhoenixPI-FP8-FP7 1.1.0.2" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ 7000 Series Mobile Processors", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "DragonRangeFL1PI 1.0.0.3C" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD EPYC™ Embedded 7003", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "EmbMilanPI-SP3 1.0.0.8" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD EPYC™ Embedded 9004", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "EmbGenoaPI-SP5 1.0.0.6" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ Embedded R1000", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "EmbeddedPI-FP5 1.2.0.C" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ Embedded R2000", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "EmbeddedR2KPI-FP5 1.0.0.3" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ Embedded 5000", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "EmbAM4PI 1.0.0.5" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ Embedded 7000", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "EmbeddedAM5PI 1.0.0.1" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ Embedded V2000", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "EmbeddedPI-FP6 1.0.0.9" + } + ] + }, + { + "defaultStatus": "affected", + "product": "AMD Ryzen™ Embedded V3000", + "vendor": "AMD", + "versions": [ + { + "status": "unaffected", + "version": "Embedded-PI FP7r2 1.0.0.9" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution." + } + ], + "value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution." + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-20", + "description": "CWE-20 Improper Input Validation", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", + "shortName": "AMD", + "dateUpdated": "2025-02-11T22:24:02.153Z" + }, + "references": [ + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html" + }, + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html" + }, + { + "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html" + } + ], + "source": { + "discovery": "UNKNOWN" + }, + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/2024/33xxx/CVE-2024-33469.json b/cves/2024/33xxx/CVE-2024-33469.json new file mode 100644 index 000000000000..99f9bc5924d1 --- /dev/null +++ b/cves/2024/33xxx/CVE-2024-33469.json @@ -0,0 +1,59 @@ +{ + "dataType": "CVE_RECORD", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-33469", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2025-02-11T22:27:39.996Z", + "dateReserved": "2024-04-23T00:00:00.000Z", + "datePublished": "2025-02-11T00:00:00.000Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-02-11T22:27:39.996Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://huntr.com/bounties/981c1cb3-d1e7-4f5c-8a24-155662d33787" + }, + { + "url": "https://github.com/blackbeard666/security-research/tree/main/CVE-2024-33469" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + }, + "dataVersion": "5.1" +} \ No newline at end of file diff --git a/cves/2024/44xxx/CVE-2024-44336.json b/cves/2024/44xxx/CVE-2024-44336.json new file mode 100644 index 000000000000..3b4d1f4944d4 --- /dev/null +++ b/cves/2024/44xxx/CVE-2024-44336.json @@ -0,0 +1,56 @@ +{ + "dataType": "CVE_RECORD", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-44336", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2025-02-11T22:28:38.614Z", + "dateReserved": "2024-08-21T00:00:00.000Z", + "datePublished": "2025-02-11T00:00:00.000Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-02-11T22:28:38.614Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/blackbeard666/security-research/tree/main/CVE-2024-44336" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + }, + "dataVersion": "5.1" +} \ No newline at end of file diff --git a/cves/2024/54xxx/CVE-2024-54772.json b/cves/2024/54xxx/CVE-2024-54772.json new file mode 100644 index 000000000000..27ee82d8cd8a --- /dev/null +++ b/cves/2024/54xxx/CVE-2024-54772.json @@ -0,0 +1,56 @@ +{ + "dataType": "CVE_RECORD", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-54772", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2025-02-11T22:22:35.940Z", + "dateReserved": "2024-12-06T00:00:00.000Z", + "datePublished": "2025-02-11T00:00:00.000Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-02-11T22:22:35.940Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in the Winbox service of MikroTik RouterOS v6.43 through v7.16.1. A discrepancy in response times between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate for valid accounts." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/deauther890/CVE-2024-54772" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + }, + "dataVersion": "5.1" +} \ No newline at end of file diff --git a/cves/2024/54xxx/CVE-2024-54916.json b/cves/2024/54xxx/CVE-2024-54916.json new file mode 100644 index 000000000000..fcbebea1793d --- /dev/null +++ b/cves/2024/54xxx/CVE-2024-54916.json @@ -0,0 +1,59 @@ +{ + "dataType": "CVE_RECORD", + "cveMetadata": { + "state": "PUBLISHED", + "cveId": "CVE-2024-54916", + "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "assignerShortName": "mitre", + "dateUpdated": "2025-02-11T22:31:31.236Z", + "dateReserved": "2024-12-06T00:00:00.000Z", + "datePublished": "2025-02-11T00:00:00.000Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-02-11T22:31:31.236Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the checkPasscode method." + } + ], + "affected": [ + { + "vendor": "n/a", + "product": "n/a", + "versions": [ + { + "version": "n/a", + "status": "affected" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1knf8-_fFUSLd3ZmbEpy0_OVzSN1UR1JR/view?usp=sharing" + }, + { + "url": "https://github.com/SAHALLL/CVE-2024-54916" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "type": "text", + "lang": "en", + "description": "n/a" + } + ] + } + ] + } + }, + "dataVersion": "5.1" +} \ No newline at end of file